aboutsummaryrefslogtreecommitdiff
path: root/include/libssh
diff options
context:
space:
mode:
authorAris Adamantiadis <aris@0xbadc0de.be>2013-06-13 22:36:40 +0200
committerAndreas Schneider <asn@cryptomilk.org>2013-07-13 15:03:18 +0200
commit0d1ec1fa48db64f0ec6d85ea0b4cc7c709c7361d (patch)
treefac7715b6e393c5ca4ccc16bc6d66ba67d98305b /include/libssh
parent0356b78ede1dcedfe88fa13208cb6d6a5b43ac87 (diff)
downloadlibssh-0d1ec1fa48db64f0ec6d85ea0b4cc7c709c7361d.tar.gz
libssh-0d1ec1fa48db64f0ec6d85ea0b4cc7c709c7361d.tar.xz
libssh-0d1ec1fa48db64f0ec6d85ea0b4cc7c709c7361d.zip
gssapi: Add user parameter to gssapi auth callback
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'include/libssh')
-rw-r--r--include/libssh/callbacks.h8
1 files changed, 6 insertions, 2 deletions
diff --git a/include/libssh/callbacks.h b/include/libssh/callbacks.h
index a7fdb5b6..6c031276 100644
--- a/include/libssh/callbacks.h
+++ b/include/libssh/callbacks.h
@@ -170,13 +170,17 @@ typedef int (*ssh_auth_none_callback) (ssh_session session, const char *user, vo
/**
* @brief SSH authentication callback. Tries to authenticates user with the "gssapi-with-mic" method
* @param session Current session handler
- * @param user Authenticated login of the user, including realm.
+ * @param user Username of the user (can be spoofed)
+ * @param principal Authenticated principal of the user, including realm.
* @param userdata Userdata to be passed to the callback function.
* @returns SSH_AUTH_OK Authentication is accepted.
* @returns SSH_AUTH_PARTIAL Partial authentication, more authentication means are needed.
* @returns SSH_AUTH_DENIED Authentication failed.
+ * @warning Implementations should verify that parameter user matches in some way the principal.
+ * user and principal can be different. Only the latter is guaranteed to be safe.
*/
-typedef int (*ssh_auth_gssapi_mic_callback) (ssh_session session, const char *user, void *userdata);
+typedef int (*ssh_auth_gssapi_mic_callback) (ssh_session session, const char *user, const char *principal,
+ void *userdata);
/**