diff options
author | Aris Adamantiadis <aris@0xbadc0de.be> | 2013-06-13 22:36:40 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2013-07-13 15:03:18 +0200 |
commit | 0d1ec1fa48db64f0ec6d85ea0b4cc7c709c7361d (patch) | |
tree | fac7715b6e393c5ca4ccc16bc6d66ba67d98305b /include/libssh | |
parent | 0356b78ede1dcedfe88fa13208cb6d6a5b43ac87 (diff) | |
download | libssh-0d1ec1fa48db64f0ec6d85ea0b4cc7c709c7361d.tar.gz libssh-0d1ec1fa48db64f0ec6d85ea0b4cc7c709c7361d.tar.xz libssh-0d1ec1fa48db64f0ec6d85ea0b4cc7c709c7361d.zip |
gssapi: Add user parameter to gssapi auth callback
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'include/libssh')
-rw-r--r-- | include/libssh/callbacks.h | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/include/libssh/callbacks.h b/include/libssh/callbacks.h index a7fdb5b6..6c031276 100644 --- a/include/libssh/callbacks.h +++ b/include/libssh/callbacks.h @@ -170,13 +170,17 @@ typedef int (*ssh_auth_none_callback) (ssh_session session, const char *user, vo /** * @brief SSH authentication callback. Tries to authenticates user with the "gssapi-with-mic" method * @param session Current session handler - * @param user Authenticated login of the user, including realm. + * @param user Username of the user (can be spoofed) + * @param principal Authenticated principal of the user, including realm. * @param userdata Userdata to be passed to the callback function. * @returns SSH_AUTH_OK Authentication is accepted. * @returns SSH_AUTH_PARTIAL Partial authentication, more authentication means are needed. * @returns SSH_AUTH_DENIED Authentication failed. + * @warning Implementations should verify that parameter user matches in some way the principal. + * user and principal can be different. Only the latter is guaranteed to be safe. */ -typedef int (*ssh_auth_gssapi_mic_callback) (ssh_session session, const char *user, void *userdata); +typedef int (*ssh_auth_gssapi_mic_callback) (ssh_session session, const char *user, const char *principal, + void *userdata); /** |