aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2013-11-15 15:36:02 +0100
committerAndreas Schneider <asn@cryptomilk.org>2013-11-15 16:29:49 +0100
commit651c173e72ceecb648c24c12d3a900deeb200470 (patch)
tree6a81f3407b854e0b70b5f25f09fe13b52d502a48 /src
parentf76cd8b6d5fd9215e10640075880b4d7eddb1b7d (diff)
downloadlibssh-651c173e72ceecb648c24c12d3a900deeb200470.tar.gz
libssh-651c173e72ceecb648c24c12d3a900deeb200470.tar.xz
libssh-651c173e72ceecb648c24c12d3a900deeb200470.zip
gssapi: Add suppport to set GSSAPI server identity.
Diffstat (limited to 'src')
-rw-r--r--src/gssapi.c7
-rw-r--r--src/options.c18
-rw-r--r--src/session.c1
3 files changed, 25 insertions, 1 deletions
diff --git a/src/gssapi.c b/src/gssapi.c
index a0ab3646..edcb66d4 100644
--- a/src/gssapi.c
+++ b/src/gssapi.c
@@ -672,12 +672,17 @@ int ssh_gssapi_auth_mic(ssh_session session){
OM_uint32 maj_stat, min_stat;
char name_buf[256];
gss_buffer_desc hostname;
+ const char *gss_host = session->opts.host;
if (ssh_gssapi_init(session) == SSH_ERROR)
return SSH_AUTH_ERROR;
+ if (session->opts.gss_server_identity != NULL) {
+ gss_host = session->opts.gss_server_identity;
+ }
/* import target host name */
- snprintf(name_buf, sizeof(name_buf), "host@%s", session->opts.host);
+ snprintf(name_buf, sizeof(name_buf), "host@%s", gss_host);
+
hostname.value = name_buf;
hostname.length = strlen(name_buf) + 1;
maj_stat = gss_import_name(&min_stat, &hostname,
diff --git a/src/options.c b/src/options.c
index e02ad4df..d43e25d4 100644
--- a/src/options.c
+++ b/src/options.c
@@ -367,6 +367,10 @@ int ssh_options_set_algo(ssh_session session, int algo,
* Set the command to be executed in order to connect to
* server (const char *).
*
+ * - SSH_OPTIONS_GSSAPI_SERVER_IDENTITY
+ * Set it to specify the GSSAPI server identity that libssh
+ * should expect when connecting to the server (const char *).
+ *
* @param value The value to set. This is a generic pointer and the
* datatype which is used should be set according to the
* type set.
@@ -792,6 +796,20 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
}
}
break;
+ case SSH_OPTIONS_GSSAPI_SERVER_IDENTITY:
+ v = value;
+ if (v == NULL || v[0] == '\0') {
+ ssh_set_error_invalid(session);
+ return -1;
+ } else {
+ SAFE_FREE(session->opts.gss_server_identity);
+ session->opts.gss_server_identity = strdup(v);
+ if (session->opts.gss_server_identity == NULL) {
+ ssh_set_error_oom(session);
+ return -1;
+ }
+ }
+ break;
default:
ssh_set_error(session, SSH_REQUEST_DENIED, "Unknown ssh option %d", type);
return -1;
diff --git a/src/session.c b/src/session.c
index 72c186e5..d0691106 100644
--- a/src/session.c
+++ b/src/session.c
@@ -265,6 +265,7 @@ void ssh_free(ssh_session session) {
SAFE_FREE(session->opts.sshdir);
SAFE_FREE(session->opts.knownhosts);
SAFE_FREE(session->opts.ProxyCommand);
+ SAFE_FREE(session->opts.gss_server_identity);
for (i = 0; i < 10; i++) {
if (session->opts.wanted_methods[i]) {