aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAris Adamantiadis <aris@0xbadc0de.be>2013-02-20 23:20:44 +0100
committerAndreas Schneider <asn@cryptomilk.org>2013-07-13 14:21:36 +0200
commit3b52e38a333cb204673b9401b0e895d96d9fb02f (patch)
treeff395dc6a182153cde6b2a33cdb40d4982505652 /src
parent6bb50630462cf20b5d7fa42ef1cc99c8f80ccac9 (diff)
downloadlibssh-3b52e38a333cb204673b9401b0e895d96d9fb02f.tar.gz
libssh-3b52e38a333cb204673b9401b0e895d96d9fb02f.tar.xz
libssh-3b52e38a333cb204673b9401b0e895d96d9fb02f.zip
auth: adapt libssh to gssapi-with-mic server
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src')
-rw-r--r--src/messages.c53
-rw-r--r--src/packet.c13
2 files changed, 63 insertions, 3 deletions
diff --git a/src/messages.c b/src/messages.c
index 147ab16c..a82cb5c7 100644
--- a/src/messages.c
+++ b/src/messages.c
@@ -44,6 +44,7 @@
#include "libssh/messages.h"
#ifdef WITH_SERVER
#include "libssh/server.h"
+#include "libssh/gssapi.h"
#endif
/**
@@ -740,6 +741,54 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
}
goto end;
}
+ if (strncmp(method, "gssapi-with-mic", method_size) == 0) {
+ uint32_t n_oid;
+ ssh_string *oids;
+ ssh_string oid;
+ char *hexa;
+ int i;
+ buffer_get_u32(packet, &n_oid);
+ n_oid=ntohl(n_oid);
+ if(n_oid > 100){
+ ssh_set_error(session, SSH_FATAL, "USERAUTH_REQUEST: gssapi-with-mic OID count too big (%d)",n_oid);
+ goto error;
+ }
+ ssh_log(session, SSH_LOG_PACKET, "gssapi: %d OIDs", n_oid);
+ oids = calloc(n_oid, sizeof(ssh_string));
+ if (oids == NULL){
+ ssh_set_error_oom(session);
+ goto error;
+ }
+ for (i=0;i<(int) n_oid;++i){
+ oid=buffer_get_ssh_string(packet);
+ if(oid == NULL){
+ for(i=i-1;i>=0;--i){
+ SAFE_FREE(oids[i]);
+ }
+ SAFE_FREE(oids);
+ ssh_set_error(session, SSH_LOG_PACKET, "USERAUTH_REQUEST: gssapi-with-mic missing OID");
+ goto error;
+ }
+ oids[i] = oid;
+ if(session->common.log_verbosity >= SSH_LOG_PACKET){
+ hexa = ssh_get_hexa(ssh_string_data(oid), ssh_string_len(oid));
+ ssh_log(session, SSH_LOG_PACKET,"gssapi: OID %d: %s",i, hexa);
+ SAFE_FREE(hexa);
+ }
+ }
+ ssh_gssapi_handle_userauth(session, msg->auth_request.username, n_oid, oids);
+
+ for(i=0;i<(int)n_oid;++i){
+ SAFE_FREE(oids[i]);
+ }
+ SAFE_FREE(oids);
+ /* bypass the message queue thing */
+ SAFE_FREE(service);
+ SAFE_FREE(method);
+ ssh_message_free(msg);
+ leave_function();
+ return SSH_PACKET_USED;
+ }
msg->auth_request.method = SSH_AUTH_METHOD_UNKNOWN;
SAFE_FREE(method);
@@ -783,6 +832,10 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
ssh_message msg = NULL;
+ /* GSSAPI_TOKEN has same packed number. XXX fix this */
+ if (session->gssapi != NULL)
+ return ssh_packet_userauth_gssapi_token(session, type, packet, user);
+
enter_function();
(void)user;
diff --git a/src/packet.c b/src/packet.c
index 440e47c6..0276a155 100644
--- a/src/packet.c
+++ b/src/packet.c
@@ -46,6 +46,7 @@
#include "libssh/pcap.h"
#include "libssh/kex.h"
#include "libssh/auth.h"
+#include "libssh/gssapi.h"
#define MACSIZE SHA_DIGEST_LEN
@@ -83,11 +84,17 @@ static ssh_packet_callback default_packet_handlers[]= {
NULL,NULL,NULL,NULL,NULL,NULL, // 54-59
ssh_packet_userauth_pk_ok, // SSH2_MSG_USERAUTH_PK_OK 60
// SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60
- // SSH2_MSG_USERAUTH_INFO_REQUEST 60
+ // SSH2_MSG_USERAUTH_INFO_REQUEST 60
ssh_packet_userauth_info_response, // SSH2_MSG_USERAUTH_INFO_RESPONSE 61
+ // SSH2_MSG_USERAUTH_GSSAPI_TOKEN 61
+ NULL, // 62
+ NULL, // SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE 63
+ NULL, // SSH2_MSG_USERAUTH_GSSAPI_ERROR 64
+ NULL, // SSH2_MSG_USERAUTH_GSSAPI_ERRTOK 65
+ ssh_packet_userauth_gssapi_mic, // SSH2_MSG_USERAUTH_GSSAPI_MIC 66
+ NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL, // 62-79
+ NULL, NULL, NULL, NULL, // 67-79
#ifdef WITH_SERVER
ssh_packet_global_request, // SSH2_MSG_GLOBAL_REQUEST 80
#else /* WITH_SERVER */