diff options
author | Simo Sorce <simo@redhat.com> | 2013-11-15 10:02:48 -0500 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2013-11-15 16:19:28 +0100 |
commit | 440d2ec0eaa94299575229df7855746a2edc01e7 (patch) | |
tree | 250bc8dfac9006992ffcc54b5ff481c83920de3c /src | |
parent | 47e53deebd17ca931465512c1c1f27af8b219c12 (diff) | |
download | libssh-440d2ec0eaa94299575229df7855746a2edc01e7.tar.gz libssh-440d2ec0eaa94299575229df7855746a2edc01e7.tar.xz libssh-440d2ec0eaa94299575229df7855746a2edc01e7.zip |
gssapi: Use GSSAPIClientIdentity to acquire creds
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/gssapi.c | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/src/gssapi.c b/src/gssapi.c index edcb66d4..32da941d 100644 --- a/src/gssapi.c +++ b/src/gssapi.c @@ -623,16 +623,32 @@ static int ssh_gssapi_match(ssh_session session, gss_OID_set *valid_oids) { OM_uint32 maj_stat, min_stat, lifetime; gss_OID_set actual_mechs; + gss_buffer_desc namebuf; + gss_name_t client_id = GSS_C_NO_NAME; gss_OID oid; unsigned int i; char *ptr; + int ret; - maj_stat = gss_acquire_cred(&min_stat, GSS_C_NO_NAME, GSS_C_INDEFINITE, + if (session->opts.gss_client_identity != NULL) { + namebuf.value = (void *)session->opts.gss_client_identity; + namebuf.length = strlen(session->opts.gss_client_identity); + + maj_stat = gss_import_name(&min_stat, &namebuf, + GSS_C_NT_USER_NAME, &client_id); + if (GSS_ERROR(maj_stat)) { + ret = SSH_ERROR; + goto end; + } + } + + maj_stat = gss_acquire_cred(&min_stat, client_id, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_INITIATE, &session->gssapi->client_creds, &actual_mechs, NULL); if (GSS_ERROR(maj_stat)) { - return SSH_ERROR; + ret = SSH_ERROR; + goto end; } gss_create_empty_oid_set(&min_stat, valid_oids); @@ -653,7 +669,11 @@ static int ssh_gssapi_match(ssh_session session, gss_OID_set *valid_oids) } } - return SSH_OK; + ret = SSH_OK; + +end: + gss_release_name(&min_stat, &client_id); + return ret; } /** |