aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--include/libssh/libssh.h3
-rw-r--r--include/libssh/session.h1
-rw-r--r--src/gssapi.c7
-rw-r--r--src/options.c18
-rw-r--r--src/session.c1
5 files changed, 28 insertions, 2 deletions
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
index f1b9fd8c..25923e13 100644
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -331,7 +331,8 @@ enum ssh_options_e {
SSH_OPTIONS_COMPRESSION,
SSH_OPTIONS_COMPRESSION_LEVEL,
SSH_OPTIONS_KEY_EXCHANGE,
- SSH_OPTIONS_HOSTKEYS
+ SSH_OPTIONS_HOSTKEYS,
+ SSH_OPTIONS_GSSAPI_SERVER_IDENTITY
};
enum {
diff --git a/include/libssh/session.h b/include/libssh/session.h
index 281c7c66..d3ca4086 100644
--- a/include/libssh/session.h
+++ b/include/libssh/session.h
@@ -183,6 +183,7 @@ struct ssh_session_struct {
int ssh2;
int ssh1;
char compressionlevel;
+ char *gss_server_identity;
} opts;
};
diff --git a/src/gssapi.c b/src/gssapi.c
index a0ab3646..edcb66d4 100644
--- a/src/gssapi.c
+++ b/src/gssapi.c
@@ -672,12 +672,17 @@ int ssh_gssapi_auth_mic(ssh_session session){
OM_uint32 maj_stat, min_stat;
char name_buf[256];
gss_buffer_desc hostname;
+ const char *gss_host = session->opts.host;
if (ssh_gssapi_init(session) == SSH_ERROR)
return SSH_AUTH_ERROR;
+ if (session->opts.gss_server_identity != NULL) {
+ gss_host = session->opts.gss_server_identity;
+ }
/* import target host name */
- snprintf(name_buf, sizeof(name_buf), "host@%s", session->opts.host);
+ snprintf(name_buf, sizeof(name_buf), "host@%s", gss_host);
+
hostname.value = name_buf;
hostname.length = strlen(name_buf) + 1;
maj_stat = gss_import_name(&min_stat, &hostname,
diff --git a/src/options.c b/src/options.c
index e02ad4df..d43e25d4 100644
--- a/src/options.c
+++ b/src/options.c
@@ -367,6 +367,10 @@ int ssh_options_set_algo(ssh_session session, int algo,
* Set the command to be executed in order to connect to
* server (const char *).
*
+ * - SSH_OPTIONS_GSSAPI_SERVER_IDENTITY
+ * Set it to specify the GSSAPI server identity that libssh
+ * should expect when connecting to the server (const char *).
+ *
* @param value The value to set. This is a generic pointer and the
* datatype which is used should be set according to the
* type set.
@@ -792,6 +796,20 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
}
}
break;
+ case SSH_OPTIONS_GSSAPI_SERVER_IDENTITY:
+ v = value;
+ if (v == NULL || v[0] == '\0') {
+ ssh_set_error_invalid(session);
+ return -1;
+ } else {
+ SAFE_FREE(session->opts.gss_server_identity);
+ session->opts.gss_server_identity = strdup(v);
+ if (session->opts.gss_server_identity == NULL) {
+ ssh_set_error_oom(session);
+ return -1;
+ }
+ }
+ break;
default:
ssh_set_error(session, SSH_REQUEST_DENIED, "Unknown ssh option %d", type);
return -1;
diff --git a/src/session.c b/src/session.c
index 72c186e5..d0691106 100644
--- a/src/session.c
+++ b/src/session.c
@@ -265,6 +265,7 @@ void ssh_free(ssh_session session) {
SAFE_FREE(session->opts.sshdir);
SAFE_FREE(session->opts.knownhosts);
SAFE_FREE(session->opts.ProxyCommand);
+ SAFE_FREE(session->opts.gss_server_identity);
for (i = 0; i < 10; i++) {
if (session->opts.wanted_methods[i]) {