diff options
-rw-r--r-- | include/libssh/libssh.h | 3 | ||||
-rw-r--r-- | include/libssh/session.h | 1 | ||||
-rw-r--r-- | src/gssapi.c | 7 | ||||
-rw-r--r-- | src/options.c | 18 | ||||
-rw-r--r-- | src/session.c | 1 |
5 files changed, 28 insertions, 2 deletions
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h index f1b9fd8c..25923e13 100644 --- a/include/libssh/libssh.h +++ b/include/libssh/libssh.h @@ -331,7 +331,8 @@ enum ssh_options_e { SSH_OPTIONS_COMPRESSION, SSH_OPTIONS_COMPRESSION_LEVEL, SSH_OPTIONS_KEY_EXCHANGE, - SSH_OPTIONS_HOSTKEYS + SSH_OPTIONS_HOSTKEYS, + SSH_OPTIONS_GSSAPI_SERVER_IDENTITY }; enum { diff --git a/include/libssh/session.h b/include/libssh/session.h index 281c7c66..d3ca4086 100644 --- a/include/libssh/session.h +++ b/include/libssh/session.h @@ -183,6 +183,7 @@ struct ssh_session_struct { int ssh2; int ssh1; char compressionlevel; + char *gss_server_identity; } opts; }; diff --git a/src/gssapi.c b/src/gssapi.c index a0ab3646..edcb66d4 100644 --- a/src/gssapi.c +++ b/src/gssapi.c @@ -672,12 +672,17 @@ int ssh_gssapi_auth_mic(ssh_session session){ OM_uint32 maj_stat, min_stat; char name_buf[256]; gss_buffer_desc hostname; + const char *gss_host = session->opts.host; if (ssh_gssapi_init(session) == SSH_ERROR) return SSH_AUTH_ERROR; + if (session->opts.gss_server_identity != NULL) { + gss_host = session->opts.gss_server_identity; + } /* import target host name */ - snprintf(name_buf, sizeof(name_buf), "host@%s", session->opts.host); + snprintf(name_buf, sizeof(name_buf), "host@%s", gss_host); + hostname.value = name_buf; hostname.length = strlen(name_buf) + 1; maj_stat = gss_import_name(&min_stat, &hostname, diff --git a/src/options.c b/src/options.c index e02ad4df..d43e25d4 100644 --- a/src/options.c +++ b/src/options.c @@ -367,6 +367,10 @@ int ssh_options_set_algo(ssh_session session, int algo, * Set the command to be executed in order to connect to * server (const char *). * + * - SSH_OPTIONS_GSSAPI_SERVER_IDENTITY + * Set it to specify the GSSAPI server identity that libssh + * should expect when connecting to the server (const char *). + * * @param value The value to set. This is a generic pointer and the * datatype which is used should be set according to the * type set. @@ -792,6 +796,20 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type, } } break; + case SSH_OPTIONS_GSSAPI_SERVER_IDENTITY: + v = value; + if (v == NULL || v[0] == '\0') { + ssh_set_error_invalid(session); + return -1; + } else { + SAFE_FREE(session->opts.gss_server_identity); + session->opts.gss_server_identity = strdup(v); + if (session->opts.gss_server_identity == NULL) { + ssh_set_error_oom(session); + return -1; + } + } + break; default: ssh_set_error(session, SSH_REQUEST_DENIED, "Unknown ssh option %d", type); return -1; diff --git a/src/session.c b/src/session.c index 72c186e5..d0691106 100644 --- a/src/session.c +++ b/src/session.c @@ -265,6 +265,7 @@ void ssh_free(ssh_session session) { SAFE_FREE(session->opts.sshdir); SAFE_FREE(session->opts.knownhosts); SAFE_FREE(session->opts.ProxyCommand); + SAFE_FREE(session->opts.gss_server_identity); for (i = 0; i < 10; i++) { if (session->opts.wanted_methods[i]) { |