diff options
-rw-r--r-- | examples/samplesshd-cb.c | 7 | ||||
-rw-r--r-- | include/libssh/libssh.h | 1 | ||||
-rw-r--r-- | include/libssh/server.h | 2 | ||||
-rw-r--r-- | src/gssapi.c | 15 |
4 files changed, 24 insertions, 1 deletions
diff --git a/examples/samplesshd-cb.c b/examples/samplesshd-cb.c index 8790226e..e6651550 100644 --- a/examples/samplesshd-cb.c +++ b/examples/samplesshd-cb.c @@ -61,8 +61,15 @@ static int auth_password(ssh_session session, const char *user, } static int auth_gssapi_mic(ssh_session session, const char *user, void *userdata){ + ssh_gssapi_creds creds = ssh_gssapi_get_creds(session); + (void)userdata; + printf("Authenticating used %s with gssapi\n",user); + if (creds != NULL) + printf("Received some gssapi credentials\n"); + else + printf("Not received any forwardable creds\n"); printf("authenticated\n"); authenticated = 1; return SSH_AUTH_SUCCESS; diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h index 790a5abb..880c9d6f 100644 --- a/include/libssh/libssh.h +++ b/include/libssh/libssh.h @@ -115,6 +115,7 @@ typedef struct ssh_scp_struct* ssh_scp; typedef struct ssh_session_struct* ssh_session; typedef struct ssh_string_struct* ssh_string; typedef struct ssh_event_struct* ssh_event; +typedef void* ssh_gssapi_creds; /* Socket type */ #ifdef _WIN32 diff --git a/include/libssh/server.h b/include/libssh/server.h index 28be4596..0c318cbb 100644 --- a/include/libssh/server.h +++ b/include/libssh/server.h @@ -238,6 +238,8 @@ LIBSSH_API int ssh_bind_accept(ssh_bind ssh_bind_o, ssh_session session); LIBSSH_API int ssh_bind_accept_fd(ssh_bind ssh_bind_o, ssh_session session, socket_t fd); +LIBSSH_API ssh_gssapi_creds ssh_gssapi_get_creds(ssh_session session); + /** * @brief Handles the key exchange and set up encryption * diff --git a/src/gssapi.c b/src/gssapi.c index 23f2e3ad..64e08ac3 100644 --- a/src/gssapi.c +++ b/src/gssapi.c @@ -26,6 +26,7 @@ #include "libssh/crypto.h" #include "libssh/callbacks.h" #include "libssh/string.h" +#include "libssh/server.h" #include <gssapi.h> @@ -402,7 +403,19 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_mic){ return SSH_PACKET_USED; } -#endif +/** @brief returns the client credentials of the connected client. + * If the client has given a forwardable token, the SSH server will + * retrieve it. + * @returns gssapi credentials handle. + * @returns NULL if no forwardable token is available. + */ +LIBSSH_API ssh_gssapi_creds ssh_gssapi_get_creds(ssh_session session){ + if (!session || !session->gssapi || session->gssapi->client_creds == GSS_C_NO_CREDENTIAL) + return NULL; + return (ssh_gssapi_creds)session->gssapi->client_creds; +} + +#endif /* SERVER */ static int ssh_gssapi_send_auth_mic(ssh_session session, ssh_string *oid_set, int n_oid){ ssh_string str; |