aboutsummaryrefslogtreecommitdiff
path: root/src/gssapi.c
AgeCommit message (Collapse)AuthorFilesLines
2019-01-09packet: Introduce a new function to access cryptoJakub Jelen1-4/+7
And remove most of the direct access to the structure throughout the code Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-26gssapi: Set correct state after sending GSSAPI_RESPONSE (select mechanism OID)Meng Tan1-0/+1
Signed-off-by: Meng Tan <mtan@wallix.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24gssapi: Check return code of gss_indicate_mechs()Andreas Schneider1-0/+9
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24gssapi: Ignore return codes of gss_release_buffer()Andreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-16CVE-2018-10933: Set correct state after sending MICAnderson Toshiyuki Sasaki1-1/+1
After sending the client token, the auth state is set as SSH_AUTH_STATE_GSSAPI_MIC_SENT. Then this can be expected to be the state when a USERAUTH_FAILURE or USERAUTH_SUCCESS arrives. Fixes T101 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-27session: Group auth variables in a structAndreas Schneider1-7/+7
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-22gssapi: Fix size typesAndreas Schneider1-4/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-06gssapi: set error state when GSSAPI auth failsAnderson Toshiyuki Sasaki1-19/+43
When errors occurred, the session auth state was not being updated, leading to failures due to the wrong state in following authentication methods. Fixes T56 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-10-22Remove extra newlines from log/error messagesPino Toscano1-2/+2
Signed-off-by: Pino Toscano <ptoscano@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-10-06gssapi: Use correct return code in ssh_gssapi_auth_mic()Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-10-06gssapi: Print minor stat in error logging functionAndreas Schneider1-17/+91
This also releases the memory allocated for the messages. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19buffer: use ssh_buffer_get() instead of ssh_buffer_get_begin()Fabiano Fidêncio1-3/+3
This commit is a preparatory stage for removing ssh_buffer_get_begin(). Note that removing ssh_buffer_get_begin() doesn't break API compatibility, as this functions has never been exposed (it only has the LIBSSH_API prefix). Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19cleanup: use ssh_ prefix in the packet (non-static) functionsFabiano Fidêncio1-7/+7
Having "ssh_" prefix in the functions' name will avoid possible clashes when compiling libssh statically. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19cleanup: use ssh_ prefix in the buffer (non-static) functionsFabiano Fidêncio1-7/+7
Having "ssh_" prefix in the functions' name will avoid possible clashes when compiling libssh statically. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-10-12gssapi: ssh_gssapi_set_creds() is a client side functionStef Walter1-2/+4
It should not be guarded by the WITH_SERVER #ifdef Signed-off-by: Stef Walter <stefw@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-08-06buffers: adapt gssapi.c to ssh_buffer_(un)pack()Aris Adamantiadis1-133/+47
2014-01-19src: Rename buffer_add_data() to ssh_buffer_add_data().Andreas Schneider1-1/+1
2014-01-19src: Rename buffer_init to ssh_buffer_init().Andreas Schneider1-1/+1
2013-11-18gssapi: fix loggingAris Adamantiadis1-14/+14
2013-11-15gssapi: Fix support of delegated credentialsSimo Sorce1-23/+37
In a previous refactoring patch, the code underpinning the ssh_gssapi_set_creds() API was inadvertently removed. This patch fixes the problem. Also clarify what variable holds which credentials and insure that credentials created within the library are propelry freed. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-11-15gssapi: Add support for GSSAPIDelegateCredentials config option.Simo Sorce1-0/+3
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-11-15gssapi: Add error checks and cleanup the code in ssh_gssapi_auth_mic().Andreas Schneider1-2/+13
2013-11-15gssapi: Use GSSAPIClientIdentity to acquire credsSimo Sorce1-3/+23
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-11-15gssapi: Add suppport to set GSSAPI server identity.Andreas Schneider1-1/+6
2013-11-15Fix gssapi credential handling.Simo Sorce1-105/+65
- Properly acquire and inquitre credentials to get the list of available credentials. - Avoid enforcing a specific username it breaks some use cases (k5login). - Remove confusing references to delegated credentials as there is no code that actually uses delegated credentials in the initialization case. Signed-off-by: Siom Sorce <simo@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-25gssapi: Fix a build warning if we build without server support.Andreas Schneider1-5/+1
2013-07-24gssapi: Fix include with Heimdal.Andreas Schneider1-1/+1
2013-07-23gssapi: Fix a memory leak in ssh_gssapi_auth_mic().Andreas Schneider1-0/+1
CID: 1046708
2013-07-23cmake: Check for unistd.h.Andreas Schneider1-12/+15
2013-07-21gssapi: Add brackets in ssh_packet_userauth_gssapi_mic().Andreas Schneider1-8/+15
2013-07-21gssapi: Cleanup ssh_gssapi_set_creds().Andreas Schneider1-6/+13
2013-07-21gssapi: Replace printf with SSH_LOG.Andreas Schneider1-2/+2
2013-07-14gssapi: Refactor ssh_gssapi_send_mic() to not leak memory.Andreas Schneider1-3/+21
CID #0
2013-07-14gssapi: Check return values of buffer functions.Andreas Schneider1-4/+14
CID #0
2013-07-14gssapi: Remove dead code.Andreas Schneider1-5/+0
CID #0
2013-07-14gssapi: Refactor ssh_gssapi_build_mic() to avoid memory leaks.Andreas Schneider1-10/+54
CID #0
2013-07-14gssapi: Fix a possible memory leak.Andreas Schneider1-3/+7
CID #0
2013-07-14gssapi: Fix a memory leak.Andreas Schneider1-1/+3
CID #0
2013-07-14src: Migrate to SSH_LOG.Andreas Schneider1-44/+44
2013-07-14server: Fix compilation without WITH_SERVERAris Adamantiadis1-1/+12
2013-07-13gssapi: Fix indentation.Aris Adamantiadis1-681/+681
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13gssapi: Fix ticket forwarding bugAris Adamantiadis1-12/+18
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13gssapi: Add user parameter to gssapi auth callbackAris Adamantiadis1-1/+2
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13gssapi: remove dead codeAris Adamantiadis1-29/+0
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13gssapi: gssapi callbacks serversideAris Adamantiadis1-15/+63
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13gssapi: more debug infoAris Adamantiadis1-4/+6
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13gssapi: implement ticket delegationAris Adamantiadis1-14/+38
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13gssapi: retrieve forwarded (delegated) ticketsAris Adamantiadis1-1/+14
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13auth: store client's credentialsAris Adamantiadis1-6/+7
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13auth: implement client-side gssapiAris Adamantiadis1-2/+394
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>