aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAris Adamantiadis <aris@0xbadc0de.be>2013-03-04 18:48:39 +0100
committerAndreas Schneider <asn@cryptomilk.org>2013-07-13 14:50:56 +0200
commit65eccf19693dd2f6d4525062fdc04720f373af6f (patch)
tree092e145d1daa3623e7a291d4b0b49d4ecff46599
parentd9443104123614de9c071c748693edaef6ff7b73 (diff)
downloadlibssh-65eccf19693dd2f6d4525062fdc04720f373af6f.tar.gz
libssh-65eccf19693dd2f6d4525062fdc04720f373af6f.tar.xz
libssh-65eccf19693dd2f6d4525062fdc04720f373af6f.zip
gssapi: retrieve forwarded (delegated) tickets
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--examples/samplesshd-cb.c7
-rw-r--r--include/libssh/libssh.h1
-rw-r--r--include/libssh/server.h2
-rw-r--r--src/gssapi.c15
4 files changed, 24 insertions, 1 deletions
diff --git a/examples/samplesshd-cb.c b/examples/samplesshd-cb.c
index 8790226e..e6651550 100644
--- a/examples/samplesshd-cb.c
+++ b/examples/samplesshd-cb.c
@@ -61,8 +61,15 @@ static int auth_password(ssh_session session, const char *user,
}
static int auth_gssapi_mic(ssh_session session, const char *user, void *userdata){
+ ssh_gssapi_creds creds = ssh_gssapi_get_creds(session);
+
(void)userdata;
+
printf("Authenticating used %s with gssapi\n",user);
+ if (creds != NULL)
+ printf("Received some gssapi credentials\n");
+ else
+ printf("Not received any forwardable creds\n");
printf("authenticated\n");
authenticated = 1;
return SSH_AUTH_SUCCESS;
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
index 790a5abb..880c9d6f 100644
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -115,6 +115,7 @@ typedef struct ssh_scp_struct* ssh_scp;
typedef struct ssh_session_struct* ssh_session;
typedef struct ssh_string_struct* ssh_string;
typedef struct ssh_event_struct* ssh_event;
+typedef void* ssh_gssapi_creds;
/* Socket type */
#ifdef _WIN32
diff --git a/include/libssh/server.h b/include/libssh/server.h
index 28be4596..0c318cbb 100644
--- a/include/libssh/server.h
+++ b/include/libssh/server.h
@@ -238,6 +238,8 @@ LIBSSH_API int ssh_bind_accept(ssh_bind ssh_bind_o, ssh_session session);
LIBSSH_API int ssh_bind_accept_fd(ssh_bind ssh_bind_o, ssh_session session,
socket_t fd);
+LIBSSH_API ssh_gssapi_creds ssh_gssapi_get_creds(ssh_session session);
+
/**
* @brief Handles the key exchange and set up encryption
*
diff --git a/src/gssapi.c b/src/gssapi.c
index 23f2e3ad..64e08ac3 100644
--- a/src/gssapi.c
+++ b/src/gssapi.c
@@ -26,6 +26,7 @@
#include "libssh/crypto.h"
#include "libssh/callbacks.h"
#include "libssh/string.h"
+#include "libssh/server.h"
#include <gssapi.h>
@@ -402,7 +403,19 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_mic){
return SSH_PACKET_USED;
}
-#endif
+/** @brief returns the client credentials of the connected client.
+ * If the client has given a forwardable token, the SSH server will
+ * retrieve it.
+ * @returns gssapi credentials handle.
+ * @returns NULL if no forwardable token is available.
+ */
+LIBSSH_API ssh_gssapi_creds ssh_gssapi_get_creds(ssh_session session){
+ if (!session || !session->gssapi || session->gssapi->client_creds == GSS_C_NO_CREDENTIAL)
+ return NULL;
+ return (ssh_gssapi_creds)session->gssapi->client_creds;
+}
+
+#endif /* SERVER */
static int ssh_gssapi_send_auth_mic(ssh_session session, ssh_string *oid_set, int n_oid){
ssh_string str;