diff options
| author | djm <djm> | 2003-11-17 10:20:18 +0000 |
|---|---|---|
| committer | djm <djm> | 2003-11-17 10:20:18 +0000 |
| commit | 831d03f401ffaf588ea423fdcaf09eabc7d326c4 (patch) | |
| tree | 0950d3f251a7b5b2dbe068b2200fa050cd5a1472 /sshconnect2.c | |
| parent | 6c4e0418fd4b49f6edea58d63a9e2d1ffc3541ce (diff) | |
| download | openssh-831d03f401ffaf588ea423fdcaf09eabc7d326c4.tar.gz | |
- markus@cvs.openbsd.org 2003/11/14 13:19:09
[sshconnect2.c]
cleanup and minor fixes for the client code; from Simon Wilkinson
Diffstat (limited to 'sshconnect2.c')
| -rw-r--r-- | sshconnect2.c | 80 |
1 files changed, 36 insertions, 44 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index f991f81d..045f3081 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.129 2003/11/02 11:01:03 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.130 2003/11/14 13:19:09 markus Exp $"); #include "openbsd-compat/sys-queue.h" @@ -537,15 +537,44 @@ userauth_gssapi(Authctxt *authctxt) return 1; } +static OM_uint32 +process_gssapi_token(void *ctxt, gss_buffer_t recv_tok) +{ + Authctxt *authctxt = ctxt; + Gssctxt *gssctxt = authctxt->methoddata; + gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; + OM_uint32 status, ms; + + status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, + recv_tok, &send_tok, NULL); + + if (send_tok.length > 0) { + if (GSS_ERROR(status)) + packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK); + else + packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); + + packet_put_string(send_tok.value, send_tok.length); + packet_send(); + gss_release_buffer(&ms, &send_tok); + } + + if (status == GSS_S_COMPLETE) { + /* If that succeeded, send a exchange complete message */ + packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE); + packet_send(); + } + + return status; +} + void input_gssapi_response(int type, u_int32_t plen, void *ctxt) { Authctxt *authctxt = ctxt; Gssctxt *gssctxt; - OM_uint32 status, ms; int oidlen; char *oidv; - gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; if (authctxt == NULL) fatal("input_gssapi_response: no authentication context"); @@ -557,9 +586,9 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) if (oidlen <= 2 || oidv[0] != SSH_GSS_OIDTYPE || oidv[1] != oidlen - 2) { + xfree(oidv); debug("Badly encoded mechanism OID received"); userauth(authctxt, NULL); - xfree(oidv); return; } @@ -570,76 +599,39 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) xfree(oidv); - status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, - GSS_C_NO_BUFFER, &send_tok, NULL); - if (GSS_ERROR(status)) { - if (send_tok.length > 0) { - packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK); - packet_put_string(send_tok.value, send_tok.length); - packet_send(); - gss_release_buffer(&ms, &send_tok); - } + if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) { /* Start again with next method on list */ debug("Trying to start again"); userauth(authctxt, NULL); return; } - - /* We must have data to send */ - packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); - packet_put_string(send_tok.value, send_tok.length); - packet_send(); - gss_release_buffer(&ms, &send_tok); } void input_gssapi_token(int type, u_int32_t plen, void *ctxt) { Authctxt *authctxt = ctxt; - Gssctxt *gssctxt; - gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; gss_buffer_desc recv_tok; - OM_uint32 status, ms; + OM_uint32 status; u_int slen; if (authctxt == NULL) fatal("input_gssapi_response: no authentication context"); - gssctxt = authctxt->methoddata; recv_tok.value = packet_get_string(&slen); recv_tok.length = slen; /* safe typecast */ packet_check_eom(); - status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, - &recv_tok, &send_tok, NULL); + status = process_gssapi_token(ctxt, &recv_tok); xfree(recv_tok.value); if (GSS_ERROR(status)) { - if (send_tok.length > 0) { - packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK); - packet_put_string(send_tok.value, send_tok.length); - packet_send(); - gss_release_buffer(&ms, &send_tok); - } /* Start again with the next method in the list */ userauth(authctxt, NULL); return; } - - if (send_tok.length > 0) { - packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); - packet_put_string(send_tok.value, send_tok.length); - packet_send(); - gss_release_buffer(&ms, &send_tok); - } - - if (status == GSS_S_COMPLETE) { - /* If that succeeded, send a exchange complete message */ - packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE); - packet_send(); - } } void |