diff options
author | des <des@FreeBSD.org> | 2008-08-01 02:48:36 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2008-08-01 02:48:36 +0000 |
commit | b7aa600c416b507a21191efa2689c0a03031d58e (patch) | |
tree | ed813bdf7d8dbee35f19092d185e1a2793885204 /crypto/openssh/gss-serv.c | |
parent | a2326b0bec3be2ec01f66d386cfe43139cbc579c (diff) | |
parent | 8f6f5baf400f08937451cf9c8ecc220e9efd2f63 (diff) | |
download | FreeBSD-src-b7aa600c416b507a21191efa2689c0a03031d58e.zip FreeBSD-src-b7aa600c416b507a21191efa2689c0a03031d58e.tar.gz |
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.
MFC after: 6 weeks
Diffstat (limited to 'crypto/openssh/gss-serv.c')
-rw-r--r-- | crypto/openssh/gss-serv.c | 51 |
1 files changed, 50 insertions, 1 deletions
diff --git a/crypto/openssh/gss-serv.c b/crypto/openssh/gss-serv.c index e8191a8..2ec7ea1 100644 --- a/crypto/openssh/gss-serv.c +++ b/crypto/openssh/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.20 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.22 2008/05/08 12:02:23 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -29,11 +29,13 @@ #ifdef GSSAPI #include <sys/types.h> +#include <sys/param.h> #include <stdarg.h> #include <string.h> #include <unistd.h> +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "buffer.h" #include "key.h" @@ -64,6 +66,53 @@ ssh_gssapi_mech* supported_mechs[]= { &gssapi_null_mech, }; + +/* + * Acquire credentials for a server running on the current host. + * Requires that the context structure contains a valid OID + */ + +/* Returns a GSSAPI error code */ +/* Privileged (called from ssh_gssapi_server_ctx) */ +static OM_uint32 +ssh_gssapi_acquire_cred(Gssctxt *ctx) +{ + OM_uint32 status; + char lname[MAXHOSTNAMELEN]; + gss_OID_set oidset; + + gss_create_empty_oid_set(&status, &oidset); + gss_add_oid_set_member(&status, ctx->oid, &oidset); + + if (gethostname(lname, MAXHOSTNAMELEN)) { + gss_release_oid_set(&status, &oidset); + return (-1); + } + + if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { + gss_release_oid_set(&status, &oidset); + return (ctx->major); + } + + if ((ctx->major = gss_acquire_cred(&ctx->minor, + ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL))) + ssh_gssapi_error(ctx); + + gss_release_oid_set(&status, &oidset); + return (ctx->major); +} + +/* Privileged */ +OM_uint32 +ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) +{ + if (*ctx) + ssh_gssapi_delete_ctx(ctx); + ssh_gssapi_build_ctx(ctx); + ssh_gssapi_set_oid(*ctx, oid); + return (ssh_gssapi_acquire_cred(*ctx)); +} + /* Unprivileged */ void ssh_gssapi_supported_oids(gss_OID_set *oidset) |