summaryrefslogtreecommitdiffstats
path: root/auth2-gss.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth2-gss.c')
-rw-r--r--auth2-gss.c41
1 files changed, 15 insertions, 26 deletions
diff --git a/auth2-gss.c b/auth2-gss.c
index f72a3899..75eb4e3a 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-gss.c,v 1.34 2023/03/31 04:22:27 djm Exp $ */
+/* $OpenBSD: auth2-gss.c,v 1.36 2024/05/17 04:42:13 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -51,6 +51,7 @@
#define SSH_GSSAPI_MAX_MECHS 2048
extern ServerOptions options;
+extern struct authmethod_cfg methodcfg_gssapi;
static int input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh);
static int input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh);
@@ -116,7 +117,7 @@ userauth_gssapi(struct ssh *ssh, const char *method)
return (0);
}
- if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
+ if (GSS_ERROR(mm_ssh_gssapi_server_ctx(&ctxt, &goid))) {
if (ctxt != NULL)
ssh_gssapi_delete_ctx(&ctxt);
free(doid);
@@ -153,7 +154,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
size_t len;
int r;
- if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
+ if (authctxt == NULL)
fatal("No authentication or GSSAPI context");
gssctxt = authctxt->methoddata;
@@ -163,8 +164,8 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
recv_tok.value = p;
recv_tok.length = len;
- maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
- &send_tok, &flags));
+ maj_status = mm_ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
+ &send_tok, &flags);
free(p);
@@ -217,7 +218,7 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
u_char *p;
size_t len;
- if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
+ if (authctxt == NULL)
fatal("No authentication or GSSAPI context");
gssctxt = authctxt->methoddata;
@@ -228,8 +229,8 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
recv_tok.length = len;
/* Push the error token into GSSAPI to see what it says */
- maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
- &send_tok, NULL));
+ maj_status = mm_ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
+ &send_tok, NULL);
free(recv_tok.value);
@@ -254,9 +255,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh)
{
Authctxt *authctxt = ssh->authctxt;
int r, authenticated;
- const char *displayname;
- if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
+ if (authctxt == NULL)
fatal("No authentication or GSSAPI context");
/*
@@ -267,11 +267,7 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh)
if ((r = sshpkt_get_end(ssh)) != 0)
fatal_fr(r, "parse packet");
- authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
-
- if ((!use_privsep || mm_is_monitor()) &&
- (displayname = ssh_gssapi_displayname()) != NULL)
- auth2_record_info(authctxt, "%s", displayname);
+ authenticated = mm_ssh_gssapi_userok(authctxt->user);
authctxt->postponed = 0;
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
@@ -290,11 +286,10 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
int r, authenticated = 0;
struct sshbuf *b;
gss_buffer_desc mic, gssbuf;
- const char *displayname;
u_char *p;
size_t len;
- if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
+ if (authctxt == NULL)
fatal("No authentication or GSSAPI context");
gssctxt = authctxt->methoddata;
@@ -312,18 +307,14 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
fatal_f("sshbuf_mutable_ptr failed");
gssbuf.length = sshbuf_len(b);
- if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
- authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
+ if (!GSS_ERROR(mm_ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))
+ authenticated = mm_ssh_gssapi_userok(authctxt->user);
else
logit("GSSAPI MIC check failed");
sshbuf_free(b);
free(mic.value);
- if ((!use_privsep || mm_is_monitor()) &&
- (displayname = ssh_gssapi_displayname()) != NULL)
- auth2_record_info(authctxt, "%s", displayname);
-
authctxt->postponed = 0;
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
@@ -334,10 +325,8 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
}
Authmethod method_gssapi = {
- "gssapi-with-mic",
- NULL,
+ &methodcfg_gssapi,
userauth_gssapi,
- &options.gss_authentication
};
#endif /* GSSAPI */
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-11 16:09:33 +0000