- markus@cvs.openbsd.org 2003/11/17 11:06:07

[auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h sshconnect2.c ssh-gss.h] replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.
author: Damien Miller <djm@mindrot.org> 2003-11-17 22:18:21 +1100
committer: Damien Miller <djm@mindrot.org> 2003-11-17 22:18:21 +1100
commit: 0425d40194f36c57423c014b0730a9d344dbe019 (patch)
tree: 537527b6d0092152ee9f0c4ad01ea4bb41d8c271 /sshconnect2.c
parent: c756e9b56e5b4649f120c417eb9bc99cf23db10f (diff)
download: openssh-git-0425d40194f36c57423c014b0730a9d344dbe019.tar.gz
1 files changed, 29 insertions, 7 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index 388a2574..f6368aad 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.131 2003/11/17 09:45:39 djm Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.132 2003/11/17 11:06:07 markus Exp $");
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -222,7 +222,7 @@ static char *authmethods_get(void);
 
 Authmethod authmethods[] = {
 #ifdef GSSAPI
-	{"gssapi",
+	{"gssapi-with-mic",
 		userauth_gssapi,
 		&options.gss_authentication,
 		NULL},
@@ -543,10 +543,12 @@ process_gssapi_token(void *ctxt, gss_buffer_t recv_tok)
 	Authctxt *authctxt = ctxt;
 	Gssctxt *gssctxt = authctxt->methoddata;
 	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
-	OM_uint32 status, ms;
+	gss_buffer_desc gssbuf, mic;
+	OM_uint32 status, ms, flags;
+	Buffer b;
 	
 	status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
-	    recv_tok, &send_tok, NULL);
+	    recv_tok, &send_tok, &flags);
 
 	if (send_tok.length > 0) {
 		if (GSS_ERROR(status))
@@ -560,9 +562,29 @@ process_gssapi_token(void *ctxt, gss_buffer_t recv_tok)
 	}
 	
 	if (status == GSS_S_COMPLETE) {
-		/* If that succeeded, send a exchange complete message */
-		packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
-		packet_send();
+		/* send either complete or MIC, depending on mechanism */
+		if (!(flags & GSS_C_INTEG_FLAG)) {
+			packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
+			packet_send();
+		} else {
+			ssh_gssapi_buildmic(&b, authctxt->server_user,
+			    authctxt->service, "gssapi-with-mic");
+
+			gssbuf.value = buffer_ptr(&b);
+			gssbuf.length = buffer_len(&b);
+			
+			status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic);
+			
+			if (!GSS_ERROR(status)) {
+				packet_start(SSH2_MSG_USERAUTH_GSSAPI_MIC);
+				packet_put_string(mic.value, mic.length);
+				
+				packet_send();
+			}
+				
+			buffer_free(&b);
+			gss_release_buffer(&ms, &mic);
+		}	   
 	}
 	
 	return status;
author	Damien Miller <djm@mindrot.org>	2003-11-17 22:18:21 +1100
committer	Damien Miller <djm@mindrot.org>	2003-11-17 22:18:21 +1100
commit	0425d40194f36c57423c014b0730a9d344dbe019 (patch)
tree	537527b6d0092152ee9f0c4ad01ea4bb41d8c271 /sshconnect2.c
parent	c756e9b56e5b4649f120c417eb9bc99cf23db10f (diff)
download	openssh-git-0425d40194f36c57423c014b0730a9d344dbe019.tar.gz