/* Privileged (called from accept_secure_ctx) */ OM_uint32 ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) { int i = 0; gss_buffer_desc ename; client->mech = NULL; while (supported_mechs[i]->name != NULL) { if (supported_mechs[i]->oid.length == ctx->oid->length && (memcmp(supported_mechs[i]->oid.elements, ctx->oid->elements, ctx->oid->length) == 0)) client->mech = supported_mechs[i]; i++; } if (client->mech == NULL) return GSS_S_FAILURE; if ((ctx->major = gss_display_name(&ctx->minor, ctx->client, &client->displayname, NULL))) { ssh_gssapi_error(ctx); return (ctx->major); } if ((ctx->major = gss_export_name(&ctx->minor, ctx->client, &ename))) { ssh_gssapi_error(ctx); return (ctx->major); } if ((ctx->major = ssh_gssapi_parse_ename(ctx,&ename, &client->exportedname))) { return (ctx->major); } /* We can't copy this structure, so we just move the pointer to it */ client->creds = ctx->client_creds; ctx->client_creds = GSS_C_NO_CREDENTIAL; return (ctx->major); }
/* Privileged (called from accept_secure_ctx) */ OM_uint32 ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) { int i = 0; int equal = 0; gss_name_t new_name = GSS_C_NO_NAME; gss_buffer_desc ename = GSS_C_EMPTY_BUFFER; if (options.gss_store_rekey && client->used && ctx->client_creds) { if (client->mech->oid.length != ctx->oid->length || (memcmp(client->mech->oid.elements, ctx->oid->elements, ctx->oid->length) !=0)) { debug("Rekeyed credentials have different mechanism"); return GSS_S_COMPLETE; } if ((ctx->major = gss_inquire_cred_by_mech(&ctx->minor, ctx->client_creds, ctx->oid, &new_name, NULL, NULL, NULL))) { ssh_gssapi_error(ctx); return (ctx->major); } ctx->major = gss_compare_name(&ctx->minor, client->name, new_name, &equal); if (GSS_ERROR(ctx->major)) { ssh_gssapi_error(ctx); return (ctx->major); } if (!equal) { debug("Rekeyed credentials have different name"); return GSS_S_COMPLETE; } debug("Marking rekeyed credentials for export"); gss_release_name(&ctx->minor, &client->name); gss_release_cred(&ctx->minor, &client->creds); client->name = new_name; client->creds = ctx->client_creds; ctx->client_creds = GSS_C_NO_CREDENTIAL; client->updated = 1; return GSS_S_COMPLETE; } client->mech = NULL; while (supported_mechs[i]->name != NULL) { if (supported_mechs[i]->oid.length == ctx->oid->length && (memcmp(supported_mechs[i]->oid.elements, ctx->oid->elements, ctx->oid->length) == 0)) client->mech = supported_mechs[i]; i++; } if (client->mech == NULL) return GSS_S_FAILURE; if (ctx->client_creds && (ctx->major = gss_inquire_cred_by_mech(&ctx->minor, ctx->client_creds, ctx->oid, &client->name, NULL, NULL, NULL))) { ssh_gssapi_error(ctx); return (ctx->major); } if ((ctx->major = gss_display_name(&ctx->minor, ctx->client, &client->displayname, NULL))) { ssh_gssapi_error(ctx); return (ctx->major); } if ((ctx->major = gss_export_name(&ctx->minor, ctx->client, &ename))) { ssh_gssapi_error(ctx); return (ctx->major); } if ((ctx->major = ssh_gssapi_parse_ename(ctx,&ename, &client->exportedname))) { return (ctx->major); } gss_release_buffer(&ctx->minor, &ename); /* We can't copy this structure, so we just move the pointer to it */ client->creds = ctx->client_creds; ctx->client_creds = GSS_C_NO_CREDENTIAL; return (ctx->major); }