1 /* $OpenBSD: auth2-gss.c,v 1.36 2024/05/17 04:42:13 djm Exp $ */
4  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
48 #include "ssh-gss.h"
56 static int input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh);
57 static int input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh);
58 static int input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh);
59 static int input_gssapi_errtok(int, u_int32_t, struct ssh *);
65 static int
68 	Authctxt *authctxt = ssh->authctxt;  in userauth_gssapi()
71 	int r, present;  in userauth_gssapi()
90 		mechs--;  in userauth_gssapi()
99 		    doid[1] == len - 2) {  in userauth_gssapi()
101 			goid.length   = len - 2;  in userauth_gssapi()
110 		authctxt->server_caused_failure = 1;  in userauth_gssapi()
114 	if (!authctxt->valid || authctxt->user == NULL) {  in userauth_gssapi()
124 		authctxt->server_caused_failure = 1;  in userauth_gssapi()
128 	authctxt->methoddata = (void *)ctxt;  in userauth_gssapi()
140 	authctxt->postponed = 1;  in userauth_gssapi()
145 static int
146 input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)  in input_gssapi_token()
148 	Authctxt *authctxt = ssh->authctxt;  in input_gssapi_token()
155 	int r;  in input_gssapi_token()
160 	gssctxt = authctxt->methoddata;  in input_gssapi_token()
181 		authctxt->postponed = 0;  in input_gssapi_token()
183 		userauth_finish(ssh, 0, "gssapi-with-mic", NULL);  in input_gssapi_token()
209 static int
210 input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)  in input_gssapi_errtok()
212 	Authctxt *authctxt = ssh->authctxt;  in input_gssapi_errtok()
217 	int r;  in input_gssapi_errtok()
224 	gssctxt = authctxt->methoddata;  in input_gssapi_errtok()
253 static int
254 input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh)  in input_gssapi_exchange_complete()
256 	Authctxt *authctxt = ssh->authctxt;  in input_gssapi_exchange_complete()
257 	int r, authenticated;  in input_gssapi_exchange_complete()
270 	authenticated = mm_ssh_gssapi_userok(authctxt->user);  in input_gssapi_exchange_complete()
272 	authctxt->postponed = 0;  in input_gssapi_exchange_complete()
277 	userauth_finish(ssh, authenticated, "gssapi-with-mic", NULL);  in input_gssapi_exchange_complete()
281 static int
282 input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)  in input_gssapi_mic()
284 	Authctxt *authctxt = ssh->authctxt;  in input_gssapi_mic()
286 	int r, authenticated = 0;  in input_gssapi_mic()
288 	gss_buffer_desc mic, gssbuf;  in input_gssapi_mic()  local
295 	gssctxt = authctxt->methoddata;  in input_gssapi_mic()
301 	mic.value = p;  in input_gssapi_mic()
302 	mic.length = len;  in input_gssapi_mic()
303 	ssh_gssapi_buildmic(b, authctxt->user, authctxt->service,  in input_gssapi_mic()
304 	    "gssapi-with-mic", ssh->kex->session_id);  in input_gssapi_mic()
310 	if (!GSS_ERROR(mm_ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))  in input_gssapi_mic()
311 		authenticated = mm_ssh_gssapi_userok(authctxt->user);  in input_gssapi_mic()
313 		logit("GSSAPI MIC check failed");  in input_gssapi_mic()
316 	free(mic.value);  in input_gssapi_mic()
318 	authctxt->postponed = 0;  in input_gssapi_mic()
323 	userauth_finish(ssh, authenticated, "gssapi-with-mic", NULL);  in input_gssapi_mic()