1 /* $OpenBSD: gss-genr.c,v 1.26 2018/07/10 09:13:30 djm Exp $ */
4  * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
45 #include "ssh-gss.h"
60 	g->value = p;  in ssh_gssapi_get_buffer_desc()
61 	g->length = len;  in ssh_gssapi_get_buffer_desc()
69 	return (ctx != NULL && ctx->oid != GSS_C_NO_OID &&  in ssh_gssapi_check_oid()
70 	    ctx->oid->length == len &&  in ssh_gssapi_check_oid()
71 	    memcmp(ctx->oid->elements, data, len) == 0);  in ssh_gssapi_check_oid()
78 	if (ctx->oid != GSS_C_NO_OID) {  in ssh_gssapi_set_oid_data()
79 		free(ctx->oid->elements);  in ssh_gssapi_set_oid_data()
80 		free(ctx->oid);  in ssh_gssapi_set_oid_data()
82 	ctx->oid = xcalloc(1, sizeof(gss_OID_desc));  in ssh_gssapi_set_oid_data()
83 	ctx->oid->length = len;  in ssh_gssapi_set_oid_data()
84 	ctx->oid->elements = xmalloc(len);  in ssh_gssapi_set_oid_data()
85 	memcpy(ctx->oid->elements, data, len);  in ssh_gssapi_set_oid_data()
92 	ssh_gssapi_set_oid_data(ctx, oid->elements, oid->length);  in ssh_gssapi_set_oid()
121 		*major_status = ctxt->major;  in ssh_gssapi_last_error()
123 		*minor_status = ctxt->minor;  in ssh_gssapi_last_error()
128 		gss_display_status(&lmin, ctxt->major,  in ssh_gssapi_last_error()
129 		    GSS_C_GSS_CODE, ctxt->oid, &ctx, &msg);  in ssh_gssapi_last_error()
140 		gss_display_status(&lmin, ctxt->minor,  in ssh_gssapi_last_error()
141 		    GSS_C_MECH_CODE, ctxt->oid, &ctx, &msg);  in ssh_gssapi_last_error()
159  * of the data which both the client and server need to persist across
167 	(*ctx)->context = GSS_C_NO_CONTEXT;  in ssh_gssapi_build_ctx()
168 	(*ctx)->name = GSS_C_NO_NAME;  in ssh_gssapi_build_ctx()
169 	(*ctx)->oid = GSS_C_NO_OID;  in ssh_gssapi_build_ctx()
170 	(*ctx)->creds = GSS_C_NO_CREDENTIAL;  in ssh_gssapi_build_ctx()
171 	(*ctx)->client = GSS_C_NO_NAME;  in ssh_gssapi_build_ctx()
172 	(*ctx)->client_creds = GSS_C_NO_CREDENTIAL;  in ssh_gssapi_build_ctx()
183 	if ((*ctx)->context != GSS_C_NO_CONTEXT)  in ssh_gssapi_delete_ctx()
184 		gss_delete_sec_context(&ms, &(*ctx)->context, GSS_C_NO_BUFFER);  in ssh_gssapi_delete_ctx()
185 	if ((*ctx)->name != GSS_C_NO_NAME)  in ssh_gssapi_delete_ctx()
186 		gss_release_name(&ms, &(*ctx)->name);  in ssh_gssapi_delete_ctx()
187 	if ((*ctx)->oid != GSS_C_NO_OID) {  in ssh_gssapi_delete_ctx()
188 		free((*ctx)->oid->elements);  in ssh_gssapi_delete_ctx()
189 		free((*ctx)->oid);  in ssh_gssapi_delete_ctx()
190 		(*ctx)->oid = GSS_C_NO_OID;  in ssh_gssapi_delete_ctx()
192 	if ((*ctx)->creds != GSS_C_NO_CREDENTIAL)  in ssh_gssapi_delete_ctx()
193 		gss_release_cred(&ms, &(*ctx)->creds);  in ssh_gssapi_delete_ctx()
194 	if ((*ctx)->client != GSS_C_NO_NAME)  in ssh_gssapi_delete_ctx()
195 		gss_release_name(&ms, &(*ctx)->client);  in ssh_gssapi_delete_ctx()
196 	if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL)  in ssh_gssapi_delete_ctx()
197 		gss_release_cred(&ms, &(*ctx)->client_creds);  in ssh_gssapi_delete_ctx()
217 		debug("Delegating credentials");  in ssh_gssapi_init_ctx()
220 	ctx->major = gss_init_sec_context(&ctx->minor,  in ssh_gssapi_init_ctx()
221 	    GSS_C_NO_CREDENTIAL, &ctx->context, ctx->name, ctx->oid,  in ssh_gssapi_init_ctx()
225 	if (GSS_ERROR(ctx->major))  in ssh_gssapi_init_ctx()
228 	return (ctx->major);  in ssh_gssapi_init_ctx()
242 	if ((ctx->major = gss_import_name(&ctx->minor,  in ssh_gssapi_import_name()
243 	    &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name)))  in ssh_gssapi_import_name()
247 	return (ctx->major);  in ssh_gssapi_import_name()
253 	if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context,  in ssh_gssapi_sign()
257 	return (ctx->major);  in ssh_gssapi_sign()
283 	if (oid->length == spnego_oid.length &&   in ssh_gssapi_check_mechanism()
284 	    (memcmp(oid->elements, spnego_oid.elements, oid->length) == 0))  in ssh_gssapi_check_mechanism()
294 		if ((*ctx)->context != GSS_C_NO_CONTEXT)  in ssh_gssapi_check_mechanism()
295 			gss_delete_sec_context(&minor, &(*ctx)->context,  in ssh_gssapi_check_mechanism()