gssapi: Add user parameter to gssapi auth callback
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Этот коммит содержится в:
родитель
0356b78ede
Коммит
0d1ec1fa48
@ -170,13 +170,17 @@ typedef int (*ssh_auth_none_callback) (ssh_session session, const char *user, vo
|
|||||||
/**
|
/**
|
||||||
* @brief SSH authentication callback. Tries to authenticates user with the "gssapi-with-mic" method
|
* @brief SSH authentication callback. Tries to authenticates user with the "gssapi-with-mic" method
|
||||||
* @param session Current session handler
|
* @param session Current session handler
|
||||||
* @param user Authenticated login of the user, including realm.
|
* @param user Username of the user (can be spoofed)
|
||||||
|
* @param principal Authenticated principal of the user, including realm.
|
||||||
* @param userdata Userdata to be passed to the callback function.
|
* @param userdata Userdata to be passed to the callback function.
|
||||||
* @returns SSH_AUTH_OK Authentication is accepted.
|
* @returns SSH_AUTH_OK Authentication is accepted.
|
||||||
* @returns SSH_AUTH_PARTIAL Partial authentication, more authentication means are needed.
|
* @returns SSH_AUTH_PARTIAL Partial authentication, more authentication means are needed.
|
||||||
* @returns SSH_AUTH_DENIED Authentication failed.
|
* @returns SSH_AUTH_DENIED Authentication failed.
|
||||||
|
* @warning Implementations should verify that parameter user matches in some way the principal.
|
||||||
|
* user and principal can be different. Only the latter is guaranteed to be safe.
|
||||||
*/
|
*/
|
||||||
typedef int (*ssh_auth_gssapi_mic_callback) (ssh_session session, const char *user, void *userdata);
|
typedef int (*ssh_auth_gssapi_mic_callback) (ssh_session session, const char *user, const char *principal,
|
||||||
|
void *userdata);
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -424,7 +424,8 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_mic){
|
|||||||
|
|
||||||
if (ssh_callbacks_exists(session->server_callbacks, auth_gssapi_mic_function)){
|
if (ssh_callbacks_exists(session->server_callbacks, auth_gssapi_mic_function)){
|
||||||
switch(session->server_callbacks->auth_gssapi_mic_function(session,
|
switch(session->server_callbacks->auth_gssapi_mic_function(session,
|
||||||
session->gssapi->canonic_user, session->server_callbacks->userdata)){
|
session->gssapi->user, session->gssapi->canonic_user,
|
||||||
|
session->server_callbacks->userdata)){
|
||||||
case SSH_AUTH_SUCCESS:
|
case SSH_AUTH_SUCCESS:
|
||||||
ssh_auth_reply_success(session, 0);
|
ssh_auth_reply_success(session, 0);
|
||||||
break;
|
break;
|
||||||
|
Загрузка…
Ссылка в новой задаче
Block a user