From 440d2ec0eaa94299575229df7855746a2edc01e7 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 15 Nov 2013 10:02:48 -0500 Subject: [PATCH] gssapi: Use GSSAPIClientIdentity to acquire creds Signed-off-by: Simo Sorce Reviewed-by: Andreas Schneider --- src/gssapi.c | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/src/gssapi.c b/src/gssapi.c index edcb66d4..32da941d 100644 --- a/src/gssapi.c +++ b/src/gssapi.c @@ -623,16 +623,32 @@ static int ssh_gssapi_match(ssh_session session, gss_OID_set *valid_oids) { OM_uint32 maj_stat, min_stat, lifetime; gss_OID_set actual_mechs; + gss_buffer_desc namebuf; + gss_name_t client_id = GSS_C_NO_NAME; gss_OID oid; unsigned int i; char *ptr; + int ret; - maj_stat = gss_acquire_cred(&min_stat, GSS_C_NO_NAME, GSS_C_INDEFINITE, + if (session->opts.gss_client_identity != NULL) { + namebuf.value = (void *)session->opts.gss_client_identity; + namebuf.length = strlen(session->opts.gss_client_identity); + + maj_stat = gss_import_name(&min_stat, &namebuf, + GSS_C_NT_USER_NAME, &client_id); + if (GSS_ERROR(maj_stat)) { + ret = SSH_ERROR; + goto end; + } + } + + maj_stat = gss_acquire_cred(&min_stat, client_id, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_INITIATE, &session->gssapi->client_creds, &actual_mechs, NULL); if (GSS_ERROR(maj_stat)) { - return SSH_ERROR; + ret = SSH_ERROR; + goto end; } gss_create_empty_oid_set(&min_stat, valid_oids); @@ -653,7 +669,11 @@ static int ssh_gssapi_match(ssh_session session, gss_OID_set *valid_oids) } } - return SSH_OK; + ret = SSH_OK; + +end: + gss_release_name(&min_stat, &client_id); + return ret; } /**