In a previous refactoring patch, the code underpinning the
ssh_gssapi_set_creds() API was inadvertently removed. This patch
fixes the problem.
Also clarify what variable holds which credentials and insure that
credentials created within the library are propelry freed.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
- Properly acquire and inquitre credentials to get the list of available
credentials.
- Avoid enforcing a specific username it breaks some use cases (k5login).
- Remove confusing references to delegated credentials as there is no code
that actually uses delegated credentials in the initialization case.
Signed-off-by: Siom Sorce <simo@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
For integration with an external mainloop, we need to know how to
replicate libssh's internal poll() calls. We originally through
ssh_get_status() was that API, but it's not really - those flags only
get updated from the *result* of a poll(), where what we really need
is to know how libssh would *start* a poll().
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Otherwise applications providing their own fd end up tripping an
assertion, since the session is just in _CONNECTING.
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
When the public key auth handler is executed and returns SSH_OK,
ssh_execute_server_callbacks() still runs some client callbacks,
which may set rc to SSH_AGAIN, which triggers a default reply on
auth, denying auth.
Signed-off-by: Nicolas Viennot <nicolas@viennot.biz>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The code is careful to reenable compression when rekeying.
Signed-off-by: Nicolas Viennot <nicolas@viennot.biz>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Per RFC 4252, it is required to send back only one of either
SSH_MSG_USERAUTH_PK_OK or SSH_MSG_USERAUTH_FAILURE for public
key probes.
Update the handling of 'auth_pubkey_function' to send back PK_OK
instead of SSH_MSG_USERAUTH_SUCCESS for the case that the state
of the message at hand is SSH_PUBLICKEY_STATE_NONE.
With this change, it is now possible to process an initial key probe
and then subsequent signature validation using the server callbacks.
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Balance 'ssh_event_add_fd' with 'ssh_event_remove_fd' in 'ssh_select'.
BUG: https://red.libssh.org/issues/128
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
