- markus@cvs.openbsd.org 2003/11/14 13:19:09

[sshconnect2.c] cleanup and minor fixes for the client code; from Simon Wilkinson
2003-11-17 21:20:18 +11:00 · 2003-11-17 21:20:18 +11:00 · 91c6aa4468
parent fe44847cb8
commit 91c6aa4468
2 changed files with 40 additions and 45 deletions
--- a/5
+++ b/5
@ -37,6 +37,9 @@
   - jmc@cvs.openbsd.org 2003/11/12 20:14:51
     [ssh_config.5]
     make verb agree with subject, and kill some whitespace;
+   - markus@cvs.openbsd.org 2003/11/14 13:19:09
+     [sshconnect2.c]
+     cleanup and minor fixes for the client code; from Simon Wilkinson

 20031115
 - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and
@ -1457,4 +1460,4 @@
 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
   Report from murple@murple.net, diagnosis from dtucker@zip.com.au

-$Id: ChangeLog,v 1.3107 2003/11/17 10:19:49 djm Exp $
+$Id: ChangeLog,v 1.3108 2003/11/17 10:20:18 djm Exp $
--- a/sshconnect2.c
+++ b/sshconnect2.c
@ -23,7 +23,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.129 2003/11/02 11:01:03 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.130 2003/11/14 13:19:09 markus Exp $");

 #include "openbsd-compat/sys-queue.h"

@ -537,15 +537,44 @@ userauth_gssapi(Authctxt *authctxt)
 	return 1;
 }

+static OM_uint32
+process_gssapi_token(void *ctxt, gss_buffer_t recv_tok)
+{
+	Authctxt *authctxt = ctxt;
+	Gssctxt *gssctxt = authctxt->methoddata;
+	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
+	OM_uint32 status, ms;
+	
+	status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
+	    recv_tok, &send_tok, NULL);
+
+	if (send_tok.length > 0) {
+		if (GSS_ERROR(status))
+			packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
+		else
+			packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
+			
+		packet_put_string(send_tok.value, send_tok.length);
+		packet_send();
+		gss_release_buffer(&ms, &send_tok);
+	}
+	
+	if (status == GSS_S_COMPLETE) {
+		/* If that succeeded, send a exchange complete message */
+		packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
+		packet_send();
+	}
+	
+	return status;
+}
+
 void
 input_gssapi_response(int type, u_int32_t plen, void *ctxt)
 {
 	Authctxt *authctxt = ctxt;
 	Gssctxt *gssctxt;
-	OM_uint32 status, ms;
 	int oidlen;
 	char *oidv;
-	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;

 	if (authctxt == NULL)
 		fatal("input_gssapi_response: no authentication context");
@ -557,9 +586,9 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
 	if (oidlen <= 2 ||
 	    oidv[0] != SSH_GSS_OIDTYPE ||
 	    oidv[1] != oidlen - 2) {
+		xfree(oidv);
 		debug("Badly encoded mechanism OID received");
 		userauth(authctxt, NULL);
-		xfree(oidv);
 		return;
 	}

@ -570,76 +599,39 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)

 	xfree(oidv);

-	status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
-	    GSS_C_NO_BUFFER, &send_tok, NULL);
-	if (GSS_ERROR(status)) {
-		if (send_tok.length > 0) {
-			packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
-			packet_put_string(send_tok.value, send_tok.length);
-			packet_send();
-			gss_release_buffer(&ms, &send_tok);
-		}
+	if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) {
 		/* Start again with next method on list */
 		debug("Trying to start again");
 		userauth(authctxt, NULL);
 		return;
 	}
-
-	/* We must have data to send */
-	packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
-	packet_put_string(send_tok.value, send_tok.length);
-	packet_send();
-	gss_release_buffer(&ms, &send_tok);
 }

 void
 input_gssapi_token(int type, u_int32_t plen, void *ctxt)
 {
 	Authctxt *authctxt = ctxt;
-	Gssctxt *gssctxt;
-	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
 	gss_buffer_desc recv_tok;
-	OM_uint32 status, ms;
+	OM_uint32 status;
 	u_int slen;

 	if (authctxt == NULL)
 		fatal("input_gssapi_response: no authentication context");
-	gssctxt = authctxt->methoddata;

 	recv_tok.value = packet_get_string(&slen);
 	recv_tok.length = slen;	/* safe typecast */

 	packet_check_eom();

-	status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
-	    &recv_tok, &send_tok, NULL);
+	status = process_gssapi_token(ctxt, &recv_tok);

 	xfree(recv_tok.value);

 	if (GSS_ERROR(status)) {
-		if (send_tok.length > 0) {
-			packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
-			packet_put_string(send_tok.value, send_tok.length);
-			packet_send();
-			gss_release_buffer(&ms, &send_tok);
-		}
 		/* Start again with the next method in the list */
 		userauth(authctxt, NULL);
 		return;
 	}
-
-	if (send_tok.length > 0) {
-		packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
-		packet_put_string(send_tok.value, send_tok.length);
-		packet_send();
-		gss_release_buffer(&ms, &send_tok);
-	}
-
-	if (status == GSS_S_COMPLETE) {
-		/* If that succeeded, send a exchange complete message */
-		packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
-		packet_send();
-	}
 }

 void