if (ctx->client_creds)
debug("Received some client credentials");
- else
+ else if (ctx->major == GSS_S_COMPLETE)
debug("Got no client credentials");
status = ctx->major;
debug("No suitable client data");
return 0;
}
- if (GSS_ERROR(gss_userok(&lmin, gssapi_client.name, user, &userok)) ||
- userok == 0) {
+
+ userok = gss_userok(gssapi_client.name, user);
+ if (userok) {
+ gssapi_client.used = 1;
+ gssapi_client.store.owner = pw;
+ } else {
/* Destroy delegated credentials if userok fails */
gss_release_buffer(&lmin, &gssapi_client.displayname);
gss_release_buffer(&lmin, &gssapi_client.exportedname);
gss_release_name(&lmin, &gssapi_client.name);
gss_release_cred(&lmin, &gssapi_client.creds);
memset(&gssapi_client, 0, sizeof(ssh_gssapi_client));
- return 0;
- }
-
- if (userok) {
- gssapi_client.used = 1;
- gssapi_client.store.owner = pw;
}
return (userok);
}
-#endif
+/* Priviledged */
+OM_uint32
+ssh_gssapi_localname(char **user)
+{
+ OM_uint32 major_status, lmin;
+ uid_t uid;
+ struct passwd *pw;
+
+ major_status = gss_pname_to_uid(&lmin, gssapi_client.name,
+ GSS_C_NO_OID, &uid);
+ if (GSS_ERROR(major_status))
+ return (major_status);
+
+ pw = getpwuid(uid);
+ if (pw == NULL)
+ return (GSS_S_BAD_NAME);
+
+ *user = xstrdup(pw->pw_name);
+
+ return (GSS_S_COMPLETE);
+}
+#endif /* GSSAPI */
projects / openssh.git / blobdiff