gss-clnt.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* Copyright 2004 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#include "includes.h"
#ifdef GSSAPI
#pragma ident "%Z%%M% %I% %E% SMI"
#include "ssh.h"
#include "ssh2.h"
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
#include "packet.h"
#include "compat.h"
#include "cipher.h"
#include "kex.h"
#include "log.h"
#include "compat.h"
#include "monitor_wrap.h"
#include <netdb.h>
#include "ssh-gss.h"
void
{
}
void
{
int i;
if (!mechs)
return;
debug("No GSS-API mechanisms are installed");
return;
}
debug("Failed to allocate resources (%s) for GSS-API",
return;
}
debug("Failed to acquire GSS-API credentials for any "
"mechanisms (%s)",
return;
}
if (ssh_gssapi_is_spnego(mech))
continue;
if (!ctxt)
continue;
/*
* This is useful for mechs like Kerberos, which can
* detect unknown target princs here, but not for
* mechs like SPKM, which cannot detect unknown princs
* until context tokens are actually exchanged.
*
* 'Twould be useful to have a test that could save us
* the bother of trying this for SPKM and the such...
*/
debug("Skipping GSS-API mechanism %s (%s)",
continue;
}
debug("Failed to allocate resources (%s) for GSS-API",
}
}
/* Wrapper to init_sec_context
* Requires that the context contains:
* oid
* server name (from ssh_gssapi_import_name)
*/
{
if (deleg_creds) {
debug("Delegating GSS-API credentials");
}
/* Build target principal */
0, /* default lifetime */
NULL, /* no channel bindings */
NULL, /* actual mech type */
NULL); /* actual lifetime */
}
#endif /* GSSAPI */