shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-06 10:27:22 +09:00
Code Issues Packages Projects Releases Wiki Activity
5,307 Commits 12 Branches 62 Tags
286a706394bccaabf47b2cf8b722df1fc28e3f08
Commit Graph

61 Commits

Author SHA1 Message Date
Andreas Schneider
b719f705c6 gssapi: Use SSH_BUFFER_FREE() 
Fixes T183

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
3b8fcbad24 gssapi: Use SSH_STRING_FREE() 
Fixes T183

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
da81b99df1 gssapi: Make sure buffer is initialized 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
6b8ab4bcd2 SSH-01-006: Add missing NULL check in ssh_gssapi_handle_userauth() 
Fixes T193

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
af2ea417da SSH-01-006: Add missing NULL check in ssh_gssapi_handle_userauth() 
Fixes T193

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
c7172c183f SSH-01-006: Add missing NULL check in ssh_gssapi_build_mic() 
Fixes T193

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
33cca875c2 SSH-01-006: Add missing NULL check in ssh_gssapi_oid_from_string() 
Fixes T193

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
7588979977 SSH-01-006: Add missing ENOMEM check in ssh_gssapi_auth_mic() 
Fixes T193

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-12-09 16:08:03 +01:00
Andreas Schneider
643ca67f88 gssapi: Add missing malloc checks 
Fixes T141

Reported-By: Ramin Farajpour Cami
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-04-29 13:17:21 +02:00
Jakub Jelen
8e0c047031 packet: Introduce a new function to access crypto 
And remove most of the direct access to the structure throughout the code

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Meng Tan
bce8d56705 gssapi: Set correct state after sending GSSAPI_RESPONSE (select mechanism OID) 
Signed-off-by: Meng Tan <mtan@wallix.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-26 07:28:20 +02:00
Andreas Schneider
7e5291668c gssapi: Check return code of gss_indicate_mechs() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-24 09:48:35 +02:00
Andreas Schneider
bb081f6681 gssapi: Ignore return codes of gss_release_buffer() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-24 09:48:35 +02:00
Anderson Toshiyuki Sasaki
5d7414467d CVE-2018-10933: Set correct state after sending MIC 
After sending the client token, the auth state is set as
SSH_AUTH_STATE_GSSAPI_MIC_SENT.  Then this can be expected to be the
state when a USERAUTH_FAILURE or USERAUTH_SUCCESS arrives.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-16 09:19:03 +02:00
Andreas Schneider
73c9d60e5a session: Group auth variables in a struct 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-08-27 09:30:24 +02:00
Andreas Schneider
64a354159f gssapi: Fix size types 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-08-22 08:54:59 +02:00
Anderson Toshiyuki Sasaki
18dd902307 gssapi: set error state when GSSAPI auth fails 
When errors occurred, the session auth state was not being updated,
leading to failures due to the wrong state in following authentication
methods.

Fixes T56

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-08-06 10:48:16 +02:00
Pino Toscano
67ffe26dea Remove extra newlines from log/error messages 
Signed-off-by: Pino Toscano <ptoscano@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-10-22 16:05:32 +02:00
Andreas Schneider
83421c0e8c gssapi: Use correct return code in ssh_gssapi_auth_mic() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-10-06 18:36:54 +02:00
Andreas Schneider
095733ed9c gssapi: Print minor stat in error logging function 
This also releases the memory allocated for the messages.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-10-06 18:22:26 +02:00
Fabiano Fidêncio
d1d003c232 buffer: use ssh_buffer_get() instead of ssh_buffer_get_begin() 
This commit is a preparatory stage for removing ssh_buffer_get_begin().
Note that removing ssh_buffer_get_begin() doesn't break API
compatibility, as this functions has never been exposed (it only has the
LIBSSH_API prefix).

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-01-19 11:31:08 +01:00
Fabiano Fidêncio
e368d01385 cleanup: use ssh_ prefix in the packet (non-static) functions 
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-01-19 11:31:07 +01:00
Fabiano Fidêncio
adc8c20ac1 cleanup: use ssh_ prefix in the buffer (non-static) functions 
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-01-19 11:31:07 +01:00
Stef Walter
cd2dc3770a gssapi: ssh_gssapi_set_creds() is a client side function 
It should not be guarded by the WITH_SERVER #ifdef

Signed-off-by: Stef Walter <stefw@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2014-10-12 15:41:15 +02:00
Aris Adamantiadis
3703389feb buffers: adapt gssapi.c to ssh_buffer_(un)pack() 2014-08-06 09:46:14 +02:00
Andreas Schneider
cb9786b3ae src: Rename buffer_add_data() to ssh_buffer_add_data(). 2014-01-19 20:55:55 +01:00
Andreas Schneider
9c4144689d src: Rename buffer_init to ssh_buffer_init(). 2014-01-19 20:43:29 +01:00
Aris Adamantiadis
d8ead516de gssapi: fix logging 2013-11-18 15:11:26 +01:00
Simo Sorce
66e7e7023b gssapi: Fix support of delegated credentials 
In a previous refactoring patch, the code underpinning the
ssh_gssapi_set_creds() API was inadvertently removed. This patch
fixes the problem.

Also clarify what variable holds which credentials and insure that
credentials created within the library are propelry freed.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2013-11-15 23:32:20 -05:00
Simo Sorce
b4fc5d9524 gssapi: Add support for GSSAPIDelegateCredentials config option. 
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2013-11-15 16:53:59 -05:00
Andreas Schneider
c2312f9dda gssapi: Add error checks and cleanup the code in ssh_gssapi_auth_mic(). 2013-11-15 16:28:49 +01:00
Simo Sorce
440d2ec0ea gssapi: Use GSSAPIClientIdentity to acquire creds 
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2013-11-15 16:19:28 +01:00
Andreas Schneider
41d99d32e8 gssapi: Add suppport to set GSSAPI server identity. 2013-11-15 15:50:09 +01:00
Simo Sorce
c481f9dafd Fix gssapi credential handling. 
- Properly acquire and inquitre credentials to get the list of available
credentials.
- Avoid enforcing a specific username it breaks some use cases (k5login).
- Remove confusing references to delegated credentials as there is no code
that actually uses delegated credentials in the initialization case.

Signed-off-by: Siom Sorce <simo@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2013-11-15 14:49:29 +01:00
Andreas Schneider
38420bff76 gssapi: Fix a build warning if we build without server support. 2013-07-25 10:01:38 +02:00
Andreas Schneider
6a83f9a044 gssapi: Fix include with Heimdal. 2013-07-24 20:41:41 +02:00
Andreas Schneider
e1280ce153 gssapi: Fix a memory leak in ssh_gssapi_auth_mic(). 
CID: 1046708
 2013-07-23 12:27:55 +02:00
Andreas Schneider
df81a05505 cmake: Check for unistd.h. 2013-07-23 10:44:51 +02:00
Andreas Schneider
d1bbc35f33 gssapi: Add brackets in ssh_packet_userauth_gssapi_mic(). 2013-07-21 11:03:00 +02:00
Andreas Schneider
f458055e9c gssapi: Cleanup ssh_gssapi_set_creds(). 2013-07-21 10:58:30 +02:00
Andreas Schneider
4103358daa gssapi: Replace printf with SSH_LOG. 2013-07-21 10:56:47 +02:00
Andreas Schneider
0138c9fd59 gssapi: Refactor ssh_gssapi_send_mic() to not leak memory. 
CID #0
 2013-07-14 15:02:05 +02:00
Andreas Schneider
831ed08a56 gssapi: Check return values of buffer functions. 
CID #0
 2013-07-14 15:02:02 +02:00
Andreas Schneider
1467e0782e gssapi: Remove dead code. 
CID #0
 2013-07-14 15:01:59 +02:00
Andreas Schneider
ecec2abfc7 gssapi: Refactor ssh_gssapi_build_mic() to avoid memory leaks. 
CID #0
 2013-07-14 15:01:57 +02:00
Andreas Schneider
8f0b6ccd66 gssapi: Fix a possible memory leak. 
CID #0
 2013-07-14 15:01:55 +02:00
Andreas Schneider
b4790fbdd2 gssapi: Fix a memory leak. 
CID #0
 2013-07-14 15:01:52 +02:00
Andreas Schneider
ebdd0c6ac1 src: Migrate to SSH_LOG. 2013-07-14 12:44:26 +02:00
Aris Adamantiadis
ad92740dc3 server: Fix compilation without WITH_SERVER 2013-07-14 09:30:59 +02:00
Aris Adamantiadis
c44029e5ce gssapi: Fix indentation. 
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2013-07-13 15:23:33 +02:00