From 8b2d7742b7e0485c4ee3cf099b08b2e7e26a9b09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20R.=20Sede=C3=B1o?= Date: Sat, 6 Feb 2010 17:19:16 -0500 Subject: [PATCH 05/13] Split ssh_gss_* from implementation. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Rename common ssh gssapi functions: ssh_gss_* → ssh_gssapi_* Add function pointers for ssh_gss_* funtions, and include them in the Recipe. Other, misc related changes. --- Recipe | 2 +- pgssapi.c | 2 +- pgssapi.h | 1 + sshgss.c | 6 +++++ sshgss.h | 70 +++++++++++++++++++++++++++++++++++++++++++++++---------- sshgssc.c | 68 +++++++++++++++++++++++++++----------------------------- sshgssc.h | 41 ++++++++++++++++++++++++++++++++- unix/uxgss.c | 4 +++ 8 files changed, 142 insertions(+), 52 deletions(-) create mode 100644 sshgss.c diff --git a/Recipe b/Recipe index 4c9b117..e203e31 100644 --- a/Recipe +++ b/Recipe @@ -261,7 +261,7 @@ NONSSH = telnet raw rlogin ldisc pinger SSH = ssh sshcrc sshdes sshmd5 sshrsa sshrand sshsha sshblowf + sshdh sshcrcda sshpubk sshzlib sshdss x11fwd portfwd + sshaes sshsh256 sshsh512 sshbn wildcard pinger ssharcf - + sshgssc pgssapi + + sshgss sshgssc pgssapi WINSSH = SSH winnoise winpgntc wingss UXSSH = SSH uxnoise uxagentc uxgss MACSSH = SSH macnoise diff --git a/pgssapi.c b/pgssapi.c index bd74f73..4a6e4bf 100644 --- a/pgssapi.c +++ b/pgssapi.c @@ -96,6 +96,6 @@ const_gss_OID GSS_C_NT_EXPORT_NAME = oids+6; static gss_OID_desc gss_mech_krb5_desc = { 9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }; /* iso(1) member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) krb5(2)*/ -static gss_OID const gss_mech_krb5 = &gss_mech_krb5_desc; +const_gss_OID GSS_MECH_KRB5 = &gss_mech_krb5_desc; #endif /*NO_GSSAPI */ diff --git a/pgssapi.h b/pgssapi.h index 85cb79d..cd929cb 100644 --- a/pgssapi.h +++ b/pgssapi.h @@ -280,6 +280,7 @@ extern const_gss_OID GSS_C_NT_HOSTBASED_SERVICE_X; extern const_gss_OID GSS_C_NT_HOSTBASED_SERVICE; extern const_gss_OID GSS_C_NT_ANONYMOUS; extern const_gss_OID GSS_C_NT_EXPORT_NAME; +extern const_gss_OID GSS_MECH_KRB5; #endif /* NO_GSSAPI */ diff --git a/sshgss.c b/sshgss.c new file mode 100644 index 0000000..ccb6376 --- /dev/null +++ b/sshgss.c @@ -0,0 +1,6 @@ +#include "putty.h" + +/* Define function pointers for generic GSSAPI functionality. */ + +#define SSH_GSS_DEFINE_FN +#include "sshgss.h" diff --git a/sshgss.h b/sshgss.h index 2115cb1..454b9dd 100644 --- a/sshgss.h +++ b/sshgss.h @@ -1,4 +1,7 @@ +#ifndef PUTTY_SSHGSS_H +#define PUTTY_SSHGSS_H #include "puttyps.h" +#include "pgssapi.h" #define SSH2_GSS_OIDTYPE 0x06 typedef void *Ssh_gss_ctx; @@ -18,7 +21,26 @@ typedef enum Ssh_gss_stat { (*buf).value = NULL; \ } while (0) -/* Functions, provided by either wingss.c or uxgss.c */ +typedef gss_buffer_desc Ssh_gss_buf; +typedef gss_name_t Ssh_gss_name; + +/* Functions, provided by either wingss.c or sshgssc.c */ + +/* SSH_GSS_DEFINE_FN is defined in sshgss.c, or below, and nowhere + * else. sshgss.c's definition is blank, so it actually defines the + * function pointers; everywhere else they are just externs. + */ +#ifndef SSH_GSS_DEFINE_FN +#define SSH_GSS_DEFINE_FN extern +#endif + + +#define DECL_SSH_GSS_FN(rettype, name, params) \ + typedef rettype (*t_##name) params; \ + SSH_GSS_DEFINE_FN t_##name name + +#define BIND_SSH_GSS_FN(name, type) \ + ssh_gss_##name = ssh_##type##_##name /* * Do startup-time initialisation for using GSSAPI. (On Windows, @@ -37,27 +59,35 @@ int ssh_gss_init(void); * Fills in buf with a string describing the GSSAPI mechanism in * use. buf->data is not dynamically allocated. */ -Ssh_gss_stat ssh_gss_indicate_mech(Ssh_gss_buf *buf); +DECL_SSH_GSS_FN(Ssh_gss_stat, + ssh_gss_indicate_mech, + (Ssh_gss_buf *buf)); /* * Converts a name such as a hostname into a GSSAPI internal form, * which is placed in "out". The result should be freed by * ssh_gss_release_name(). */ -Ssh_gss_stat ssh_gss_import_name(char *in, Ssh_gss_name *out); +DECL_SSH_GSS_FN(Ssh_gss_stat, + ssh_gss_import_name, + (char *in, Ssh_gss_name *out)); /* * Frees the contents of an Ssh_gss_name structure filled in by * ssh_gss_import_name(). */ -Ssh_gss_stat ssh_gss_release_name(Ssh_gss_name *name); +DECL_SSH_GSS_FN(Ssh_gss_stat, + ssh_gss_release_name, + (Ssh_gss_name *name)); /* * The main GSSAPI security context setup function. The "out" * parameter will need to be freed by ssh_gss_free_tok. */ -Ssh_gss_stat ssh_gss_init_sec_context(Ssh_gss_ctx *ctx, Ssh_gss_name name, int delegate, - Ssh_gss_buf *in, Ssh_gss_buf *out); +DECL_SSH_GSS_FN(Ssh_gss_stat, + ssh_gss_init_sec_context, + (Ssh_gss_ctx *ctx, Ssh_gss_name name, int delegate, + Ssh_gss_buf *in, Ssh_gss_buf *out)); /* * Frees the contents of an Ssh_gss_buf filled in by @@ -66,26 +96,34 @@ Ssh_gss_stat ssh_gss_init_sec_context(Ssh_gss_ctx *ctx, Ssh_gss_name name, int d * different free function) or something filled in by any other * way. */ -Ssh_gss_stat ssh_gss_free_tok(Ssh_gss_buf *); +DECL_SSH_GSS_FN(Ssh_gss_stat, + ssh_gss_free_tok, + (Ssh_gss_buf *)); /* * Acquires the credentials to perform authentication in the first * place. Needs to be freed by ssh_gss_release_cred(). */ -Ssh_gss_stat ssh_gss_acquire_cred(Ssh_gss_ctx *); +DECL_SSH_GSS_FN(Ssh_gss_stat, + ssh_gss_acquire_cred, + (Ssh_gss_ctx *)); /* * Frees the contents of an Ssh_gss_ctx filled in by * ssh_gss_acquire_cred(). */ -Ssh_gss_stat ssh_gss_release_cred(Ssh_gss_ctx *); +DECL_SSH_GSS_FN(Ssh_gss_stat, + ssh_gss_release_cred, + (Ssh_gss_ctx *)); /* * Gets a MIC for some input data. "out" needs to be freed by * ssh_gss_free_mic(). */ -Ssh_gss_stat ssh_gss_get_mic(Ssh_gss_ctx ctx, Ssh_gss_buf *in, - Ssh_gss_buf *out); +DECL_SSH_GSS_FN(Ssh_gss_stat, + ssh_gss_get_mic, + (Ssh_gss_ctx ctx, Ssh_gss_buf *in, + Ssh_gss_buf *out)); /* * Frees the contents of an Ssh_gss_buf filled in by @@ -94,7 +132,9 @@ Ssh_gss_stat ssh_gss_get_mic(Ssh_gss_ctx ctx, Ssh_gss_buf *in, * different free function) or something filled in by any other * way. */ -Ssh_gss_stat ssh_gss_free_mic(Ssh_gss_buf *); +DECL_SSH_GSS_FN(Ssh_gss_stat, + ssh_gss_free_mic, + (Ssh_gss_buf *)); /* * Return an error message after authentication failed. The @@ -103,4 +143,8 @@ Ssh_gss_stat ssh_gss_free_mic(Ssh_gss_buf *); * containing one more character which is a trailing NUL. * buf->data should be manually freed by the caller. */ -Ssh_gss_stat ssh_gss_display_status(Ssh_gss_ctx, Ssh_gss_buf *buf); +DECL_SSH_GSS_FN(Ssh_gss_stat, + ssh_gss_display_status, + (Ssh_gss_ctx, Ssh_gss_buf *buf)); + +#endif /*PUTTY_SSHGSS_H*/ diff --git a/sshgssc.c b/sshgssc.c index b64e8d8..6c1be5b 100644 --- a/sshgssc.c +++ b/sshgssc.c @@ -7,31 +7,29 @@ #include "sshgss.h" #include "misc.h" -typedef struct gssapi_ssh_gss_ctx { - OM_uint32 maj_stat; - OM_uint32 min_stat; - gss_ctx_id_t ctx; -} gssapi_ssh_gss_ctx; - -#if 0 -int ssh_gss_init(void) +void ssh_gssapi_bind_fns(void) { - /* Dynamically load gssapi lib here. */ - /* Bind function pointers here. */ - return 0; + BIND_SSH_GSS_FN(indicate_mech, gssapi); + BIND_SSH_GSS_FN(import_name, gssapi); + BIND_SSH_GSS_FN(release_name, gssapi); + BIND_SSH_GSS_FN(init_sec_context, gssapi); + BIND_SSH_GSS_FN(free_tok, gssapi); + BIND_SSH_GSS_FN(acquire_cred, gssapi); + BIND_SSH_GSS_FN(release_cred, gssapi); + BIND_SSH_GSS_FN(get_mic, gssapi); + BIND_SSH_GSS_FN(free_mic, gssapi); + BIND_SSH_GSS_FN(display_status, gssapi); } -#endif -Ssh_gss_stat ssh_gss_indicate_mech(Ssh_gss_buf *mech) +Ssh_gss_stat ssh_gssapi_indicate_mech(Ssh_gss_buf *mech) { /* Copy constant into mech */ - mech->length = putty_gss_mech_krb5->length; - mech->value = putty_gss_mech_krb5->elements; - + mech->length = GSS_MECH_KRB5->length; + mech->value = GSS_MECH_KRB5->elements; return SSH_GSS_OK; } -Ssh_gss_stat ssh_gss_import_name(char *host, +Ssh_gss_stat ssh_gssapi_import_name(char *host, Ssh_gss_name *srv_name) { OM_uint32 min_stat,maj_stat; @@ -51,7 +49,7 @@ Ssh_gss_stat ssh_gss_import_name(char *host, return SSH_GSS_FAILURE; } -Ssh_gss_stat ssh_gss_acquire_cred(Ssh_gss_ctx *ctx) +Ssh_gss_stat ssh_gssapi_acquire_cred(Ssh_gss_ctx *ctx) { gssapi_ssh_gss_ctx *gssctx = snew(gssapi_ssh_gss_ctx); @@ -62,11 +60,11 @@ Ssh_gss_stat ssh_gss_acquire_cred(Ssh_gss_ctx *ctx) return SSH_GSS_OK; } -Ssh_gss_stat ssh_gss_init_sec_context(Ssh_gss_ctx *ctx, - Ssh_gss_name srv_name, - int to_deleg, - Ssh_gss_buf *recv_tok, - Ssh_gss_buf *send_tok) +Ssh_gss_stat ssh_gssapi_init_sec_context(Ssh_gss_ctx *ctx, + Ssh_gss_name srv_name, + int to_deleg, + Ssh_gss_buf *recv_tok, + Ssh_gss_buf *send_tok) { gssapi_ssh_gss_ctx *gssctx = (gssapi_ssh_gss_ctx*) *ctx; OM_uint32 ret_flags; @@ -76,7 +74,7 @@ Ssh_gss_stat ssh_gss_init_sec_context(Ssh_gss_ctx *ctx, GSS_C_NO_CREDENTIAL, &gssctx->ctx, srv_name, - (gss_OID) putty_gss_mech_krb5, + (gss_OID) GSS_MECH_KRB5, GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | to_deleg, 0, @@ -92,7 +90,7 @@ Ssh_gss_stat ssh_gss_init_sec_context(Ssh_gss_ctx *ctx, return SSH_GSS_FAILURE; } -Ssh_gss_stat ssh_gss_display_status(Ssh_gss_ctx ctx, Ssh_gss_buf *buf) +Ssh_gss_stat ssh_gssapi_display_status(Ssh_gss_ctx ctx, Ssh_gss_buf *buf) { gssapi_ssh_gss_ctx *gssctx = (gssapi_ssh_gss_ctx *) ctx; OM_uint32 lmin,lmax; @@ -105,13 +103,13 @@ Ssh_gss_stat ssh_gss_display_status(Ssh_gss_ctx ctx, Ssh_gss_buf *buf) /* get first mesg from GSS */ ccc=0; - lmax=gss_display_status(&lmin,gssctx->maj_stat,GSS_C_GSS_CODE,(gss_OID) putty_gss_mech_krb5,&ccc,&msg_maj); + lmax=gss_display_status(&lmin,gssctx->maj_stat,GSS_C_GSS_CODE,(gss_OID) GSS_MECH_KRB5,&ccc,&msg_maj); if (lmax != GSS_S_COMPLETE) return SSH_GSS_FAILURE; /* get first mesg from Kerberos */ ccc=0; - lmax=gss_display_status(&lmin,gssctx->min_stat,GSS_C_MECH_CODE,(gss_OID) putty_gss_mech_krb5,&ccc,&msg_min); + lmax=gss_display_status(&lmin,gssctx->min_stat,GSS_C_MECH_CODE,(gss_OID) GSS_MECH_KRB5,&ccc,&msg_min); if (lmax != GSS_S_COMPLETE) { gss_release_buffer(&lmin, &msg_maj); @@ -133,7 +131,7 @@ Ssh_gss_stat ssh_gss_display_status(Ssh_gss_ctx ctx, Ssh_gss_buf *buf) return SSH_GSS_OK; } -Ssh_gss_stat ssh_gss_free_tok(Ssh_gss_buf *send_tok) +Ssh_gss_stat ssh_gssapi_free_tok(Ssh_gss_buf *send_tok) { OM_uint32 min_stat,maj_stat; maj_stat = gss_release_buffer(&min_stat, send_tok); @@ -142,7 +140,7 @@ Ssh_gss_stat ssh_gss_free_tok(Ssh_gss_buf *send_tok) return SSH_GSS_FAILURE; } -Ssh_gss_stat ssh_gss_release_cred(Ssh_gss_ctx *ctx) +Ssh_gss_stat ssh_gssapi_release_cred(Ssh_gss_ctx *ctx) { gssapi_ssh_gss_ctx *gssctx = (gssapi_ssh_gss_ctx *) *ctx; OM_uint32 min_stat; @@ -158,7 +156,7 @@ Ssh_gss_stat ssh_gss_release_cred(Ssh_gss_ctx *ctx) } -Ssh_gss_stat ssh_gss_release_name(Ssh_gss_name *srv_name) +Ssh_gss_stat ssh_gssapi_release_name(Ssh_gss_name *srv_name) { OM_uint32 min_stat,maj_stat; maj_stat = gss_release_name(&min_stat, srv_name); @@ -167,15 +165,15 @@ Ssh_gss_stat ssh_gss_release_name(Ssh_gss_name *srv_name) return SSH_GSS_FAILURE; } -Ssh_gss_stat ssh_gss_get_mic(Ssh_gss_ctx ctx, Ssh_gss_buf *buf, - Ssh_gss_buf *hash) +Ssh_gss_stat ssh_gssapi_get_mic(Ssh_gss_ctx ctx, Ssh_gss_buf *buf, + Ssh_gss_buf *hash) { gssapi_ssh_gss_ctx *gssctx = (gssapi_ssh_gss_ctx *) ctx; if (gssctx == NULL) return SSH_GSS_FAILURE; return gss_get_mic(&(gssctx->min_stat), gssctx->ctx, 0, buf, hash); } -Ssh_gss_stat ssh_gss_free_mic(Ssh_gss_buf *hash) +Ssh_gss_stat ssh_gssapi_free_mic(Ssh_gss_buf *hash) { /* On Unix this is the same freeing process as ssh_gss_free_tok. */ return ssh_gss_free_tok(hash); @@ -186,9 +184,9 @@ Ssh_gss_stat ssh_gss_free_mic(Ssh_gss_buf *hash) /* Dummy function so this source file defines something if NO_GSSAPI is defined. */ -int ssh_gss_init(void) +int ssh_gssapi_init(void) { - return 1; + return 0; } #endif diff --git a/sshgssc.h b/sshgssc.h index 659d149..5065a7f 100644 --- a/sshgssc.h +++ b/sshgssc.h @@ -4,9 +4,46 @@ #ifndef NO_GSSAPI #include "pgssapi.h" +#include "sshgss.h" -typedef gss_buffer_desc Ssh_gss_buf; -typedef gss_name_t Ssh_gss_name; +typedef struct gssapi_ssh_gss_ctx { + OM_uint32 maj_stat; + OM_uint32 min_stat; + gss_ctx_id_t ctx; +} gssapi_ssh_gss_ctx; + +void ssh_gssapi_bind_fns(void); + +Ssh_gss_stat ssh_gssapi_indicate_mech(Ssh_gss_buf *mech); + +Ssh_gss_stat ssh_gssapi_import_name(char *host, + Ssh_gss_name *srv_name); + +Ssh_gss_stat ssh_gssapi_acquire_cred(Ssh_gss_ctx *ctx); + +Ssh_gss_stat ssh_gssapi_init_sec_context(Ssh_gss_ctx *ctx, + Ssh_gss_name srv_name, + int to_deleg, + Ssh_gss_buf *recv_tok, + Ssh_gss_buf *send_tok); + +Ssh_gss_stat ssh_gssapi_display_status(Ssh_gss_ctx ctx, Ssh_gss_buf *buf); + +Ssh_gss_stat ssh_gssapi_free_tok(Ssh_gss_buf *send_tok); + +Ssh_gss_stat ssh_gssapi_release_cred(Ssh_gss_ctx *ctx); + +Ssh_gss_stat ssh_gssapi_release_name(Ssh_gss_name *srv_name); + +Ssh_gss_stat ssh_gssapi_get_mic(Ssh_gss_ctx ctx, Ssh_gss_buf *buf, + Ssh_gss_buf *hash); + +Ssh_gss_stat ssh_gssapi_free_mic(Ssh_gss_buf *hash); + + +#else + +int ssh_gssapi_init(void); #endif /*NO_GSSAPI*/ diff --git a/unix/uxgss.c b/unix/uxgss.c index 57ef37c..d421287 100644 --- a/unix/uxgss.c +++ b/unix/uxgss.c @@ -1,6 +1,8 @@ #ifndef NO_GSSAPI #include "putty.h" #include "pgssapi.h" +#include "sshgss.h" +#include "sshgssc.h" /* Unix specific GSSAPI code */ @@ -25,6 +27,8 @@ int ssh_gss_init(void) BIND_GSS_FN(gsslib, gss_release_buffer); BIND_GSS_FN(gsslib, gss_release_cred); BIND_GSS_FN(gsslib, gss_release_name); + + ssh_gssapi_bind_fns(); return 1; } return 0; -- 1.6.6