diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2013-07-14 12:29:45 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2013-07-14 12:44:26 +0200 |
commit | ebdd0c6ac195971178db8d5515c77d737d01b5fe (patch) | |
tree | fed7e82607a6284e0b52bb612317a23d414736a1 /src/gssapi.c | |
parent | dcd94de076eb8d68885eda4210a69e3716cb95b5 (diff) | |
download | libssh-ebdd0c6ac195971178db8d5515c77d737d01b5fe.tar.gz libssh-ebdd0c6ac195971178db8d5515c77d737d01b5fe.tar.xz libssh-ebdd0c6ac195971178db8d5515c77d737d01b5fe.zip |
src: Migrate to SSH_LOG.
Diffstat (limited to 'src/gssapi.c')
-rw-r--r-- | src/gssapi.c | 88 |
1 files changed, 44 insertions, 44 deletions
diff --git a/src/gssapi.c b/src/gssapi.c index 163febe..23a9c1a 100644 --- a/src/gssapi.c +++ b/src/gssapi.c @@ -116,18 +116,18 @@ static int ssh_gssapi_send_response(ssh_session session, ssh_string oid){ } packet_send(session); - ssh_log(session, SSH_LOG_PACKET, + SSH_LOG(SSH_LOG_PACKET, "Sent SSH_MSG_USERAUTH_GSSAPI_RESPONSE"); return SSH_OK; } #endif /* WITH_SERVER */ -static void ssh_gssapi_log_error(ssh_session session, int verb, const char *msg, int maj_stat){ +static void ssh_gssapi_log_error(int verb, const char *msg, int maj_stat){ gss_buffer_desc buffer; OM_uint32 dummy, message_context; gss_display_status(&dummy,maj_stat,GSS_C_GSS_CODE, GSS_C_NO_OID, &message_context, &buffer); - ssh_log(session, verb, "GSSAPI(%s): %s", msg, (const char *)buffer.value); + SSH_LOG(verb, "GSSAPI(%s): %s", msg, (const char *)buffer.value); } #ifdef WITH_SERVER @@ -178,7 +178,7 @@ int ssh_gssapi_handle_userauth(ssh_session session, const char *user, uint32_t n unsigned char *oid_s = (unsigned char *) ssh_string_data(oids[i]); size_t len = ssh_string_len(oids[i]); if(len < 2 || oid_s[0] != SSH_OID_TAG || ((size_t)oid_s[1]) != len - 2){ - ssh_log(session,SSH_LOG_WARNING,"GSSAPI: received invalid OID"); + SSH_LOG(SSH_LOG_WARNING,"GSSAPI: received invalid OID"); continue; } oid.elements = &oid_s[2]; @@ -191,7 +191,7 @@ int ssh_gssapi_handle_userauth(ssh_session session, const char *user, uint32_t n } gss_release_oid_set(&min_stat, &supported); if (oid_count == 0){ - ssh_log(session,SSH_LOG_PROTOCOL,"GSSAPI: no OID match"); + SSH_LOG(SSH_LOG_PROTOCOL,"GSSAPI: no OID match"); ssh_auth_reply_default(session, 0); gss_release_oid_set(&min_stat, &both_supported); return SSH_OK; @@ -205,8 +205,8 @@ int ssh_gssapi_handle_userauth(ssh_session session, const char *user, uint32_t n maj_stat = gss_import_name(&min_stat, &name_buf, (gss_OID) GSS_C_NT_HOSTBASED_SERVICE, &server_name); if (maj_stat != GSS_S_COMPLETE) { - ssh_log(session, 0, "importing name %d, %d", maj_stat, min_stat); - ssh_gssapi_log_error(session, 0, "importing name", maj_stat); + SSH_LOG(0, "importing name %d, %d", maj_stat, min_stat); + ssh_gssapi_log_error(0, "importing name", maj_stat); return -1; } @@ -217,27 +217,27 @@ int ssh_gssapi_handle_userauth(ssh_session session, const char *user, uint32_t n gss_release_oid_set(&min_stat, &both_supported); if (maj_stat != GSS_S_COMPLETE) { - ssh_log(session, 0, "error acquiring credentials %d, %d", maj_stat, min_stat); - ssh_gssapi_log_error(session, 0, "acquiring creds", maj_stat); + SSH_LOG(0, "error acquiring credentials %d, %d", maj_stat, min_stat); + ssh_gssapi_log_error(0, "acquiring creds", maj_stat); ssh_auth_reply_default(session,0); return SSH_ERROR; } - ssh_log(session, 0, "acquiring credentials %d, %d", maj_stat, min_stat); + SSH_LOG(0, "acquiring credentials %d, %d", maj_stat, min_stat); /* finding which OID from client we selected */ for (i=0 ; i< n_oid ; ++i){ unsigned char *oid_s = (unsigned char *) ssh_string_data(oids[i]); size_t len = ssh_string_len(oids[i]); if(len < 2 || oid_s[0] != SSH_OID_TAG || ((size_t)oid_s[1]) != len - 2){ - ssh_log(session,SSH_LOG_WARNING,"GSSAPI: received invalid OID"); + SSH_LOG(SSH_LOG_WARNING,"GSSAPI: received invalid OID"); continue; } oid.elements = &oid_s[2]; oid.length = len - 2; gss_test_oid_set_member(&min_stat,&oid,selected,&present); if(present){ - ssh_log(session, SSH_LOG_PACKET, "Selected oid %d", i); + SSH_LOG(SSH_LOG_PACKET, "Selected oid %d", i); break; } } @@ -257,12 +257,12 @@ int ssh_gssapi_handle_userauth(ssh_session session, const char *user, uint32_t n #endif /* WITH_SERVER */ -static char * ssh_gssapi_name_to_char(ssh_session session, gss_name_t name){ +static char * ssh_gssapi_name_to_char(gss_name_t name){ gss_buffer_desc buffer; OM_uint32 maj_stat, min_stat; char *ptr; maj_stat = gss_display_name(&min_stat, name, &buffer, NULL); - ssh_gssapi_log_error(session, 0, "converting name", maj_stat); + ssh_gssapi_log_error(0, "converting name", maj_stat); ptr=malloc(buffer.length + 1); memcpy(ptr, buffer.value, buffer.length); ptr[buffer.length] = '\0'; @@ -285,7 +285,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){ (void)user; (void)type; - ssh_log(session, SSH_LOG_PACKET,"Received SSH_MSG_USERAUTH_GSSAPI_TOKEN"); + SSH_LOG(SSH_LOG_PACKET,"Received SSH_MSG_USERAUTH_GSSAPI_TOKEN"); if (!session->gssapi || session->gssapi->state != SSH_GSSAPI_STATE_RCV_TOKEN){ ssh_set_error(session, SSH_FATAL, "Received SSH_MSG_USERAUTH_GSSAPI_TOKEN in invalid state"); return SSH_PACKET_USED; @@ -318,7 +318,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){ return SSH_PACKET_USED; } hexa = ssh_get_hexa(ssh_string_data(token),ssh_string_len(token)); - ssh_log(session, SSH_LOG_PACKET, "GSSAPI Token : %s",hexa); + SSH_LOG(SSH_LOG_PACKET, "GSSAPI Token : %s",hexa); SAFE_FREE(hexa); input_token.length = ssh_string_len(token); input_token.value = ssh_string_data(token); @@ -326,14 +326,14 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){ maj_stat = gss_accept_sec_context(&min_stat, &session->gssapi->ctx, session->gssapi->server_creds, &input_token, input_bindings, &client_name, NULL /*mech_oid*/, &output_token, &ret_flags, NULL /*time*/, &session->gssapi->client_creds); - ssh_gssapi_log_error(session, 0, "accepting token", maj_stat); + ssh_gssapi_log_error(0, "accepting token", maj_stat); ssh_string_free(token); if (client_name != GSS_C_NO_NAME){ session->gssapi->client_name = client_name; - session->gssapi->canonic_user = ssh_gssapi_name_to_char(session, client_name); + session->gssapi->canonic_user = ssh_gssapi_name_to_char(client_name); } if (GSS_ERROR(maj_stat)){ - ssh_gssapi_log_error(session, SSH_LOG_PROTOCOL, "Gssapi error", maj_stat); + ssh_gssapi_log_error(SSH_LOG_PROTOCOL, "Gssapi error", maj_stat); ssh_auth_reply_default(session,0); ssh_gssapi_free(session); session->gssapi=NULL; @@ -342,7 +342,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){ if (output_token.length != 0){ hexa = ssh_get_hexa(output_token.value, output_token.length); - ssh_log(session, SSH_LOG_PACKET, "GSSAPI: sending token %s",hexa); + SSH_LOG(SSH_LOG_PACKET, "GSSAPI: sending token %s",hexa); SAFE_FREE(hexa); token = ssh_string_new(output_token.length); ssh_string_fill(token, output_token.value, output_token.length); @@ -399,7 +399,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_mic){ (void)user; (void)type; - ssh_log(session, SSH_LOG_PACKET,"Received SSH_MSG_USERAUTH_GSSAPI_MIC"); + SSH_LOG(SSH_LOG_PACKET,"Received SSH_MSG_USERAUTH_GSSAPI_MIC"); mic_token = buffer_get_ssh_string(packet); if (!mic_token){ ssh_set_error(session, SSH_FATAL, "Missing MIC in packet"); @@ -428,8 +428,8 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_mic){ mic_token_buf.value = ssh_string_data(mic_token); maj_stat = gss_verify_mic(&min_stat, session->gssapi->ctx, &mic_buf, &mic_token_buf, NULL); - ssh_gssapi_log_error(session, 0, "verifying MIC", maj_stat); - ssh_gssapi_log_error(session, 0, "verifying MIC (min stat)", min_stat); + ssh_gssapi_log_error(0, "verifying MIC", maj_stat); + ssh_gssapi_log_error(0, "verifying MIC (min stat)", min_stat); if (maj_stat == GSS_S_DEFECTIVE_TOKEN || GSS_ERROR(maj_stat)) goto error; } @@ -571,7 +571,7 @@ static int ssh_gssapi_match(ssh_session session, char *hostname, char *username, maj_stat = gss_indicate_mechs(&min_stat, &supported); for (i=0; i < supported->count; ++i){ ptr=ssh_get_hexa(supported->elements[i].elements, supported->elements[i].length); - ssh_log(session, SSH_LOG_DEBUG, "GSSAPI oid supported %d : %s\n",i, ptr); + SSH_LOG(SSH_LOG_DEBUG, "GSSAPI oid supported %d : %s\n",i, ptr); SAFE_FREE(ptr); } @@ -580,8 +580,8 @@ static int ssh_gssapi_match(ssh_session session, char *hostname, char *username, maj_stat = gss_import_name(&min_stat, &user_namebuf, (gss_OID) GSS_C_NT_USER_NAME, &user_name); if (maj_stat != GSS_S_COMPLETE) { - ssh_log(session, SSH_LOG_DEBUG, "importing name %d, %d", maj_stat, min_stat); - ssh_gssapi_log_error(session, SSH_LOG_DEBUG, "importing name", maj_stat); + SSH_LOG(SSH_LOG_DEBUG, "importing name %d, %d", maj_stat, min_stat); + ssh_gssapi_log_error(SSH_LOG_DEBUG, "importing name", maj_stat); return -1; } @@ -591,8 +591,8 @@ static int ssh_gssapi_match(ssh_session session, char *hostname, char *username, maj_stat = gss_import_name(&min_stat, &host_namebuf, (gss_OID) GSS_C_NT_HOSTBASED_SERVICE, &host_name); if (maj_stat != GSS_S_COMPLETE) { - ssh_log(session, 0, "importing name %d, %d", maj_stat, min_stat); - ssh_gssapi_log_error(session, 0, "importing name", maj_stat); + SSH_LOG(0, "importing name %d, %d", maj_stat, min_stat); + ssh_gssapi_log_error(0, "importing name", maj_stat); return -1; } @@ -611,7 +611,7 @@ static int ssh_gssapi_match(ssh_session session, char *hostname, char *username, if (session->gssapi->client.client_deleg_creds != GSS_C_NO_CREDENTIAL){ /* we know the oid is ok since init_sec_context worked */ gss_add_oid_set_member(&min_stat, oid, valid_oids); - ssh_log(session, SSH_LOG_PROTOCOL, "Matched oid %u for server (with forwarding)", i); + SSH_LOG(SSH_LOG_PROTOCOL, "Matched oid %u for server (with forwarding)", i); } else { gss_create_empty_oid_set(&min_stat, &tmp); gss_add_oid_set_member(&min_stat, oid, &tmp); @@ -622,7 +622,7 @@ static int ssh_gssapi_match(ssh_session session, char *hostname, char *username, if (!GSS_ERROR(maj_stat)){ gss_release_cred(&min_stat, &client_creds); gss_add_oid_set_member(&min_stat,oid,valid_oids); - ssh_log(session, SSH_LOG_PROTOCOL, "Matched oid %u for server", i); + SSH_LOG(SSH_LOG_PROTOCOL, "Matched oid %u for server", i); } } } @@ -651,14 +651,14 @@ int ssh_gssapi_auth_mic(ssh_session session){ return SSH_AUTH_ERROR; - ssh_log(session,SSH_LOG_PROTOCOL, "Authenticating with gssapi to host %s with user %s", + SSH_LOG(SSH_LOG_PROTOCOL, "Authenticating with gssapi to host %s with user %s", session->opts.host, session->opts.username); rc = ssh_gssapi_match(session,session->opts.host, session->opts.username, &selected, 0); if (rc == SSH_ERROR) return SSH_AUTH_DENIED; n_oids = selected->count; - ssh_log(session, SSH_LOG_PROTOCOL, "Sending %d oids", n_oids); + SSH_LOG(SSH_LOG_PROTOCOL, "Sending %d oids", n_oids); oids = calloc(n_oids, sizeof(ssh_string)); @@ -709,7 +709,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){ (void)type; (void)user; - ssh_log(session, SSH_LOG_PACKET, "Received SSH_USERAUTH_GSSAPI_RESPONSE"); + SSH_LOG(SSH_LOG_PACKET, "Received SSH_USERAUTH_GSSAPI_RESPONSE"); if (session->auth_state != SSH_AUTH_STATE_GSSAPI_REQUEST_SENT){ ssh_set_error(session, SSH_FATAL, "Invalid state in ssh_packet_userauth_gssapi_response"); return SSH_PACKET_USED; @@ -735,7 +735,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){ &session->gssapi->client_creds, NULL, NULL); gss_release_oid_set(&min_stat, &tmp); if (GSS_ERROR(maj_stat)){ - ssh_gssapi_log_error(session,SSH_LOG_WARNING,"Error acquiring credentials",maj_stat); + ssh_gssapi_log_error(SSH_LOG_WARNING,"Error acquiring credentials",maj_stat); return SSH_PACKET_USED; } } @@ -745,12 +745,12 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){ GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | (deleg ? GSS_C_DELEG_FLAG : 0), 0, NULL, &input_token, NULL, &output_token, NULL, NULL); if(GSS_ERROR(maj_stat)){ - ssh_gssapi_log_error(session, SSH_LOG_WARNING, "Initializing gssapi context", maj_stat); + ssh_gssapi_log_error(SSH_LOG_WARNING, "Initializing gssapi context", maj_stat); return SSH_PACKET_USED; } if (output_token.length != 0){ hexa = ssh_get_hexa(output_token.value, output_token.length); - ssh_log(session, SSH_LOG_PACKET, "GSSAPI: sending token %s",hexa); + SSH_LOG(SSH_LOG_PACKET, "GSSAPI: sending token %s",hexa); SAFE_FREE(hexa); token = ssh_string_new(output_token.length); ssh_string_fill(token, output_token.value, output_token.length); @@ -770,7 +770,7 @@ static int ssh_gssapi_send_mic(ssh_session session){ gss_buffer_desc mic_token_buf = GSS_C_EMPTY_BUFFER; ssh_buffer mic_buffer; - ssh_log(session, SSH_LOG_PACKET,"Sending SSH_MSG_USERAUTH_GSSAPI_MIC"); + SSH_LOG(SSH_LOG_PACKET,"Sending SSH_MSG_USERAUTH_GSSAPI_MIC"); mic_buffer = ssh_gssapi_build_mic(session); if(!mic_buffer){ @@ -782,7 +782,7 @@ static int ssh_gssapi_send_mic(ssh_session session){ maj_stat = gss_get_mic(&min_stat,session->gssapi->ctx, GSS_C_QOP_DEFAULT, &mic_buf, &mic_token_buf); if (GSS_ERROR(maj_stat)){ - ssh_gssapi_log_error(session, 0, "generating MIC", maj_stat); + ssh_gssapi_log_error(0, "generating MIC", maj_stat); return SSH_ERROR; } @@ -803,7 +803,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){ (void)user; (void)type; - ssh_log(session, SSH_LOG_PACKET,"Received SSH_MSG_USERAUTH_GSSAPI_TOKEN"); + SSH_LOG(SSH_LOG_PACKET,"Received SSH_MSG_USERAUTH_GSSAPI_TOKEN"); if (!session->gssapi || session->auth_state != SSH_AUTH_STATE_GSSAPI_TOKEN){ ssh_set_error(session, SSH_FATAL, "Received SSH_MSG_USERAUTH_GSSAPI_TOKEN in invalid state"); return SSH_PACKET_USED; @@ -815,7 +815,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){ return SSH_PACKET_USED; } hexa = ssh_get_hexa(ssh_string_data(token),ssh_string_len(token)); - ssh_log(session, SSH_LOG_PACKET, "GSSAPI Token : %s",hexa); + SSH_LOG(SSH_LOG_PACKET, "GSSAPI Token : %s",hexa); SAFE_FREE(hexa); input_token.length = ssh_string_len(token); input_token.value = ssh_string_data(token); @@ -828,14 +828,14 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){ GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | (deleg ? GSS_C_DELEG_FLAG : 0), 0, NULL, &input_token, NULL, &output_token, NULL, NULL); - ssh_gssapi_log_error(session, 0, "accepting token", maj_stat); + ssh_gssapi_log_error(0, "accepting token", maj_stat); ssh_string_free(token); if (client_name != GSS_C_NO_NAME){ session->gssapi->client_name = client_name; - session->gssapi->canonic_user = ssh_gssapi_name_to_char(session, client_name); + session->gssapi->canonic_user = ssh_gssapi_name_to_char(client_name); } if (GSS_ERROR(maj_stat)){ - ssh_gssapi_log_error(session, SSH_LOG_PROTOCOL, "Gssapi error", maj_stat); + ssh_gssapi_log_error(SSH_LOG_PROTOCOL, "Gssapi error", maj_stat); ssh_gssapi_free(session); session->gssapi=NULL; return SSH_PACKET_USED; @@ -843,7 +843,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){ if (output_token.length != 0){ hexa = ssh_get_hexa(output_token.value, output_token.length); - ssh_log(session, SSH_LOG_PACKET, "GSSAPI: sending token %s",hexa); + SSH_LOG(SSH_LOG_PACKET, "GSSAPI: sending token %s",hexa); SAFE_FREE(hexa); token = ssh_string_new(output_token.length); ssh_string_fill(token, output_token.value, output_token.length); |