From 2362e6bf7f2a51efaf991f96752ed5f12044300e Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 15 Nov 2013 15:59:26 -0500 Subject: gssapi: Add support for GSSAPIDelegateCredentials config option. Signed-off-by: Simo Sorce --- src/config.c | 10 +++++++++- src/gssapi.c | 3 +++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/config.c b/src/config.c index ac3bca1..850928d 100644 --- a/src/config.c +++ b/src/config.c @@ -48,7 +48,8 @@ enum ssh_config_opcode_e { SOC_KNOWNHOSTS, SOC_PROXYCOMMAND, SOC_GSSAPISERVERIDENTITY, - SOC_GSSAPICLIENTIDENTITY + SOC_GSSAPICLIENTIDENTITY, + SOC_GSSAPIDELEGATECREDENTIALS, }; struct ssh_config_keyword_table_s { @@ -71,6 +72,7 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = { { "proxycommand", SOC_PROXYCOMMAND }, { "gssapiserveridentity", SOC_GSSAPISERVERIDENTITY }, { "gssapiserveridentity", SOC_GSSAPICLIENTIDENTITY }, + { "gssapidelegatecredentials", SOC_GSSAPIDELEGATECREDENTIALS }, { NULL, SOC_UNSUPPORTED } }; @@ -339,6 +341,12 @@ static int ssh_config_parse_line(ssh_session session, const char *line, ssh_options_set(session, SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY, p); } break; + case SOC_GSSAPIDELEGATECREDENTIALS: + i = ssh_config_get_yesno(&s, -1); + if (i >=0 && *parsing) { + ssh_options_set(session, SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, &i); + } + break; case SOC_UNSUPPORTED: SSH_LOG(SSH_LOG_RARE, "Unsupported option: %s, line: %d\n", keyword, count); diff --git a/src/gssapi.c b/src/gssapi.c index 88815a4..e2bcce3 100644 --- a/src/gssapi.c +++ b/src/gssapi.c @@ -805,6 +805,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){ } session->gssapi->client.flags = GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG; + if (session->opts.gss_delegate_creds) { + session->gssapi->client.flags |= GSS_C_DELEG_FLAG; + } /* prepare the first TOKEN response */ maj_stat = gss_init_sec_context(&min_stat, -- cgit