-
Notifications
You must be signed in to change notification settings - Fork 2
/
server.go
62 lines (55 loc) · 1.49 KB
/
server.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
package gss
import (
"errors"
"github.com/apcera/gssapi"
)
func NewSSHGSSAPIServerSide() (*sshGSSApiServerSide, error) {
lib, err := gssapi.Load(nil)
if err != nil {
return nil, err
}
return &sshGSSApiServerSide{
lib: lib,
}, nil
}
type sshGSSApiServerSide struct {
lib *gssapi.Lib
ctx *gssapi.CtxId
}
func (s *sshGSSApiServerSide) AcceptSecContext(token []byte) ([]byte, string, bool, error) {
inputToken, err := s.lib.MakeBufferBytes(token)
defer inputToken.Release()
if err != nil {
return nil, "", false, err
}
ctx, srcName, _, outToken, _, _, _, err := s.lib.AcceptSecContext(s.lib.GSS_C_NO_CONTEXT, s.lib.GSS_C_NO_CREDENTIAL, inputToken, s.lib.GSS_C_NO_CHANNEL_BINDINGS)
defer outToken.Release()
defer srcName.Release()
s.ctx = ctx
if err != nil {
if err == gssapi.ErrContinueNeeded {
return outToken.Bytes(), "", true, nil
}
return outToken.Bytes(), "", false, err
}
return outToken.Bytes(), srcName.String(), false, nil
}
func (s *sshGSSApiServerSide) VerifyMIC(micField []byte, micToken []byte) error {
if s.ctx == nil {
return errors.New("ctx is nil, acceptSecContext before VerifyMIC")
}
messageBuffer, _ := s.lib.MakeBufferBytes(micField)
defer messageBuffer.Release()
tokenBuffer, _ := s.lib.MakeBufferBytes(micToken)
defer tokenBuffer.Release()
if _, err := s.ctx.VerifyMIC(messageBuffer, tokenBuffer); err != nil {
return err
}
return nil
}
func (s *sshGSSApiServerSide) DeleteSecContext() error {
if s.ctx != nil {
s.ctx.Release()
}
return nil
}