I have implemented authentication gssapi-with-mic (Issue libssh2#707) as described by RFC4462, without gssapi KEX implementation. The implementation also handles partial success (new error LIBSSH2_ERROR_PARTIAL_SUCCESS, the same as pull request libssh2#1757) and USERAUTH_BANNER during message exchange. Errors in GSSAPI handling are returned as LIBSSH2_ERROR_GSSAPI_FAILURE.
I have a working example/ssh2 on both Linux and Windows (I only add call to libssh2_userauth_gssapi_with_mic() in ssh2.c)
Test have been made on Linux (with command kinit first) and Windows (logged in as domain user aduser01). The domain is SYSTEM.SE (uppercase is needed for Kerberos to work…) and the name of the SSH-server is sl.system.se. The linux client and the linux SSH-server is a member of the domain.
example/ssh2 sl.system.se aduser01@SYSTEM.SE "" -K date
and the date of the server is displayed.
The new functions are
int libssh2_userauth_gssapi_with_mic(LIBSSH2_SESSION *session,
                                                                      const char *username,
                                                                      const char *hostname)
int libssh2_userauth_gssapi_with_mic_ex(LIBSSH2_SESSION *session,
                                                                             const char *username,
                                                                             size_t username_len,
                                                                             const char *hostname,
                                                                             size_t hostname_len,
                                                                             int delegation_flag);
where hostname is the host (not IP) used in the connection. Delegation_flag is set to false (0) when libssh2_userauth_gssapi_with_mic() is called
Changes are made in the following files (all with “#ifdef LIBSSH2_GSSAPI” for the added code):
src/misc.[ch]:
added function void _libssh2_store_u8(unsigned char **buf, uint8_t value) and int _libssh2_store_bytes(unsigned char **buf, const unsigned char *mem, size_t len)
_libssh2_store_bytes() is needed due to the length in one message is u8 (and not u32)
src/userauth.c: Main implementation (approx. 1200 lines)
src/libssh2_priv.h: additional members of session structure and new MSG-definitions
include/libssh2.h: function definition and new error codes
examples/ssh2.c: code to use new function incl. handling of hostname instead of IP-address (attached)
docs/libssh2_userauth_gssapi_with_mic.md and /libssh2_userauth_gssapi_with_mic_ex.md; New man-pages
CMakeLists.txt: option -DLIBSSH2_GSSAPI_ENABLE=ON enables this function and additional libraries needed are added.