src/usr.bin/ssh/monitor.c - diff

Return to monitor.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/monitor.c between version 1.11.2.3 and 1.11.2.4

version 1.11.2.3, 2002/06/26 18:22:35

version 1.11.2.4, 2002/10/11 14:53:06

Line 116

int mm_answer_sesskey(int, Buffer *);

int mm_answer_sessid(int, Buffer *);

#ifdef KRB4

int mm_answer_krb4(int, Buffer *);

#endif

#ifdef KRB5

int mm_answer_krb5(int, Buffer *);

#endif

static Authctxt *authctxt;

static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */

Line 123

Line 130

static u_char *key_blob = NULL;

static u_int key_bloblen = 0;

static int key_blobtype = MM_NOKEY;

static u_char *hostbased_cuser = NULL;

static char *hostbased_cuser = NULL;

static u_char *hostbased_chost = NULL;

static char *hostbased_chost = NULL;

static char *auth_method = "unknown";

static int session_id2_len = 0;

static u_char *session_id2 = NULL;

Line 189

Line 196

{MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery},

{MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond},

#endif

#ifdef KRB4

{MONITOR_REQ_KRB4, MON_ONCE|MON_AUTH, mm_answer_krb4},

#endif

#ifdef KRB5

{MONITOR_REQ_KRB5, MON_ONCE|MON_AUTH, mm_answer_krb5},

#endif

{0, 0, NULL}

};

Line 441

Line 454

p = buffer_get_string(m, &datlen);

if (datlen != 20)

fatal("%s: data length incorrect: %d", __func__, datlen);

fatal("%s: data length incorrect: %u", __func__, datlen);

/* save session id, it will be passed on the first call */

if (session_id2_len == 0) {

Line 455

Line 468

if (key_sign(key, &signature, &siglen, p, datlen) < 0)

fatal("%s: key_sign failed", __func__);

debug3("%s: signature %p(%d)", __func__, signature, siglen);

debug3("%s: signature %p(%u)", __func__, signature, siglen);

buffer_clear(m);

buffer_put_string(m, signature, siglen);

Line 540

Line 553

mm_request_send(socket, MONITOR_ANS_AUTH2_READ_BANNER, m);

if (banner != NULL)

free(banner);

xfree(banner);

return (0);

}

Line 568

Line 581

{

static int call_count;

char *passwd;

int authenticated, plen;

int authenticated;

u_int plen;

passwd = buffer_get_string(m, &plen);

/* Only authenticate if the context is valid */

Line 715

Line 729

mm_answer_keyallowed(int socket, Buffer *m)

{

Key *key;

u_char *cuser, *chost, *blob;

char *cuser, *chost;

u_char *blob;

u_int bloblen;

enum mm_keytype type = 0;

int allowed = 0;

Line 791

Line 806

monitor_valid_userblob(u_char *data, u_int datalen)

{

Buffer b;

u_char *p;

char *p;

u_int len;

int fail = 0;

Line 844

Line 859

}

static int

monitor_valid_hostbasedblob(u_char *data, u_int datalen, u_char *cuser,

monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,

u_char *chost)

char *chost)

{

Buffer b;

u_char *p;

char *p;

u_int len;

int fail = 0;

Line 966

Line 981

* the address be 0.0.0.0.

memset(&from, 0, sizeof(from));

fromlen = sizeof(from);

if (packet_connection_is_on_socket()) {

fromlen = sizeof(from);

if (getpeername(packet_get_connection_in(),

(struct sockaddr *) & from, &fromlen) < 0) {

debug("getpeername: %.100s", strerror(errno));

Line 977

Line 992

/* Record that there was a login on that tty from the remote host. */

record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid,

get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping),

(struct sockaddr *)&from);

(struct sockaddr *)&from, fromlen);

}

static void

Line 1241

Line 1256

return (success);

}

#ifdef KRB4

int

mm_answer_krb4(int socket, Buffer *m)

{

KTEXT_ST auth, reply;

char *client, *p;

int success;

u_int alen;

reply.length = auth.length = 0;

p = buffer_get_string(m, &alen);

if (alen >= MAX_KTXT_LEN)

fatal("%s: auth too large", __func__);

memcpy(auth.dat, p, alen);

auth.length = alen;

memset(p, 0, alen);

xfree(p);

success = options.kerberos_authentication &&

authctxt->valid &&

auth_krb4(authctxt, &auth, &client, &reply);

memset(auth.dat, 0, alen);

buffer_clear(m);

buffer_put_int(m, success);

if (success) {

buffer_put_cstring(m, client);

buffer_put_string(m, reply.dat, reply.length);

if (client)

xfree(client);

if (reply.length)

memset(reply.dat, 0, reply.length);

}

debug3("%s: sending result %d", __func__, success);

mm_request_send(socket, MONITOR_ANS_KRB4, m);

auth_method = "kerberos";

/* Causes monitor loop to terminate if authenticated */

return (success);

}

#endif

#ifdef KRB5

int

mm_answer_krb5(int socket, Buffer *m)

{

krb5_data tkt, reply;

char *client_user;

u_int len;

int success;

/* use temporary var to avoid size issues on 64bit arch */

tkt.data = buffer_get_string(m, &len);

tkt.length = len;

success = options.kerberos_authentication &&

authctxt->valid &&

auth_krb5(authctxt, &tkt, &client_user, &reply);

if (tkt.length)

xfree(tkt.data);

buffer_clear(m);

buffer_put_int(m, success);

if (success) {

buffer_put_cstring(m, client_user);

buffer_put_string(m, reply.data, reply.length);

if (client_user)

xfree(client_user);

if (reply.length)

xfree(reply.data);

}

mm_request_send(socket, MONITOR_ANS_KRB5, m);

return success;

}

#endif

int

mm_answer_term(int socket, Buffer *req)

{

extern struct monitor *pmonitor;

Line 1418

Line 1516

void *

mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)

{

int len = size * ncount;

size_t len = size * ncount;

void *address;

if (len <= 0)

if (len == 0 || ncount > SIZE_T_MAX / size)

fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);

address = mm_malloc(mm, len);