version 1.49, 2003/08/28 12:54:34 |
version 1.49.2.1, 2004/02/28 03:51:33 |
|
|
int mm_answer_gss_setup_ctx(int, Buffer *); |
int mm_answer_gss_setup_ctx(int, Buffer *); |
int mm_answer_gss_accept_ctx(int, Buffer *); |
int mm_answer_gss_accept_ctx(int, Buffer *); |
int mm_answer_gss_userok(int, Buffer *); |
int mm_answer_gss_userok(int, Buffer *); |
|
int mm_answer_gss_checkmic(int, Buffer *); |
#endif |
#endif |
|
|
static Authctxt *authctxt; |
static Authctxt *authctxt; |
|
|
{MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx}, |
{MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx}, |
{MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, |
{MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, |
{MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, |
{MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, |
|
{MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, |
#endif |
#endif |
{0, 0, NULL} |
{0, 0, NULL} |
}; |
}; |
|
|
} |
} |
} |
} |
|
|
Authctxt * |
void |
monitor_child_preauth(struct monitor *pmonitor) |
monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) |
{ |
{ |
struct mon_table *ent; |
struct mon_table *ent; |
int authenticated = 0; |
int authenticated = 0; |
|
|
debug3("preauth child monitor started"); |
debug3("preauth child monitor started"); |
|
|
|
authctxt = _authctxt; |
|
memset(authctxt, 0, sizeof(*authctxt)); |
|
|
if (compat20) { |
if (compat20) { |
mon_dispatch = mon_dispatch_proto20; |
mon_dispatch = mon_dispatch_proto20; |
|
|
|
|
monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); |
monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); |
} |
} |
|
|
authctxt = authctxt_new(); |
|
|
|
/* The first few requests do not require asynchronous access */ |
/* The first few requests do not require asynchronous access */ |
while (!authenticated) { |
while (!authenticated) { |
authenticated = monitor_read(pmonitor, mon_dispatch, &ent); |
authenticated = monitor_read(pmonitor, mon_dispatch, &ent); |
|
|
__func__, authctxt->user); |
__func__, authctxt->user); |
|
|
mm_get_keystate(pmonitor); |
mm_get_keystate(pmonitor); |
|
|
return (authctxt); |
|
} |
} |
|
|
static void |
static void |
|
|
|
|
if (pwent == NULL) { |
if (pwent == NULL) { |
buffer_put_char(m, 0); |
buffer_put_char(m, 0); |
|
authctxt->pw = fakepw(); |
goto out; |
goto out; |
} |
} |
|
|
|
|
|
|
debug3("%s: key_from_blob: %p", __func__, key); |
debug3("%s: key_from_blob: %p", __func__, key); |
|
|
if (key != NULL && authctxt->pw != NULL) { |
if (key != NULL && authctxt->valid) { |
switch(type) { |
switch(type) { |
case MM_USERKEY: |
case MM_USERKEY: |
allowed = options.pubkey_authentication && |
allowed = options.pubkey_authentication && |
|
|
if (getpeername(packet_get_connection_in(), |
if (getpeername(packet_get_connection_in(), |
(struct sockaddr *) & from, &fromlen) < 0) { |
(struct sockaddr *) & from, &fromlen) < 0) { |
debug("getpeername: %.100s", strerror(errno)); |
debug("getpeername: %.100s", strerror(errno)); |
fatal_cleanup(); |
cleanup_exit(255); |
} |
} |
} |
} |
/* Record that there was a login on that tty from the remote host. */ |
/* Record that there was a login on that tty from the remote host. */ |
|
|
debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid); |
debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid); |
if (s->ttyfd != -1) { |
if (s->ttyfd != -1) { |
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); |
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); |
fatal_remove_cleanup(session_pty_cleanup2, (void *)s); |
|
session_pty_cleanup2(s); |
session_pty_cleanup2(s); |
} |
} |
s->used = 0; |
s->used = 0; |
|
|
res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); |
res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); |
if (res == 0) |
if (res == 0) |
goto error; |
goto error; |
fatal_add_cleanup(session_pty_cleanup2, (void *)s); |
|
pty_setowner(authctxt->pw, s->tty); |
pty_setowner(authctxt->pw, s->tty); |
|
|
buffer_put_int(m, 1); |
buffer_put_int(m, 1); |
|
|
|
|
mon = xmalloc(sizeof(*mon)); |
mon = xmalloc(sizeof(*mon)); |
|
|
|
mon->m_pid = 0; |
monitor_socketpair(pair); |
monitor_socketpair(pair); |
|
|
mon->m_recvfd = pair[0]; |
mon->m_recvfd = pair[0]; |
|
|
|
|
gss_release_buffer(&minor, &out); |
gss_release_buffer(&minor, &out); |
|
|
/* Complete - now we can do signing */ |
|
if (major==GSS_S_COMPLETE) { |
if (major==GSS_S_COMPLETE) { |
monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); |
monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); |
monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); |
monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); |
|
monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); |
} |
} |
return (0); |
return (0); |
} |
} |
|
|
int |
int |
|
mm_answer_gss_checkmic(int socket, Buffer *m) |
|
{ |
|
gss_buffer_desc gssbuf, mic; |
|
OM_uint32 ret; |
|
u_int len; |
|
|
|
gssbuf.value = buffer_get_string(m, &len); |
|
gssbuf.length = len; |
|
mic.value = buffer_get_string(m, &len); |
|
mic.length = len; |
|
|
|
ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); |
|
|
|
xfree(gssbuf.value); |
|
xfree(mic.value); |
|
|
|
buffer_clear(m); |
|
buffer_put_int(m, ret); |
|
|
|
mm_request_send(socket, MONITOR_ANS_GSSCHECKMIC, m); |
|
|
|
if (!GSS_ERROR(ret)) |
|
monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); |
|
|
|
return (0); |
|
} |
|
|
|
int |
mm_answer_gss_userok(int socket, Buffer *m) |
mm_answer_gss_userok(int socket, Buffer *m) |
{ |
{ |
int authenticated; |
int authenticated; |
|
|
debug3("%s: sending result %d", __func__, authenticated); |
debug3("%s: sending result %d", __func__, authenticated); |
mm_request_send(socket, MONITOR_ANS_GSSUSEROK, m); |
mm_request_send(socket, MONITOR_ANS_GSSUSEROK, m); |
|
|
auth_method="gssapi"; |
auth_method="gssapi-with-mic"; |
|
|
/* Monitor loop will terminate if authenticated */ |
/* Monitor loop will terminate if authenticated */ |
return (authenticated); |
return (authenticated); |