| version 1.19, 2002/09/26 11:38:43 |
version 1.19.2.2, 2003/09/16 21:20:26 |
|
|
| #include "dh.h" |
#include "dh.h" |
| #include "kex.h" |
#include "kex.h" |
| #include "auth.h" |
#include "auth.h" |
| |
#include "auth-options.h" |
| #include "buffer.h" |
#include "buffer.h" |
| #include "bufaux.h" |
#include "bufaux.h" |
| #include "packet.h" |
#include "packet.h" |
|
|
| #include "channels.h" |
#include "channels.h" |
| #include "session.h" |
#include "session.h" |
| |
|
| |
#ifdef GSSAPI |
| |
#include "ssh-gss.h" |
| |
#endif |
| |
|
| /* Imports */ |
/* Imports */ |
| extern int compat20; |
extern int compat20; |
| extern Newkeys *newkeys[]; |
extern Newkeys *newkeys[]; |
|
|
| |
|
| PUT_32BIT(buf, mlen + 1); |
PUT_32BIT(buf, mlen + 1); |
| buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */ |
buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */ |
| if (atomicio(write, socket, buf, sizeof(buf)) != sizeof(buf)) |
if (atomicio(vwrite, socket, buf, sizeof(buf)) != sizeof(buf)) |
| fatal("%s: write", __func__); |
fatal("%s: write", __func__); |
| if (atomicio(write, socket, buffer_ptr(m), mlen) != mlen) |
if (atomicio(vwrite, socket, buffer_ptr(m), mlen) != mlen) |
| fatal("%s: write", __func__); |
fatal("%s: write", __func__); |
| } |
} |
| |
|
|
|
| Buffer m; |
Buffer m; |
| u_char *blob; |
u_char *blob; |
| u_int len; |
u_int len; |
| int allowed = 0; |
int allowed = 0, have_forced = 0; |
| |
|
| debug3("%s entering", __func__); |
debug3("%s entering", __func__); |
| |
|
|
|
| |
|
| allowed = buffer_get_int(&m); |
allowed = buffer_get_int(&m); |
| |
|
| |
/* fake forced command */ |
| |
auth_clear_options(); |
| |
have_forced = buffer_get_int(&m); |
| |
forced_command = have_forced ? xstrdup("true") : NULL; |
| |
|
| /* Send potential debug messages */ |
/* Send potential debug messages */ |
| mm_send_debug(&m); |
mm_send_debug(&m); |
| |
|
|
|
| Buffer m; |
Buffer m; |
| u_char *blob, *p; |
u_char *blob, *p; |
| u_int bloblen, plen; |
u_int bloblen, plen; |
| |
u_int32_t seqnr, packets; |
| |
u_int64_t blocks; |
| |
|
| buffer_init(&m); |
buffer_init(&m); |
| |
|
|
|
| buffer_put_string(&m, blob, bloblen); |
buffer_put_string(&m, blob, bloblen); |
| xfree(blob); |
xfree(blob); |
| |
|
| buffer_put_int(&m, packet_get_seqnr(MODE_OUT)); |
packet_get_state(MODE_OUT, &seqnr, &blocks, &packets); |
| buffer_put_int(&m, packet_get_seqnr(MODE_IN)); |
buffer_put_int(&m, seqnr); |
| |
buffer_put_int64(&m, blocks); |
| |
buffer_put_int(&m, packets); |
| |
packet_get_state(MODE_IN, &seqnr, &blocks, &packets); |
| |
buffer_put_int(&m, seqnr); |
| |
buffer_put_int64(&m, blocks); |
| |
buffer_put_int(&m, packets); |
| |
|
| debug3("%s: New keys have been sent", __func__); |
debug3("%s: New keys have been sent", __func__); |
| skip: |
skip: |
|
|
| u_int *numprompts, char ***prompts, u_int **echo_on) |
u_int *numprompts, char ***prompts, u_int **echo_on) |
| { |
{ |
| Buffer m; |
Buffer m; |
| int res; |
u_int success; |
| char *challenge; |
char *challenge; |
| |
|
| debug3("%s: entering", __func__); |
debug3("%s: entering", __func__); |
|
|
| |
|
| mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY, |
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY, |
| &m); |
&m); |
| res = buffer_get_int(&m); |
success = buffer_get_int(&m); |
| if (res == -1) { |
if (success == 0) { |
| debug3("%s: no challenge", __func__); |
debug3("%s: no challenge", __func__); |
| buffer_free(&m); |
buffer_free(&m); |
| return (-1); |
return (-1); |
|
|
| u_int *numprompts, char ***prompts, u_int **echo_on) |
u_int *numprompts, char ***prompts, u_int **echo_on) |
| { |
{ |
| Buffer m; |
Buffer m; |
| int len, res; |
int len; |
| |
u_int success; |
| char *p, *challenge; |
char *p, *challenge; |
| |
|
| debug3("%s: entering", __func__); |
debug3("%s: entering", __func__); |
|
|
| |
|
| mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, |
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, |
| &m); |
&m); |
| res = buffer_get_int(&m); |
success = buffer_get_int(&m); |
| if (res == -1) { |
if (success == 0) { |
| debug3("%s: no challenge", __func__); |
debug3("%s: no challenge", __func__); |
| buffer_free(&m); |
buffer_free(&m); |
| return (-1); |
return (-1); |
|
|
| Key *key; |
Key *key; |
| u_char *blob; |
u_char *blob; |
| u_int blen; |
u_int blen; |
| int allowed = 0; |
int allowed = 0, have_forced = 0; |
| |
|
| debug3("%s entering", __func__); |
debug3("%s entering", __func__); |
| |
|
|
|
| |
|
| allowed = buffer_get_int(&m); |
allowed = buffer_get_int(&m); |
| |
|
| |
/* fake forced command */ |
| |
auth_clear_options(); |
| |
have_forced = buffer_get_int(&m); |
| |
forced_command = have_forced ? xstrdup("true") : NULL; |
| |
|
| if (allowed && rkey != NULL) { |
if (allowed && rkey != NULL) { |
| blob = buffer_get_string(&m, &blen); |
blob = buffer_get_string(&m, &blen); |
| if ((key = key_from_blob(blob, blen)) == NULL) |
if ((key = key_from_blob(blob, blen)) == NULL) |
|
|
| return (success); |
return (success); |
| } |
} |
| |
|
| #ifdef KRB4 |
#ifdef GSSAPI |
| int |
OM_uint32 |
| mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply) |
mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) |
| { |
{ |
| KTEXT auth, reply; |
Buffer m; |
| Buffer m; |
OM_uint32 major; |
| u_int rlen; |
|
| int success = 0; |
|
| char *p; |
|
| |
|
| debug3("%s entering", __func__); |
/* Client doesn't get to see the context */ |
| auth = _auth; |
*ctx = NULL; |
| reply = _reply; |
|
| |
|
| buffer_init(&m); |
buffer_init(&m); |
| buffer_put_string(&m, auth->dat, auth->length); |
buffer_put_string(&m, oid->elements, oid->length); |
| |
|
| mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB4, &m); |
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m); |
| mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB4, &m); |
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m); |
| |
|
| success = buffer_get_int(&m); |
major = buffer_get_int(&m); |
| if (success) { |
|
| *client = buffer_get_string(&m, NULL); |
|
| p = buffer_get_string(&m, &rlen); |
|
| if (rlen >= MAX_KTXT_LEN) |
|
| fatal("%s: reply from monitor too large", __func__); |
|
| reply->length = rlen; |
|
| memcpy(reply->dat, p, rlen); |
|
| memset(p, 0, rlen); |
|
| xfree(p); |
|
| } |
|
| buffer_free(&m); |
buffer_free(&m); |
| return (success); |
return (major); |
| } |
} |
| #endif |
|
| |
|
| #ifdef KRB5 |
OM_uint32 |
| int |
mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in, |
| mm_auth_krb5(void *ctx, void *argp, char **userp, void *resp) |
gss_buffer_desc *out, OM_uint32 *flags) |
| { |
{ |
| krb5_data *tkt, *reply; |
|
| Buffer m; |
Buffer m; |
| int success; |
OM_uint32 major; |
| |
u_int len; |
| |
|
| debug3("%s entering", __func__); |
|
| tkt = (krb5_data *) argp; |
|
| reply = (krb5_data *) resp; |
|
| |
|
| buffer_init(&m); |
buffer_init(&m); |
| buffer_put_string(&m, tkt->data, tkt->length); |
buffer_put_string(&m, in->value, in->length); |
| |
|
| mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB5, &m); |
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m); |
| mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB5, &m); |
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m); |
| |
|
| success = buffer_get_int(&m); |
major = buffer_get_int(&m); |
| if (success) { |
out->value = buffer_get_string(&m, &len); |
| u_int len; |
out->length = len; |
| |
if (flags) |
| |
*flags = buffer_get_int(&m); |
| |
|
| *userp = buffer_get_string(&m, NULL); |
buffer_free(&m); |
| reply->data = buffer_get_string(&m, &len); |
|
| reply->length = len; |
|
| } else { |
|
| memset(reply, 0, sizeof(*reply)); |
|
| *userp = NULL; |
|
| } |
|
| |
|
| |
return (major); |
| |
} |
| |
|
| |
int |
| |
mm_ssh_gssapi_userok(char *user) |
| |
{ |
| |
Buffer m; |
| |
int authenticated = 0; |
| |
|
| |
buffer_init(&m); |
| |
|
| |
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m); |
| |
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK, |
| |
&m); |
| |
|
| |
authenticated = buffer_get_int(&m); |
| |
|
| buffer_free(&m); |
buffer_free(&m); |
| return (success); |
debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); |
| |
return (authenticated); |
| } |
} |
| #endif |
#endif /* GSSAPI */ |
![[BACK]](/icons/back.gif){kind=icon}
Return to monitor_wrap.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh