| version 1.22.2.2, 2004/03/04 18:18:16 |
version 1.23, 2003/04/01 10:10:23 |
|
|
| #include "channels.h" |
#include "channels.h" |
| #include "session.h" |
#include "session.h" |
| |
|
| #ifdef GSSAPI |
|
| #include "ssh-gss.h" |
|
| #endif |
|
| |
|
| /* Imports */ |
/* Imports */ |
| extern int compat20; |
extern int compat20; |
| extern Newkeys *newkeys[]; |
extern Newkeys *newkeys[]; |
|
|
| extern struct monitor *pmonitor; |
extern struct monitor *pmonitor; |
| extern Buffer input, output; |
extern Buffer input, output; |
| |
|
| int |
|
| mm_is_monitor(void) |
|
| { |
|
| /* |
|
| * m_pid is only set in the privileged part, and |
|
| * points to the unprivileged child. |
|
| */ |
|
| return (pmonitor && pmonitor->m_pid > 0); |
|
| } |
|
| |
|
| void |
void |
| mm_request_send(int socket, enum monitor_reqtype type, Buffer *m) |
mm_request_send(int socket, enum monitor_reqtype type, Buffer *m) |
| { |
{ |
|
|
| |
|
| PUT_32BIT(buf, mlen + 1); |
PUT_32BIT(buf, mlen + 1); |
| buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */ |
buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */ |
| if (atomicio(vwrite, socket, buf, sizeof(buf)) != sizeof(buf)) |
if (atomicio(write, socket, buf, sizeof(buf)) != sizeof(buf)) |
| fatal("%s: write", __func__); |
fatal("%s: write", __func__); |
| if (atomicio(vwrite, socket, buffer_ptr(m), mlen) != mlen) |
if (atomicio(write, socket, buffer_ptr(m), mlen) != mlen) |
| fatal("%s: write", __func__); |
fatal("%s: write", __func__); |
| } |
} |
| |
|
|
|
| res = atomicio(read, socket, buf, sizeof(buf)); |
res = atomicio(read, socket, buf, sizeof(buf)); |
| if (res != sizeof(buf)) { |
if (res != sizeof(buf)) { |
| if (res == 0) |
if (res == 0) |
| cleanup_exit(255); |
fatal_cleanup(); |
| fatal("%s: read: %ld", __func__, (long)res); |
fatal("%s: read: %ld", __func__, (long)res); |
| } |
} |
| msg_len = GET_32BIT(buf); |
msg_len = GET_32BIT(buf); |
|
|
| return (pw); |
return (pw); |
| } |
} |
| |
|
| char * |
char *mm_auth2_read_banner(void) |
| mm_auth2_read_banner(void) |
|
| { |
{ |
| Buffer m; |
Buffer m; |
| char *banner; |
char *banner; |
|
|
| mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m); |
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m); |
| buffer_clear(&m); |
buffer_clear(&m); |
| |
|
| mm_request_receive_expect(pmonitor->m_recvfd, |
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTH2_READ_BANNER, &m); |
| MONITOR_ANS_AUTH2_READ_BANNER, &m); |
|
| banner = buffer_get_string(&m, NULL); |
banner = buffer_get_string(&m, NULL); |
| buffer_free(&m); |
buffer_free(&m); |
| |
|
| /* treat empty banner as missing banner */ |
|
| if (strlen(banner) == 0) { |
|
| xfree(banner); |
|
| banner = NULL; |
|
| } |
|
| return (banner); |
return (banner); |
| } |
} |
| |
|
|
|
| buffer_put_int(&m, seqnr); |
buffer_put_int(&m, seqnr); |
| buffer_put_int64(&m, blocks); |
buffer_put_int64(&m, blocks); |
| buffer_put_int(&m, packets); |
buffer_put_int(&m, packets); |
| packet_get_state(MODE_IN, &seqnr, &blocks, &packets); |
packet_get_state(MODE_OUT, &seqnr, &blocks, &packets); |
| buffer_put_int(&m, seqnr); |
buffer_put_int(&m, seqnr); |
| buffer_put_int64(&m, blocks); |
buffer_put_int64(&m, blocks); |
| buffer_put_int(&m, packets); |
buffer_put_int(&m, packets); |
|
|
| } |
} |
| |
|
| void |
void |
| mm_session_pty_cleanup2(Session *s) |
mm_session_pty_cleanup2(void *session) |
| { |
{ |
| |
Session *s = session; |
| Buffer m; |
Buffer m; |
| |
|
| if (s->ttyfd == -1) |
if (s->ttyfd == -1) |
|
|
| return (success); |
return (success); |
| } |
} |
| |
|
| #ifdef GSSAPI |
#ifdef KRB4 |
| OM_uint32 |
int |
| mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) |
mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply) |
| { |
{ |
| Buffer m; |
KTEXT auth, reply; |
| OM_uint32 major; |
Buffer m; |
| |
u_int rlen; |
| |
int success = 0; |
| |
char *p; |
| |
|
| /* Client doesn't get to see the context */ |
debug3("%s entering", __func__); |
| *ctx = NULL; |
auth = _auth; |
| |
reply = _reply; |
| |
|
| buffer_init(&m); |
buffer_init(&m); |
| buffer_put_string(&m, oid->elements, oid->length); |
buffer_put_string(&m, auth->dat, auth->length); |
| |
|
| mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m); |
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB4, &m); |
| mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m); |
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB4, &m); |
| |
|
| major = buffer_get_int(&m); |
success = buffer_get_int(&m); |
| |
if (success) { |
| |
*client = buffer_get_string(&m, NULL); |
| |
p = buffer_get_string(&m, &rlen); |
| |
if (rlen >= MAX_KTXT_LEN) |
| |
fatal("%s: reply from monitor too large", __func__); |
| |
reply->length = rlen; |
| |
memcpy(reply->dat, p, rlen); |
| |
memset(p, 0, rlen); |
| |
xfree(p); |
| |
} |
| buffer_free(&m); |
buffer_free(&m); |
| return (major); |
return (success); |
| } |
} |
| |
#endif |
| |
|
| OM_uint32 |
#ifdef KRB5 |
| mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in, |
int |
| gss_buffer_desc *out, OM_uint32 *flags) |
mm_auth_krb5(void *ctx, void *argp, char **userp, void *resp) |
| { |
{ |
| |
krb5_data *tkt, *reply; |
| Buffer m; |
Buffer m; |
| OM_uint32 major; |
int success; |
| u_int len; |
|
| |
|
| buffer_init(&m); |
debug3("%s entering", __func__); |
| buffer_put_string(&m, in->value, in->length); |
tkt = (krb5_data *) argp; |
| |
reply = (krb5_data *) resp; |
| |
|
| mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m); |
|
| mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m); |
|
| |
|
| major = buffer_get_int(&m); |
|
| out->value = buffer_get_string(&m, &len); |
|
| out->length = len; |
|
| if (flags) |
|
| *flags = buffer_get_int(&m); |
|
| |
|
| buffer_free(&m); |
|
| |
|
| return (major); |
|
| } |
|
| |
|
| OM_uint32 |
|
| mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) |
|
| { |
|
| Buffer m; |
|
| OM_uint32 major; |
|
| |
|
| buffer_init(&m); |
buffer_init(&m); |
| buffer_put_string(&m, gssbuf->value, gssbuf->length); |
buffer_put_string(&m, tkt->data, tkt->length); |
| buffer_put_string(&m, gssmic->value, gssmic->length); |
|
| |
|
| mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, &m); |
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB5, &m); |
| mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSCHECKMIC, |
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB5, &m); |
| &m); |
|
| |
|
| major = buffer_get_int(&m); |
success = buffer_get_int(&m); |
| buffer_free(&m); |
if (success) { |
| return(major); |
u_int len; |
| } |
|
| |
|
| int |
*userp = buffer_get_string(&m, NULL); |
| mm_ssh_gssapi_userok(char *user) |
reply->data = buffer_get_string(&m, &len); |
| { |
reply->length = len; |
| Buffer m; |
} else { |
| int authenticated = 0; |
memset(reply, 0, sizeof(*reply)); |
| |
*userp = NULL; |
| |
} |
| |
|
| buffer_init(&m); |
|
| |
|
| mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m); |
|
| mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK, |
|
| &m); |
|
| |
|
| authenticated = buffer_get_int(&m); |
|
| |
|
| buffer_free(&m); |
buffer_free(&m); |
| debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); |
return (success); |
| return (authenticated); |
|
| } |
} |
| #endif /* GSSAPI */ |
#endif |
![[BACK]](/icons/back.gif){kind=icon}
Return to monitor_wrap.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh