=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/monitor_wrap.c,v retrieving revision 1.19 retrieving revision 1.19.2.2 diff -u -r1.19 -r1.19.2.2 --- src/usr.bin/ssh/monitor_wrap.c 2002/09/26 11:38:43 1.19 +++ src/usr.bin/ssh/monitor_wrap.c 2003/09/16 21:20:26 1.19.2.2 @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_wrap.c,v 1.19 2002/09/26 11:38:43 markus Exp $"); +RCSID("$OpenBSD: monitor_wrap.c,v 1.19.2.2 2003/09/16 21:20:26 brad Exp $"); #include #include @@ -34,6 +34,7 @@ #include "dh.h" #include "kex.h" #include "auth.h" +#include "auth-options.h" #include "buffer.h" #include "bufaux.h" #include "packet.h" @@ -51,6 +52,10 @@ #include "channels.h" #include "session.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif + /* Imports */ extern int compat20; extern Newkeys *newkeys[]; @@ -69,9 +74,9 @@ PUT_32BIT(buf, mlen + 1); buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */ - if (atomicio(write, socket, buf, sizeof(buf)) != sizeof(buf)) + if (atomicio(vwrite, socket, buf, sizeof(buf)) != sizeof(buf)) fatal("%s: write", __func__); - if (atomicio(write, socket, buffer_ptr(m), mlen) != mlen) + if (atomicio(vwrite, socket, buffer_ptr(m), mlen) != mlen) fatal("%s: write", __func__); } @@ -310,7 +315,7 @@ Buffer m; u_char *blob; u_int len; - int allowed = 0; + int allowed = 0, have_forced = 0; debug3("%s entering", __func__); @@ -332,6 +337,11 @@ allowed = buffer_get_int(&m); + /* fake forced command */ + auth_clear_options(); + have_forced = buffer_get_int(&m); + forced_command = have_forced ? xstrdup("true") : NULL; + /* Send potential debug messages */ mm_send_debug(&m); @@ -512,6 +522,8 @@ Buffer m; u_char *blob, *p; u_int bloblen, plen; + u_int32_t seqnr, packets; + u_int64_t blocks; buffer_init(&m); @@ -560,8 +572,14 @@ buffer_put_string(&m, blob, bloblen); xfree(blob); - buffer_put_int(&m, packet_get_seqnr(MODE_OUT)); - buffer_put_int(&m, packet_get_seqnr(MODE_IN)); + packet_get_state(MODE_OUT, &seqnr, &blocks, &packets); + buffer_put_int(&m, seqnr); + buffer_put_int64(&m, blocks); + buffer_put_int(&m, packets); + packet_get_state(MODE_IN, &seqnr, &blocks, &packets); + buffer_put_int(&m, seqnr); + buffer_put_int64(&m, blocks); + buffer_put_int(&m, packets); debug3("%s: New keys have been sent", __func__); skip: @@ -695,7 +713,7 @@ u_int *numprompts, char ***prompts, u_int **echo_on) { Buffer m; - int res; + u_int success; char *challenge; debug3("%s: entering", __func__); @@ -705,8 +723,8 @@ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY, &m); - res = buffer_get_int(&m); - if (res == -1) { + success = buffer_get_int(&m); + if (success == 0) { debug3("%s: no challenge", __func__); buffer_free(&m); return (-1); @@ -752,7 +770,8 @@ u_int *numprompts, char ***prompts, u_int **echo_on) { Buffer m; - int len, res; + int len; + u_int success; char *p, *challenge; debug3("%s: entering", __func__); @@ -762,8 +781,8 @@ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, &m); - res = buffer_get_int(&m); - if (res == -1) { + success = buffer_get_int(&m); + if (success == 0) { debug3("%s: no challenge", __func__); buffer_free(&m); return (-1); @@ -833,7 +852,7 @@ Key *key; u_char *blob; u_int blen; - int allowed = 0; + int allowed = 0, have_forced = 0; debug3("%s entering", __func__); @@ -845,6 +864,11 @@ allowed = buffer_get_int(&m); + /* fake forced command */ + auth_clear_options(); + have_forced = buffer_get_int(&m); + forced_command = have_forced ? xstrdup("true") : NULL; + if (allowed && rkey != NULL) { blob = buffer_get_string(&m, &blen); if ((key = key_from_blob(blob, blen)) == NULL) @@ -918,73 +942,69 @@ return (success); } -#ifdef KRB4 -int -mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply) +#ifdef GSSAPI +OM_uint32 +mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) { - KTEXT auth, reply; - Buffer m; - u_int rlen; - int success = 0; - char *p; + Buffer m; + OM_uint32 major; - debug3("%s entering", __func__); - auth = _auth; - reply = _reply; + /* Client doesn't get to see the context */ + *ctx = NULL; buffer_init(&m); - buffer_put_string(&m, auth->dat, auth->length); + buffer_put_string(&m, oid->elements, oid->length); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB4, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB4, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m); - success = buffer_get_int(&m); - if (success) { - *client = buffer_get_string(&m, NULL); - p = buffer_get_string(&m, &rlen); - if (rlen >= MAX_KTXT_LEN) - fatal("%s: reply from monitor too large", __func__); - reply->length = rlen; - memcpy(reply->dat, p, rlen); - memset(p, 0, rlen); - xfree(p); - } + major = buffer_get_int(&m); + buffer_free(&m); - return (success); + return (major); } -#endif -#ifdef KRB5 -int -mm_auth_krb5(void *ctx, void *argp, char **userp, void *resp) +OM_uint32 +mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in, + gss_buffer_desc *out, OM_uint32 *flags) { - krb5_data *tkt, *reply; Buffer m; - int success; + OM_uint32 major; + u_int len; - debug3("%s entering", __func__); - tkt = (krb5_data *) argp; - reply = (krb5_data *) resp; - buffer_init(&m); - buffer_put_string(&m, tkt->data, tkt->length); + buffer_put_string(&m, in->value, in->length); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB5, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB5, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m); - success = buffer_get_int(&m); - if (success) { - u_int len; + major = buffer_get_int(&m); + out->value = buffer_get_string(&m, &len); + out->length = len; + if (flags) + *flags = buffer_get_int(&m); - *userp = buffer_get_string(&m, NULL); - reply->data = buffer_get_string(&m, &len); - reply->length = len; - } else { - memset(reply, 0, sizeof(*reply)); - *userp = NULL; - } + buffer_free(&m); + return (major); +} + +int +mm_ssh_gssapi_userok(char *user) +{ + Buffer m; + int authenticated = 0; + + buffer_init(&m); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK, + &m); + + authenticated = buffer_get_int(&m); + buffer_free(&m); - return (success); + debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); + return (authenticated); } -#endif +#endif /* GSSAPI */