=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/monitor_wrap.c,v retrieving revision 1.22.2.2 retrieving revision 1.23 diff -u -r1.22.2.2 -r1.23 --- src/usr.bin/ssh/monitor_wrap.c 2004/03/04 18:18:16 1.22.2.2 +++ src/usr.bin/ssh/monitor_wrap.c 2003/04/01 10:10:23 1.23 @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_wrap.c,v 1.22.2.2 2004/03/04 18:18:16 brad Exp $"); +RCSID("$OpenBSD: monitor_wrap.c,v 1.23 2003/04/01 10:10:23 markus Exp $"); #include #include @@ -52,10 +52,6 @@ #include "channels.h" #include "session.h" -#ifdef GSSAPI -#include "ssh-gss.h" -#endif - /* Imports */ extern int compat20; extern Newkeys *newkeys[]; @@ -64,16 +60,6 @@ extern struct monitor *pmonitor; extern Buffer input, output; -int -mm_is_monitor(void) -{ - /* - * m_pid is only set in the privileged part, and - * points to the unprivileged child. - */ - return (pmonitor && pmonitor->m_pid > 0); -} - void mm_request_send(int socket, enum monitor_reqtype type, Buffer *m) { @@ -84,9 +70,9 @@ PUT_32BIT(buf, mlen + 1); buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */ - if (atomicio(vwrite, socket, buf, sizeof(buf)) != sizeof(buf)) + if (atomicio(write, socket, buf, sizeof(buf)) != sizeof(buf)) fatal("%s: write", __func__); - if (atomicio(vwrite, socket, buffer_ptr(m), mlen) != mlen) + if (atomicio(write, socket, buffer_ptr(m), mlen) != mlen) fatal("%s: write", __func__); } @@ -102,7 +88,7 @@ res = atomicio(read, socket, buf, sizeof(buf)); if (res != sizeof(buf)) { if (res == 0) - cleanup_exit(255); + fatal_cleanup(); fatal("%s: read: %ld", __func__, (long)res); } msg_len = GET_32BIT(buf); @@ -220,8 +206,7 @@ return (pw); } -char * -mm_auth2_read_banner(void) +char *mm_auth2_read_banner(void) { Buffer m; char *banner; @@ -232,16 +217,10 @@ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m); buffer_clear(&m); - mm_request_receive_expect(pmonitor->m_recvfd, - MONITOR_ANS_AUTH2_READ_BANNER, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTH2_READ_BANNER, &m); banner = buffer_get_string(&m, NULL); buffer_free(&m); - /* treat empty banner as missing banner */ - if (strlen(banner) == 0) { - xfree(banner); - banner = NULL; - } return (banner); } @@ -593,7 +572,7 @@ buffer_put_int(&m, seqnr); buffer_put_int64(&m, blocks); buffer_put_int(&m, packets); - packet_get_state(MODE_IN, &seqnr, &blocks, &packets); + packet_get_state(MODE_OUT, &seqnr, &blocks, &packets); buffer_put_int(&m, seqnr); buffer_put_int64(&m, blocks); buffer_put_int(&m, packets); @@ -661,8 +640,9 @@ } void -mm_session_pty_cleanup2(Session *s) +mm_session_pty_cleanup2(void *session) { + Session *s = session; Buffer m; if (s->ttyfd == -1) @@ -958,88 +938,73 @@ return (success); } -#ifdef GSSAPI -OM_uint32 -mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) +#ifdef KRB4 +int +mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply) { - Buffer m; - OM_uint32 major; + KTEXT auth, reply; + Buffer m; + u_int rlen; + int success = 0; + char *p; - /* Client doesn't get to see the context */ - *ctx = NULL; + debug3("%s entering", __func__); + auth = _auth; + reply = _reply; buffer_init(&m); - buffer_put_string(&m, oid->elements, oid->length); + buffer_put_string(&m, auth->dat, auth->length); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB4, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB4, &m); - major = buffer_get_int(&m); - + success = buffer_get_int(&m); + if (success) { + *client = buffer_get_string(&m, NULL); + p = buffer_get_string(&m, &rlen); + if (rlen >= MAX_KTXT_LEN) + fatal("%s: reply from monitor too large", __func__); + reply->length = rlen; + memcpy(reply->dat, p, rlen); + memset(p, 0, rlen); + xfree(p); + } buffer_free(&m); - return (major); + return (success); } +#endif -OM_uint32 -mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in, - gss_buffer_desc *out, OM_uint32 *flags) +#ifdef KRB5 +int +mm_auth_krb5(void *ctx, void *argp, char **userp, void *resp) { + krb5_data *tkt, *reply; Buffer m; - OM_uint32 major; - u_int len; + int success; - buffer_init(&m); - buffer_put_string(&m, in->value, in->length); + debug3("%s entering", __func__); + tkt = (krb5_data *) argp; + reply = (krb5_data *) resp; - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m); - - major = buffer_get_int(&m); - out->value = buffer_get_string(&m, &len); - out->length = len; - if (flags) - *flags = buffer_get_int(&m); - - buffer_free(&m); - - return (major); -} - -OM_uint32 -mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) -{ - Buffer m; - OM_uint32 major; - buffer_init(&m); - buffer_put_string(&m, gssbuf->value, gssbuf->length); - buffer_put_string(&m, gssmic->value, gssmic->length); + buffer_put_string(&m, tkt->data, tkt->length); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSCHECKMIC, - &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB5, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB5, &m); - major = buffer_get_int(&m); - buffer_free(&m); - return(major); -} + success = buffer_get_int(&m); + if (success) { + u_int len; -int -mm_ssh_gssapi_userok(char *user) -{ - Buffer m; - int authenticated = 0; + *userp = buffer_get_string(&m, NULL); + reply->data = buffer_get_string(&m, &len); + reply->length = len; + } else { + memset(reply, 0, sizeof(*reply)); + *userp = NULL; + } - buffer_init(&m); - - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK, - &m); - - authenticated = buffer_get_int(&m); - buffer_free(&m); - debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); - return (authenticated); + return (success); } -#endif /* GSSAPI */ +#endif