return (success);
}
+
+#ifdef KRB4
+int
+mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply)
+{
+ KTEXT auth, reply;
+ Buffer m;
+ u_int rlen;
+ int success = 0;
+ char *p;
+
+ debug3("%s entering", __func__);
+ auth = _auth;
+ reply = _reply;
+
+ buffer_init(&m);
+ buffer_put_string(&m, auth->dat, auth->length);
+
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB4, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB4, &m);
+
+ success = buffer_get_int(&m);
+ if (success) {
+ *client = buffer_get_string(&m, NULL);
+ p = buffer_get_string(&m, &rlen);
+ if (rlen >= MAX_KTXT_LEN)
+ fatal("%s: reply from monitor too large", __func__);
+ reply->length = rlen;
+ memcpy(reply->dat, p, rlen);
+ memset(p, 0, rlen);
+ xfree(p);
+ }
+ buffer_free(&m);
+ return (success);
+}
+#endif
+
+#ifdef KRB5
+int
+mm_auth_krb5(void *ctx, void *argp, char **userp, void *resp)
+{
+ krb5_data *tkt, *reply;
+ Buffer m;
+ int success;
+
+ debug3("%s entering", __func__);
+ tkt = (krb5_data *) argp;
+ reply = (krb5_data *) resp;
+
+ buffer_init(&m);
+ buffer_put_string(&m, tkt->data, tkt->length);
+
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB5, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB5, &m);
+
+ success = buffer_get_int(&m);
+ if (success) {
+ u_int len;
+
+ *userp = buffer_get_string(&m, NULL);
+ reply->data = buffer_get_string(&m, &len);
+ reply->length = len;
+ } else {
+ memset(reply, 0, sizeof(*reply));
+ *userp = NULL;
+ }
+
+ buffer_free(&m);
+ return (success);
+}
+#endif
#ifdef GSSAPI
OM_uint32
mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) {
buffer_put_string(&m,oid->elements,oid->length);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m);
-
- debug3("%s: waiting for MONITOR_ANS_GSSSETUP",__func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m);
+
major=buffer_get_int(&m);
+ buffer_free(&m);
return(major);
}
OM_uint32
mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in,
gss_buffer_desc *out, OM_uint32 *flags) {
-
+
Buffer m;
OM_uint32 major;
buffer_init(&m);
buffer_put_string(&m, in->value, in->length);
- mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m);
- debug3("%s: waiting for MONITOR_ANS_GSSSTEP", __func__);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m);
major=buffer_get_int(&m);
out->value=buffer_get_string(&m,&out->length);
if (flags) *flags=buffer_get_int(&m);
+ buffer_free(&m);
+
return(major);
}
buffer_init(&m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m);
- debug3("%s: waiting for MONITOR_ANS_GSSUSEROK", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK,
&m);
return(authenticated);
}
-int
-mm_ssh_gssapi_localname(char **lname)
-{
- Buffer m;
-
- buffer_init(&m);
- mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSLOCALNAME, &m);
-
- debug3("%s: waiting for MONITOR_ANS_GSSLOCALNAME", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSLOCALNAME,
- &m);
-
- *lname = buffer_get_string(&m, NULL);
-
- buffer_free(&m);
- if (lname[0] == '\0') {
- debug3("%s: gssapi identity mapping failed", __func__);
- } else {
- debug3("%s: gssapi identity mapped to %s", __func__, *lname);
- }
-
- return(0);
-}
-
OM_uint32
mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash) {
Buffer m;
buffer_put_string(&m, data->value, data->length);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSIGN, &m);
-
- debug3("%s: waiting for MONITOR_ANS_GSSSIGN",__func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSIGN, &m);
+
major=buffer_get_int(&m);
hash->value = buffer_get_string(&m, &hash->length);
+ buffer_free(&m);
+
return(major);
}
+char *
+mm_ssh_gssapi_last_error(Gssctxt *ctx, OM_uint32 *major, OM_uint32 *minor) {
+ Buffer m;
+ OM_uint32 maj,min;
+ char *errstr;
+
+ buffer_init(&m);
+
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSERR, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSERR, &m);
+
+ maj = buffer_get_int(&m);
+ min = buffer_get_int(&m);
+
+ if (major) *major=maj;
+ if (minor) *minor=min;
+
+ errstr=buffer_get_string(&m,NULL);
+
+ buffer_free(&m);
+
+ return(errstr);
+}
+
OM_uint32
mm_gss_indicate_mechs(OM_uint32 *minor_status, gss_OID_set *mech_set)
{
Buffer m;
- OM_uint32 major, lmajor, lminor;
- int i=0, count;
-
+ OM_uint32 major,minor;
+ int count;
+ gss_OID_desc oid;
buffer_init(&m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSMECHS, &m);
-
- debug3("%s: waiting for MONITOR_ANS_GSSMECHS",__func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSMECHS,
&m);
major=buffer_get_int(&m);
- lmajor=gss_create_empty_oid_set(&lminor, mech_set);
count=buffer_get_int(&m);
- for (i=0; i < count; i++) {
- gss_OID_desc member_oid;
+
+ gss_create_empty_oid_set(&minor,mech_set);
+ while(count-->0) {
u_int length;
- member_oid.elements=buffer_get_string(&m, &length);
- member_oid.length=length;
- lmajor=gss_add_oid_set_member(&lminor, &member_oid, mech_set);
+ oid.elements=buffer_get_string(&m,&length);
+ oid.length=length;
+ gss_add_oid_set_member(&minor,&oid,mech_set);
}
+ buffer_free(&m);
+
return(major);
}
-OM_uint32
-mm_gss_display_status(OM_uint32 *minor_status, OM_uint32 status_value,
- int status_type, const gss_OID mech_type,
- OM_uint32 *message_context, gss_buffer_t status_string)
+int
+mm_ssh_gssapi_localname(char **lname)
{
Buffer m;
- OM_uint32 major;
buffer_init(&m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSLOCALNAME, &m);
- buffer_put_int(&m, status_value);
- buffer_put_int(&m, status_type);
- if (mech_type) {
- buffer_put_string(&m, mech_type->elements, mech_type->length);
- } else {
- buffer_put_string(&m, "", 0);
- }
- if (message_context) {
- buffer_put_int(&m, *message_context);
- } else {
- buffer_put_int(&m, 0);
- }
+ debug3("%s: waiting for MONITOR_ANS_GSSLOCALNAME", __func__);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSLOCALNAME,
+ &m);
- mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTAT, &m);
+ *lname = buffer_get_string(&m, NULL);
- debug3("%s: waiting for MONITOR_ANS_GSSMECHS",__func__);
- mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTAT,
- &m);
-
- if (message_context) {
- *message_context = buffer_get_int(&m);
+ buffer_free(&m);
+ if (lname[0] == '\0') {
+ debug3("%s: gssapi identity mapping failed", __func__);
} else {
- buffer_get_int(&m);
+ debug3("%s: gssapi identity mapped to %s", __func__, *lname);
}
- status_string->value = buffer_get_string(&m, &status_string->length);
-
- return major;
-}
+
+ return(0);
+}
#endif /* GSSAPI */
#ifdef GSI
buffer_put_cstring(&m, subject_name);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSIGRIDMAP, &m);
- debug3("%s: waiting for MONITOR_ANS_GSIGRIDMAP", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSIGRIDMAP,
&m);
}
#endif /* GSI */
-
-#ifdef KRB4
-int
-mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply)
-{
- KTEXT auth, reply;
- Buffer m;
- u_int rlen;
- int success = 0;
- char *p;
-
- debug3("%s entering", __func__);
- auth = _auth;
- reply = _reply;
-
- buffer_init(&m);
- buffer_put_string(&m, auth->dat, auth->length);
-
- mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB4, &m);
- mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB4, &m);
-
- success = buffer_get_int(&m);
- if (success) {
- *client = buffer_get_string(&m, NULL);
- p = buffer_get_string(&m, &rlen);
- if (rlen >= MAX_KTXT_LEN)
- fatal("%s: reply from monitor too large", __func__);
- reply->length = rlen;
- memcpy(reply->dat, p, rlen);
- memset(p, 0, rlen);
- xfree(p);
- }
- buffer_free(&m);
- return (success);
-}
-#endif
-
-#ifdef KRB5
-int
-mm_auth_krb5(void *ctx, void *argp, char **userp, void *resp)
-{
- krb5_data *tkt, *reply;
- Buffer m;
- int success;
-
- debug3("%s entering", __func__);
- tkt = (krb5_data *) argp;
- reply = (krb5_data *) resp;
-
- buffer_init(&m);
- buffer_put_string(&m, tkt->data, tkt->length);
-
- mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB5, &m);
- mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB5, &m);
-
- success = buffer_get_int(&m);
- if (success) {
- u_int len;
-
- *userp = buffer_get_string(&m, NULL);
- reply->data = buffer_get_string(&m, &len);
- reply->length = len;
- } else {
- memset(reply, 0, sizeof(*reply));
- *userp = NULL;
- }
-
- buffer_free(&m);
- return (success);
-}
-#endif