Import of OpenSSH 3.7p1

[gssapi-openssh.git] / openssh / monitor_wrap.c

diff --git a/openssh/monitor_wrap.c b/openssh/monitor_wrap.c
index c5e3fb988edfd186225b76eb56dc2019a35f356c..4034d569cdda669ad4eec90a754b9455effac859 100644 (file)
--- a/openssh/monitor_wrap.c
+++ b/openssh/monitor_wrap.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor_wrap.c,v 1.7 2002/05/15 15:47:49 mouring Exp $");
+RCSID("$OpenBSD: monitor_wrap.c,v 1.31 2003/08/28 12:54:34 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/dh.h>
@@ -34,6 +34,7 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.7 2002/05/15 15:47:49 mouring Exp $");
 #include "dh.h"
 #include "kex.h"
 #include "auth.h"
+#include "auth-options.h"
 #include "buffer.h"
 #include "bufaux.h"
 #include "packet.h"
@@ -46,11 +47,16 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.7 2002/05/15 15:47:49 mouring Exp $");
 #include "atomicio.h"
 #include "monitor_fdpass.h"
 #include "getput.h"
+#include "servconf.h"
 
 #include "auth.h"
 #include "channels.h"
 #include "session.h"
 
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+
 /* Imports */
 extern int compat20;
 extern Newkeys *newkeys[];
@@ -58,46 +64,47 @@ extern z_stream incoming_stream;
 extern z_stream outgoing_stream;
 extern struct monitor *pmonitor;
 extern Buffer input, output;
+extern ServerOptions options;
 
 void
 mm_request_send(int socket, enum monitor_reqtype type, Buffer *m)
 {
-       u_char buf[5];
        u_int mlen = buffer_len(m);
+       u_char buf[5];
 
-       debug3("%s entering: type %d", __FUNCTION__, type);
+       debug3("%s entering: type %d", __func__, type);
 
        PUT_32BIT(buf, mlen + 1);
-       buf[4] = (u_char) type;         /* 1st byte of payload is mesg-type */
-       if (atomicio(write, socket, buf, sizeof(buf)) != sizeof(buf))
-               fatal("%s: write", __FUNCTION__);
-       if (atomicio(write, socket, buffer_ptr(m), mlen) != mlen)
-               fatal("%s: write", __FUNCTION__);
+       buf[4] = (u_char) type;         /* 1st byte of payload is mesg-type */
+       if (atomicio(vwrite, socket, buf, sizeof(buf)) != sizeof(buf))
+               fatal("%s: write", __func__);
+       if (atomicio(vwrite, socket, buffer_ptr(m), mlen) != mlen)
+               fatal("%s: write", __func__);
 }
 
 void
 mm_request_receive(int socket, Buffer *m)
 {
        u_char buf[4];
-       ssize_t res;
        u_int msg_len;
+       ssize_t res;
 
-       debug3("%s entering", __FUNCTION__);
+       debug3("%s entering", __func__);
 
        res = atomicio(read, socket, buf, sizeof(buf));
        if (res != sizeof(buf)) {
                if (res == 0)
                        fatal_cleanup();
-               fatal("%s: read: %ld", __FUNCTION__, (long)res);
+               fatal("%s: read: %ld", __func__, (long)res);
        }
        msg_len = GET_32BIT(buf);
        if (msg_len > 256 * 1024)
-               fatal("%s: read: bad msg_len %d", __FUNCTION__, msg_len);
+               fatal("%s: read: bad msg_len %d", __func__, msg_len);
        buffer_clear(m);
        buffer_append_space(m, msg_len);
        res = atomicio(read, socket, buffer_ptr(m), msg_len);
        if (res != msg_len)
-               fatal("%s: read: %ld != msg_len", __FUNCTION__, (long)res);
+               fatal("%s: read: %ld != msg_len", __func__, (long)res);
 }
 
 void
@@ -105,12 +112,12 @@ mm_request_receive_expect(int socket, enum monitor_reqtype type, Buffer *m)
 {
        u_char rtype;
 
-       debug3("%s entering: type %d", __FUNCTION__, type);
+       debug3("%s entering: type %d", __func__, type);
 
        mm_request_receive(socket, m);
        rtype = buffer_get_char(m);
        if (rtype != type)
-               fatal("%s: read: rtype %d != type %d", __FUNCTION__,
+               fatal("%s: read: rtype %d != type %d", __func__,
                    rtype, type);
 }
 
@@ -128,21 +135,21 @@ mm_choose_dh(int min, int nbits, int max)
 
        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, &m);
 
-       debug3("%s: waiting for MONITOR_ANS_MODULI", __FUNCTION__);
+       debug3("%s: waiting for MONITOR_ANS_MODULI", __func__);
        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, &m);
 
        success = buffer_get_char(&m);
        if (success == 0)
-               fatal("%s: MONITOR_ANS_MODULI failed", __FUNCTION__);
+               fatal("%s: MONITOR_ANS_MODULI failed", __func__);
 
        if ((p = BN_new()) == NULL)
-               fatal("%s: BN_new failed", __FUNCTION__);
+               fatal("%s: BN_new failed", __func__);
        if ((g = BN_new()) == NULL)
-               fatal("%s: BN_new failed", __FUNCTION__);
+               fatal("%s: BN_new failed", __func__);
        buffer_get_bignum2(&m, p);
        buffer_get_bignum2(&m, g);
 
-       debug3("%s: remaining %d", __FUNCTION__, buffer_len(&m));
+       debug3("%s: remaining %d", __func__, buffer_len(&m));
        buffer_free(&m);
 
        return (dh_new_group(g, p));
@@ -154,7 +161,7 @@ mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen)
        Kex *kex = *pmonitor->m_pkex;
        Buffer m;
 
-       debug3("%s entering", __FUNCTION__);
+       debug3("%s entering", __func__);
 
        buffer_init(&m);
        buffer_put_int(&m, kex->host_key_index(key));
@@ -162,7 +169,7 @@ mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen)
 
        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m);
 
-       debug3("%s: waiting for MONITOR_ANS_SIGN", __FUNCTION__);
+       debug3("%s: waiting for MONITOR_ANS_SIGN", __func__);
        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, &m);
        *sigp  = buffer_get_string(&m, lenp);
        buffer_free(&m);
@@ -177,14 +184,14 @@ mm_getpwnamallow(const char *login)
        struct passwd *pw;
        u_int pwlen;
 
-       debug3("%s entering", __FUNCTION__);
+       debug3("%s entering", __func__);
 
        buffer_init(&m);
        buffer_put_cstring(&m, login);
 
        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, &m);
 
-       debug3("%s: waiting for MONITOR_ANS_PWNAM", __FUNCTION__);
+       debug3("%s: waiting for MONITOR_ANS_PWNAM", __func__);
        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, &m);
 
        if (buffer_get_char(&m) == 0) {
@@ -193,7 +200,7 @@ mm_getpwnamallow(const char *login)
        }
        pw = buffer_get_string(&m, &pwlen);
        if (pwlen != sizeof(struct passwd))
-               fatal("%s: struct passwd size mismatch", __FUNCTION__);
+               fatal("%s: struct passwd size mismatch", __func__);
        pw->pw_name = buffer_get_string(&m, NULL);
        pw->pw_passwd = buffer_get_string(&m, NULL);
        pw->pw_gecos = buffer_get_string(&m, NULL);
@@ -207,12 +214,12 @@ mm_getpwnamallow(const char *login)
        return (pw);
 }
 
-char* mm_auth2_read_banner(void)
+char *mm_auth2_read_banner(void)
 {
        Buffer m;
        char *banner;
 
-       debug3("%s entering", __FUNCTION__);
+       debug3("%s entering", __func__);
 
        buffer_init(&m);
        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m);
@@ -221,7 +228,7 @@ char* mm_auth2_read_banner(void)
        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTH2_READ_BANNER, &m);
        banner = buffer_get_string(&m, NULL);
        buffer_free(&m);
-       
+
        return (banner);
 }
 
@@ -232,7 +239,7 @@ mm_inform_authserv(char *service, char *style)
 {
        Buffer m;
 
-       debug3("%s entering", __FUNCTION__);
+       debug3("%s entering", __func__);
 
        buffer_init(&m);
        buffer_put_cstring(&m, service);
@@ -250,13 +257,13 @@ mm_auth_password(Authctxt *authctxt, char *password)
        Buffer m;
        int authenticated = 0;
 
-       debug3("%s entering", __FUNCTION__);
+       debug3("%s entering", __func__);
 
        buffer_init(&m);
        buffer_put_cstring(&m, password);
        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m);
 
-       debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __FUNCTION__);
+       debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __func__);
        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m);
 
        authenticated = buffer_get_int(&m);
@@ -264,7 +271,7 @@ mm_auth_password(Authctxt *authctxt, char *password)
        buffer_free(&m);
 
        debug3("%s: user %sauthenticated",
-           __FUNCTION__, authenticated ? "" : "not ");
+           __func__, authenticated ? "" : "not ");
        return (authenticated);
 }
 
@@ -300,7 +307,7 @@ mm_send_debug(Buffer *m)
 
        while (buffer_len(m)) {
                msg = buffer_get_string(m, NULL);
-               debug3("%s: Sending debug: %s", __FUNCTION__, msg);
+               debug3("%s: Sending debug: %s", __func__, msg);
                packet_send_debug("%s", msg);
                xfree(msg);
        }
@@ -312,9 +319,9 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
        Buffer m;
        u_char *blob;
        u_int len;
-       int allowed = 0;
+       int allowed = 0, have_forced = 0;
 
-       debug3("%s entering", __FUNCTION__);
+       debug3("%s entering", __func__);
 
        /* Convert the key to a blob and the pass it over */
        if (!key_to_blob(key, &blob, &len))
@@ -329,11 +336,16 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
 
        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);
 
-       debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __FUNCTION__);
+       debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__);
        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m);
 
        allowed = buffer_get_int(&m);
 
+       /* fake forced command */
+       auth_clear_options();
+       have_forced = buffer_get_int(&m);
+       forced_command = have_forced ? xstrdup("true") : NULL;
+
        /* Send potential debug messages */
        mm_send_debug(&m);
 
@@ -356,7 +368,7 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
        u_int len;
        int verified = 0;
 
-       debug3("%s entering", __FUNCTION__);
+       debug3("%s entering", __func__);
 
        /* Convert the key to a blob and the pass it over */
        if (!key_to_blob(key, &blob, &len))
@@ -370,7 +382,7 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
 
        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m);
 
-       debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __FUNCTION__);
+       debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__);
        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m);
 
        verified = buffer_get_int(&m);
@@ -391,7 +403,7 @@ mm_newkeys_from_blob(u_char *blob, int blen)
        Mac *mac;
        Comp *comp;
 
-       debug3("%s: %p(%d)", __FUNCTION__, blob, blen);
+       debug3("%s: %p(%d)", __func__, blob, blen);
 #ifdef DEBUG_PK
        dump_base64(stderr, blob, blen);
 #endif
@@ -411,21 +423,21 @@ mm_newkeys_from_blob(u_char *blob, int blen)
        enc->key = buffer_get_string(&b, &enc->key_len);
        enc->iv = buffer_get_string(&b, &len);
        if (len != enc->block_size)
-               fatal("%s: bad ivlen: expected %d != %d", __FUNCTION__,
+               fatal("%s: bad ivlen: expected %u != %u", __func__,
                    enc->block_size, len);
 
        if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher)
-               fatal("%s: bad cipher name %s or pointer %p", __FUNCTION__,
+               fatal("%s: bad cipher name %s or pointer %p", __func__,
                    enc->name, enc->cipher);
 
        /* Mac structure */
        mac->name = buffer_get_string(&b, NULL);
        if (mac->name == NULL || mac_init(mac, mac->name) == -1)
-               fatal("%s: can not init mac %s", __FUNCTION__, mac->name);
+               fatal("%s: can not init mac %s", __func__, mac->name);
        mac->enabled = buffer_get_int(&b);
        mac->key = buffer_get_string(&b, &len);
        if (len > mac->key_len)
-               fatal("%s: bad mac key lenght: %d > %d", __FUNCTION__, len,
+               fatal("%s: bad mac key length: %u > %d", __func__, len,
                    mac->key_len);
        mac->key_len = len;
 
@@ -436,7 +448,7 @@ mm_newkeys_from_blob(u_char *blob, int blen)
 
        len = buffer_len(&b);
        if (len != 0)
-               error("newkeys_from_blob: remaining bytes in blob %d", len);
+               error("newkeys_from_blob: remaining bytes in blob %u", len);
        buffer_free(&b);
        return (newkey);
 }
@@ -446,16 +458,15 @@ mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp)
 {
        Buffer b;
        int len;
-       u_char *buf;
        Enc *enc;
        Mac *mac;
        Comp *comp;
        Newkeys *newkey = newkeys[mode];
 
-       debug3("%s: converting %p", __FUNCTION__, newkey);
+       debug3("%s: converting %p", __func__, newkey);
 
        if (newkey == NULL) {
-               error("%s: newkey == NULL", __FUNCTION__);
+               error("%s: newkey == NULL", __func__);
                return 0;
        }
        enc = &newkey->enc;
@@ -484,14 +495,14 @@ mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp)
        buffer_put_cstring(&b, comp->name);
 
        len = buffer_len(&b);
-       buf = xmalloc(len);
-       memcpy(buf, buffer_ptr(&b), len);
-       memset(buffer_ptr(&b), 0, len);
-       buffer_free(&b);
        if (lenp != NULL)
                *lenp = len;
-       if (blobp != NULL)
-               *blobp = buf;
+       if (blobp != NULL) {
+               *blobp = xmalloc(len);
+               memcpy(*blobp, buffer_ptr(&b), len);
+       }
+       memset(buffer_ptr(&b), 0, len);
+       buffer_free(&b);
        return len;
 }
 
@@ -515,18 +526,28 @@ mm_send_keystate(struct monitor *pmonitor)
        Buffer m;
        u_char *blob, *p;
        u_int bloblen, plen;
+       u_int32_t seqnr, packets;
+       u_int64_t blocks;
 
        buffer_init(&m);
 
        if (!compat20) {
                u_char iv[24];
-               int ivlen;
+               u_char *key;
+               u_int ivlen, keylen;
 
                buffer_put_int(&m, packet_get_protocol_flags());
 
                buffer_put_int(&m, packet_get_ssh1_cipher());
 
-               debug3("%s: Sending ssh1 IV", __FUNCTION__);
+               debug3("%s: Sending ssh1 KEY+IV", __func__);
+               keylen = packet_get_encryption_key(NULL);
+               key = xmalloc(keylen+1);        /* add 1 if keylen == 0 */
+               keylen = packet_get_encryption_key(key);
+               buffer_put_string(&m, key, keylen);
+               memset(key, 0, keylen);
+               xfree(key);
+
                ivlen = packet_get_keyiv_len(MODE_OUT);
                packet_get_keyiv(MODE_OUT, iv, ivlen);
                buffer_put_string(&m, iv, ivlen);
@@ -540,25 +561,31 @@ mm_send_keystate(struct monitor *pmonitor)
        }
 
        debug3("%s: Sending new keys: %p %p",
-           __FUNCTION__, newkeys[MODE_OUT], newkeys[MODE_IN]);
+           __func__, newkeys[MODE_OUT], newkeys[MODE_IN]);
 
        /* Keys from Kex */
        if (!mm_newkeys_to_blob(MODE_OUT, &blob, &bloblen))
-               fatal("%s: conversion of newkeys failed", __FUNCTION__);
+               fatal("%s: conversion of newkeys failed", __func__);
 
        buffer_put_string(&m, blob, bloblen);
        xfree(blob);
 
        if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen))
-               fatal("%s: conversion of newkeys failed", __FUNCTION__);
+               fatal("%s: conversion of newkeys failed", __func__);
 
        buffer_put_string(&m, blob, bloblen);
        xfree(blob);
 
-       buffer_put_int(&m, packet_get_seqnr(MODE_OUT));
-       buffer_put_int(&m, packet_get_seqnr(MODE_IN));
+       packet_get_state(MODE_OUT, &seqnr, &blocks, &packets);
+       buffer_put_int(&m, seqnr);
+       buffer_put_int64(&m, blocks);
+       buffer_put_int(&m, packets);
+       packet_get_state(MODE_IN, &seqnr, &blocks, &packets);
+       buffer_put_int(&m, seqnr);
+       buffer_put_int64(&m, blocks);
+       buffer_put_int(&m, packets);
 
-       debug3("%s: New keys have been sent", __FUNCTION__);
+       debug3("%s: New keys have been sent", __func__);
  skip:
        /* More key context */
        plen = packet_get_keycontext(MODE_OUT, NULL);
@@ -574,7 +601,7 @@ mm_send_keystate(struct monitor *pmonitor)
        xfree(p);
 
        /* Compression state */
-       debug3("%s: Sending compression state", __FUNCTION__);
+       debug3("%s: Sending compression state", __func__);
        buffer_put_string(&m, &outgoing_stream, sizeof(outgoing_stream));
        buffer_put_string(&m, &incoming_stream, sizeof(incoming_stream));
 
@@ -583,7 +610,7 @@ mm_send_keystate(struct monitor *pmonitor)
        buffer_put_string(&m, buffer_ptr(&output), buffer_len(&output));
 
        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYEXPORT, &m);
-       debug3("%s: Finished sending state", __FUNCTION__);
+       debug3("%s: Finished sending state", __func__);
 
        buffer_free(&m);
 }
@@ -592,18 +619,18 @@ int
 mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
 {
        Buffer m;
-       u_char *p;
+       char *p;
        int success = 0;
 
        buffer_init(&m);
        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m);
 
-       debug3("%s: waiting for MONITOR_ANS_PTY", __FUNCTION__);
+       debug3("%s: waiting for MONITOR_ANS_PTY", __func__);
        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, &m);
 
        success = buffer_get_int(&m);
        if (success == 0) {
-               debug3("%s: pty alloc failed", __FUNCTION__);
+               debug3("%s: pty alloc failed", __func__);
                buffer_free(&m);
                return (0);
        }
@@ -647,7 +674,9 @@ mm_start_pam(char *user)
 {
        Buffer m;
 
-       debug3("%s entering", __FUNCTION__);
+       debug3("%s entering", __func__);
+       if (!options.use_pam)
+               fatal("UsePAM=no, but ended up in %s anyway", __func__);
 
        buffer_init(&m);
        buffer_put_cstring(&m, user);
@@ -656,6 +685,112 @@ mm_start_pam(char *user)
 
        buffer_free(&m);
 }
+
+u_int
+mm_do_pam_account(void)
+{
+       Buffer m;
+       u_int ret;
+
+       debug3("%s entering", __func__);
+       if (!options.use_pam)
+               fatal("UsePAM=no, but ended up in %s anyway", __func__);
+
+       buffer_init(&m);
+       mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, &m);
+
+       mm_request_receive_expect(pmonitor->m_recvfd, 
+           MONITOR_ANS_PAM_ACCOUNT, &m);
+       ret = buffer_get_int(&m);
+
+       buffer_free(&m);
+       
+       debug3("%s returning %d", __func__, ret);
+
+       return (ret);
+}
+
+void *
+mm_sshpam_init_ctx(Authctxt *authctxt)
+{
+       Buffer m;
+       int success;
+
+       debug3("%s", __func__);
+       buffer_init(&m);
+       buffer_put_cstring(&m, authctxt->user);
+       mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m);
+       debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
+       mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m);
+       success = buffer_get_int(&m);
+       if (success == 0) {
+               debug3("%s: pam_init_ctx failed", __func__);
+               buffer_free(&m);
+               return (NULL);
+       }
+       buffer_free(&m);
+       return (authctxt);
+}
+
+int
+mm_sshpam_query(void *ctx, char **name, char **info,
+    u_int *num, char ***prompts, u_int **echo_on)
+{
+       Buffer m;
+       int i, ret;
+
+       debug3("%s", __func__);
+       buffer_init(&m);
+       mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, &m);
+       debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__);
+       mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, &m);
+       ret = buffer_get_int(&m);
+       debug3("%s: pam_query returned %d", __func__, ret);
+       *name = buffer_get_string(&m, NULL);
+       *info = buffer_get_string(&m, NULL);
+       *num = buffer_get_int(&m);
+       *prompts = xmalloc((*num + 1) * sizeof(char *));
+       *echo_on = xmalloc((*num + 1) * sizeof(u_int));
+       for (i = 0; i < *num; ++i) {
+               (*prompts)[i] = buffer_get_string(&m, NULL);
+               (*echo_on)[i] = buffer_get_int(&m);
+       }
+       buffer_free(&m);
+       return (ret);
+}
+
+int
+mm_sshpam_respond(void *ctx, u_int num, char **resp)
+{
+       Buffer m;
+       int i, ret;
+
+       debug3("%s", __func__);
+       buffer_init(&m);
+       buffer_put_int(&m, num);
+       for (i = 0; i < num; ++i)
+               buffer_put_cstring(&m, resp[i]);
+       mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, &m);
+       debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__);
+       mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_RESPOND, &m);
+       ret = buffer_get_int(&m);
+       debug3("%s: pam_respond returned %d", __func__, ret);
+       buffer_free(&m);
+       return (ret);
+}
+
+void
+mm_sshpam_free_ctx(void *ctxtp)
+{
+       Buffer m;
+
+       debug3("%s", __func__);
+       buffer_init(&m);
+       mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, &m);
+       debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__);
+       mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_FREE_CTX, &m);
+       buffer_free(&m);
+}
 #endif /* USE_PAM */
 
 /* Request process termination */
@@ -694,10 +829,10 @@ static void
 mm_chall_setup(char **name, char **infotxt, u_int *numprompts,
     char ***prompts, u_int **echo_on)
 {
-       *name       = xstrdup("");
-       *infotxt    = xstrdup("");
+       *name = xstrdup("");
+       *infotxt = xstrdup("");
        *numprompts = 1;
-       *prompts = xmalloc(*numprompts * sizeof(char*));
+       *prompts = xmalloc(*numprompts * sizeof(char *));
        *echo_on = xmalloc(*numprompts * sizeof(u_int));
        (*echo_on)[0] = 0;
 }
@@ -707,19 +842,19 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt,
    u_int *numprompts, char ***prompts, u_int **echo_on)
 {
        Buffer m;
-       int res;
+       u_int success;
        char *challenge;
 
-       debug3("%s: entering", __FUNCTION__);
+       debug3("%s: entering", __func__);
 
        buffer_init(&m);
        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m);
 
        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY,
            &m);
-       res = buffer_get_int(&m);
-       if (res == -1) {
-               debug3("%s: no challenge", __FUNCTION__);
+       success = buffer_get_int(&m);
+       if (success == 0) {
+               debug3("%s: no challenge", __func__);
                buffer_free(&m);
                return (-1);
        }
@@ -731,7 +866,7 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt,
        mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
        (*prompts)[0] = challenge;
 
-       debug3("%s: received challenge: %s", __FUNCTION__, challenge);
+       debug3("%s: received challenge: %s", __func__, challenge);
 
        return (0);
 }
@@ -742,7 +877,7 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses)
        Buffer m;
        int authok;
 
-       debug3("%s: entering", __FUNCTION__);
+       debug3("%s: entering", __func__);
        if (numresponses != 1)
                return (-1);
 
@@ -764,19 +899,20 @@ mm_skey_query(void *ctx, char **name, char **infotxt,
    u_int *numprompts, char ***prompts, u_int **echo_on)
 {
        Buffer m;
-       int len, res;
+       int len;
+       u_int success;
        char *p, *challenge;
 
-       debug3("%s: entering", __FUNCTION__);
+       debug3("%s: entering", __func__);
 
        buffer_init(&m);
        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m);
 
        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY,
            &m);
-       res = buffer_get_int(&m);
-       if (res == -1) {
-               debug3("%s: no challenge", __FUNCTION__);
+       success = buffer_get_int(&m);
+       if (success == 0) {
+               debug3("%s: no challenge", __func__);
                buffer_free(&m);
                return (-1);
        }
@@ -785,7 +921,7 @@ mm_skey_query(void *ctx, char **name, char **infotxt,
        challenge  = buffer_get_string(&m, NULL);
        buffer_free(&m);
 
-       debug3("%s: received challenge: %s", __FUNCTION__, challenge);
+       debug3("%s: received challenge: %s", __func__, challenge);
 
        mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
 
@@ -805,7 +941,7 @@ mm_skey_respond(void *ctx, u_int numresponses, char **responses)
        Buffer m;
        int authok;
 
-       debug3("%s: entering", __FUNCTION__);
+       debug3("%s: entering", __func__);
        if (numresponses != 1)
                return (-1);
 
@@ -828,7 +964,7 @@ mm_ssh1_session_id(u_char session_id[16])
        Buffer m;
        int i;
 
-       debug3("%s entering", __FUNCTION__);
+       debug3("%s entering", __func__);
 
        buffer_init(&m);
        for (i = 0; i < 16; i++)
@@ -845,9 +981,9 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
        Key *key;
        u_char *blob;
        u_int blen;
-       int allowed = 0;
+       int allowed = 0, have_forced = 0;
 
-       debug3("%s entering", __FUNCTION__);
+       debug3("%s entering", __func__);
 
        buffer_init(&m);
        buffer_put_bignum2(&m, client_n);
@@ -857,10 +993,15 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
 
        allowed = buffer_get_int(&m);
 
+       /* fake forced command */
+       auth_clear_options();
+       have_forced = buffer_get_int(&m);
+       forced_command = have_forced ? xstrdup("true") : NULL;
+
        if (allowed && rkey != NULL) {
                blob = buffer_get_string(&m, &blen);
                if ((key = key_from_blob(blob, blen)) == NULL)
-                       fatal("%s: key_from_blob failed", __FUNCTION__);
+                       fatal("%s: key_from_blob failed", __func__);
                *rkey = key;
                xfree(blob);
        }
@@ -878,14 +1019,14 @@ mm_auth_rsa_generate_challenge(Key *key)
        u_char *blob;
        u_int blen;
 
-       debug3("%s entering", __FUNCTION__);
+       debug3("%s entering", __func__);
 
        if ((challenge = BN_new()) == NULL)
-               fatal("%s: BN_new failed", __FUNCTION__);
+               fatal("%s: BN_new failed", __func__);
 
        key->type = KEY_RSA;    /* XXX cheat for key_to_blob */
        if (key_to_blob(key, &blob, &blen) == 0)
-               fatal("%s: key_to_blob failed", __FUNCTION__);
+               fatal("%s: key_to_blob failed", __func__);
        key->type = KEY_RSA1;
 
        buffer_init(&m);
@@ -909,11 +1050,11 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16])
        u_int blen;
        int success = 0;
 
-       debug3("%s entering", __FUNCTION__);
+       debug3("%s entering", __func__);
 
        key->type = KEY_RSA;    /* XXX cheat for key_to_blob */
        if (key_to_blob(key, &blob, &blen) == 0)
-               fatal("%s: key_to_blob failed", __FUNCTION__);
+               fatal("%s: key_to_blob failed", __func__);
        key->type = KEY_RSA1;
 
        buffer_init(&m);
@@ -929,3 +1070,70 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16])
 
        return (success);
 }
+
+#ifdef GSSAPI
+OM_uint32
+mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
+{
+       Buffer m;
+       OM_uint32 major;
+
+       /* Client doesn't get to see the context */
+       *ctx = NULL;
+
+       buffer_init(&m);
+       buffer_put_string(&m, oid->elements, oid->length);
+
+       mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m);
+       mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m);
+
+       major = buffer_get_int(&m);
+
+       buffer_free(&m);
+       return (major);
+}
+
+OM_uint32
+mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in,
+    gss_buffer_desc *out, OM_uint32 *flags)
+{
+       Buffer m;
+       OM_uint32 major;
+       u_int len;
+
+       buffer_init(&m);
+       buffer_put_string(&m, in->value, in->length);
+
+       mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m);
+       mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m);
+
+       major = buffer_get_int(&m);
+       out->value = buffer_get_string(&m, &len);
+       out->length = len;
+       if (flags)
+               *flags = buffer_get_int(&m);
+
+       buffer_free(&m);
+
+       return (major);
+}
+
+int
+mm_ssh_gssapi_userok(char *user)
+{
+       Buffer m;
+       int authenticated = 0;
+
+       buffer_init(&m);
+
+       mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m);
+       mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK,
+                                 &m);
+
+       authenticated = buffer_get_int(&m);
+
+       buffer_free(&m);
+       debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
+       return (authenticated);
+}
+#endif /* GSSAPI */