merged OpenSSH 5.3p1 to trunk

[gssapi-openssh.git] / openssh / monitor.c

diff --git a/openssh/monitor.c b/openssh/monitor.c
index 38ee51befe35054d84e35976f6fd4e351f2bb6a0..5f3b801580246adfec7e1604450195e9b33c8632 100644 (file)
--- a/openssh/monitor.c
+++ b/openssh/monitor.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: monitor.c,v 1.104 2009/06/12 20:43:22 andreas Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -25,19 +26,48 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.18 2002/06/26 13:20:57 deraadt Exp $");
 
-#include <openssl/dh.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include "openbsd-compat/sys-tree.h"
+#include <sys/wait.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#include <pwd.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
 
 #ifdef SKEY
 #include <skey.h>
 #endif
 
+#include <openssl/dh.h>
+
+#include "openbsd-compat/sys-queue.h"
+#include "xmalloc.h"
 #include "ssh.h"
+#include "key.h"
+#include "buffer.h"
+#include "hostfile.h"
 #include "auth.h"
+#include "cipher.h"
 #include "kex.h"
 #include "dh.h"
+#ifdef TARGET_OS_MAC   /* XXX Broken krb5 headers on Mac */
+#undef TARGET_OS_MAC
+#include "zlib.h"
+#define TARGET_OS_MAC 1
+#else
 #include "zlib.h"
+#endif
 #include "packet.h"
 #include "auth-options.h"
 #include "sshpty.h"
@@ -49,18 +79,18 @@ RCSID("$OpenBSD: monitor.c,v 1.18 2002/06/26 13:20:57 deraadt Exp $");
 #include "servconf.h"
 #include "monitor.h"
 #include "monitor_mm.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
 #include "monitor_wrap.h"
 #include "monitor_fdpass.h"
-#include "xmalloc.h"
 #include "misc.h"
-#include "buffer.h"
-#include "bufaux.h"
 #include "compat.h"
 #include "ssh2.h"
-#include "mpaux.h"
+#include "jpake.h"
+#include "roaming.h"
 
 #ifdef GSSAPI
-#include "ssh-gss.h"
 static Gssctxt *gsscontext = NULL;
 #endif
 
@@ -71,9 +101,9 @@ extern Newkeys *current_keys[];
 extern z_stream incoming_stream;
 extern z_stream outgoing_stream;
 extern u_char session_id[];
-extern Buffer input, output;
 extern Buffer auth_debug;
 extern int auth_debug_init;
+extern Buffer loginmsg;
 
 /* State exported from the child */
 
@@ -96,9 +126,11 @@ struct {
        u_int ilen;
        u_char *output;
        u_int olen;
+       u_int64_t sent_bytes;
+       u_int64_t recv_bytes;
 } child_state;
 
-/* Functions on the montior that answer unprivileged requests */
+/* Functions on the monitor that answer unprivileged requests */
 
 int mm_answer_moduli(int, Buffer *);
 int mm_answer_sign(int, Buffer *);
@@ -120,23 +152,36 @@ int mm_answer_rsa_challenge(int, Buffer *);
 int mm_answer_rsa_response(int, Buffer *);
 int mm_answer_sesskey(int, Buffer *);
 int mm_answer_sessid(int, Buffer *);
+int mm_answer_jpake_get_pwdata(int, Buffer *);
+int mm_answer_jpake_step1(int, Buffer *);
+int mm_answer_jpake_step2(int, Buffer *);
+int mm_answer_jpake_key_confirm(int, Buffer *);
+int mm_answer_jpake_check_confirm(int, Buffer *);
 
 #ifdef USE_PAM
 int mm_answer_pam_start(int, Buffer *);
+int mm_answer_pam_account(int, Buffer *);
+int mm_answer_pam_init_ctx(int, Buffer *);
+int mm_answer_pam_query(int, Buffer *);
+int mm_answer_pam_respond(int, Buffer *);
+int mm_answer_pam_free_ctx(int, Buffer *);
 #endif
 
 #ifdef GSSAPI
 int mm_answer_gss_setup_ctx(int, Buffer *);
 int mm_answer_gss_accept_ctx(int, Buffer *);
 int mm_answer_gss_userok(int, Buffer *);
-int mm_answer_gss_localname(int, Buffer *);
+int mm_answer_gss_checkmic(int, Buffer *);
 int mm_answer_gss_sign(int, Buffer *);
+int mm_answer_gss_error(int, Buffer *);
 int mm_answer_gss_indicate_mechs(int, Buffer *);
-int mm_answer_gss_display_status(int, Buffer *);
+int mm_answer_gss_localname(int, Buffer *);
+int mm_answer_gss_updatecreds(int, Buffer *);
 #endif
 
-#ifdef GSI
-int mm_answer_gsi_gridmap(int, Buffer *);
+#ifdef SSH_AUDIT_EVENTS
+int mm_answer_audit_event(int, Buffer *);
+int mm_answer_audit_command(int, Buffer *);
 #endif
 
 static Authctxt *authctxt;
@@ -146,11 +191,12 @@ static BIGNUM *ssh1_challenge = NULL;     /* used for ssh1 rsa auth */
 static u_char *key_blob = NULL;
 static u_int key_bloblen = 0;
 static int key_blobtype = MM_NOKEY;
-static u_char *hostbased_cuser = NULL;
-static u_char *hostbased_chost = NULL;
+static char *hostbased_cuser = NULL;
+static char *hostbased_chost = NULL;
 static char *auth_method = "unknown";
-static int session_id2_len = 0;
+static u_int session_id2_len = 0;
 static u_char *session_id2 = NULL;
+static pid_t monitor_child_pid;
 
 struct mon_table {
        enum monitor_reqtype type;
@@ -161,6 +207,7 @@ struct mon_table {
 #define MON_ISAUTH     0x0004  /* Required for Authentication */
 #define MON_AUTHDECIDE 0x0008  /* Decides Authentication */
 #define MON_ONCE       0x0010  /* Disable after calling */
+#define MON_ALOG       0x0020  /* Log auth attempt without authenticating */
 
 #define MON_AUTH       (MON_ISAUTH|MON_AUTHDECIDE)
 
@@ -175,26 +222,42 @@ struct mon_table mon_dispatch_proto20[] = {
     {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
 #ifdef USE_PAM
     {MONITOR_REQ_PAM_START, MON_ISAUTH, mm_answer_pam_start},
+    {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account},
+    {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx},
+    {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query},
+    {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
+    {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
+#endif
+#ifdef SSH_AUDIT_EVENTS
+    {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
 #endif
 #ifdef BSD_AUTH
     {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
-    {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond},
+    {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond},
 #endif
 #ifdef SKEY
     {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery},
     {MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond},
 #endif
+    {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
+    {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify},
 #ifdef GSSAPI
     {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx},
     {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
+    {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
+    {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
     {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign},
+    {MONITOR_REQ_GSSERR, MON_ISAUTH | MON_ONCE, mm_answer_gss_error},
     {MONITOR_REQ_GSSMECHS, MON_ISAUTH, mm_answer_gss_indicate_mechs},
-    {MONITOR_REQ_GSSSTAT, MON_ISAUTH, mm_answer_gss_display_status},
-    {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
-    {MONITOR_REQ_GSSLOCALNAME, MON_AUTH, mm_answer_gss_localname},
+    {MONITOR_REQ_GSSLOCALNAME, MON_ISAUTH, mm_answer_gss_localname},
+#endif
+#ifdef JPAKE
+    {MONITOR_REQ_JPAKE_GET_PWDATA, MON_ONCE, mm_answer_jpake_get_pwdata},
+    {MONITOR_REQ_JPAKE_STEP1, MON_ISAUTH, mm_answer_jpake_step1},
+    {MONITOR_REQ_JPAKE_STEP2, MON_ONCE, mm_answer_jpake_step2},
+    {MONITOR_REQ_JPAKE_KEY_CONFIRM, MON_ONCE, mm_answer_jpake_key_confirm},
+    {MONITOR_REQ_JPAKE_CHECK_CONFIRM, MON_AUTH, mm_answer_jpake_check_confirm},
 #endif
-    {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
-    {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify},
     {0, 0, NULL}
 };
 
@@ -203,14 +266,19 @@ struct mon_table mon_dispatch_postauth20[] = {
     {MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx},
     {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
     {MONITOR_REQ_GSSSIGN, 0, mm_answer_gss_sign},
+    {MONITOR_REQ_GSSERR, 0, mm_answer_gss_error},
     {MONITOR_REQ_GSSMECHS, 0, mm_answer_gss_indicate_mechs},
-    {MONITOR_REQ_GSSSTAT, 0, mm_answer_gss_display_status},
+    {MONITOR_REQ_GSSUPCREDS, 0, mm_answer_gss_updatecreds},
 #endif
     {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
     {MONITOR_REQ_SIGN, 0, mm_answer_sign},
     {MONITOR_REQ_PTY, 0, mm_answer_pty},
     {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},
     {MONITOR_REQ_TERM, 0, mm_answer_term},
+#ifdef SSH_AUDIT_EVENTS
+    {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
+    {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
+#endif
     {0, 0, NULL}
 };
 
@@ -219,13 +287,13 @@ struct mon_table mon_dispatch_proto15[] = {
     {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey},
     {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid},
     {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
-    {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH, mm_answer_rsa_keyallowed},
-    {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
+    {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_rsa_keyallowed},
+    {MONITOR_REQ_KEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_keyallowed},
     {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge},
     {MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response},
 #ifdef BSD_AUTH
     {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
-    {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond},
+    {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond},
 #endif
 #ifdef SKEY
     {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery},
@@ -237,28 +305,29 @@ struct mon_table mon_dispatch_proto15[] = {
     {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign},
     {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
     {MONITOR_REQ_GSSMECHS, MON_ISAUTH, mm_answer_gss_indicate_mechs},
-    {MONITOR_REQ_GSSSTAT, MON_ISAUTH, mm_answer_gss_display_status},
-#endif
-#ifdef GSI
-    {MONITOR_REQ_GSIGRIDMAP, MON_PERMIT, mm_answer_gsi_gridmap},
 #endif
 #ifdef USE_PAM
     {MONITOR_REQ_PAM_START, MON_ISAUTH, mm_answer_pam_start},
+    {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account},
+    {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx},
+    {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query},
+    {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
+    {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
+#endif
+#ifdef SSH_AUDIT_EVENTS
+    {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
 #endif
     {0, 0, NULL}
 };
 
 struct mon_table mon_dispatch_postauth15[] = {
-#ifdef GSSAPI
-    {MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx},
-    {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
-    {MONITOR_REQ_GSSSIGN, 0, mm_answer_gss_sign},
-    {MONITOR_REQ_GSSMECHS, 0, mm_answer_gss_indicate_mechs},
-    {MONITOR_REQ_GSSSTAT, 0, mm_answer_gss_display_status},
-#endif
     {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},
     {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},
     {MONITOR_REQ_TERM, 0, mm_answer_term},
+#ifdef SSH_AUDIT_EVENTS
+    {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
+    {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
+#endif
     {0, 0, NULL}
 };
 
@@ -293,14 +362,19 @@ monitor_permit_authentications(int permit)
        }
 }
 
-Authctxt *
-monitor_child_preauth(struct monitor *pmonitor)
+void
+monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
 {
        struct mon_table *ent;
        int authenticated = 0;
 
        debug3("preauth child monitor started");
 
+       authctxt = _authctxt;
+       memset(authctxt, 0, sizeof(*authctxt));
+
+       authctxt->loginmsg = &loginmsg;
+
        if (compat20) {
                mon_dispatch = mon_dispatch_proto20;
 
@@ -310,30 +384,19 @@ monitor_child_preauth(struct monitor *pmonitor)
 #ifdef GSSAPI          
                /* and for the GSSAPI key exchange */
                monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1);
-               monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1);
-               monitor_permit(mon_dispatch, MONITOR_REQ_GSSSIGN, 1);
+               monitor_permit(mon_dispatch, MONITOR_REQ_GSSERR, 1);
                monitor_permit(mon_dispatch, MONITOR_REQ_GSSMECHS, 1);
-               monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTAT, 1);
 #endif
        } else {
                mon_dispatch = mon_dispatch_proto15;
 
                monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1);
-#ifdef GSSAPI          
-               monitor_permit(mon_dispatch, MONITOR_REQ_GSSSIGN, 1);
-               monitor_permit(mon_dispatch, MONITOR_REQ_GSSMECHS, 1);
-               monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTAT, 1);
-#endif
-#ifdef GSI
-               monitor_permit(mon_dispatch, MONITOR_REQ_GSIGRIDMAP, 1);
-#endif
        }
 
-       authctxt = authctxt_new();
-
        /* The first few requests do not require asynchronous access */
        while (!authenticated) {
-               authenticated = monitor_read(pmonitor, mon_dispatch, &ent);
+               auth_method = "unknown";
+               authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
                if (authenticated) {
                        if (!(ent->flags & MON_AUTHDECIDE))
                                fatal("%s: unexpected authentication from %d",
@@ -342,33 +405,67 @@ monitor_child_preauth(struct monitor *pmonitor)
                            !auth_root_allowed(auth_method))
                                authenticated = 0;
 #ifdef USE_PAM
-                       if (!do_pam_account(authctxt->pw->pw_name, NULL))
-                               authenticated = 0;
+                       /* PAM needs to perform account checks after auth */
+                       if (options.use_pam && authenticated) {
+                               Buffer m;
+
+                               buffer_init(&m);
+                               mm_request_receive_expect(pmonitor->m_sendfd,
+                                   MONITOR_REQ_PAM_ACCOUNT, &m);
+                               authenticated = mm_answer_pam_account(pmonitor->m_sendfd, &m);
+                               buffer_free(&m);
+                       }
 #endif
                }
 
-               if (ent->flags & MON_AUTHDECIDE) {
+               if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
                        auth_log(authctxt, authenticated, auth_method,
                            compat20 ? " ssh2" : "");
                        if (!authenticated)
                                authctxt->failures++;
                }
+#ifdef JPAKE
+               /* Cleanup JPAKE context after authentication */
+               if (ent->flags & MON_AUTHDECIDE) {
+                       if (authctxt->jpake_ctx != NULL) {
+                               jpake_free(authctxt->jpake_ctx);
+                               authctxt->jpake_ctx = NULL;
+                       }
+               }
+#endif
        }
 
        if (!authctxt->valid)
                fatal("%s: authenticated invalid user", __func__);
+       if (strcmp(auth_method, "unknown") == 0)
+               fatal("%s: authentication method name unknown", __func__);
 
        debug("%s: %s has been authenticated by privileged process",
            __func__, authctxt->user);
 
        mm_get_keystate(pmonitor);
+}
+
+static void
+monitor_set_child_handler(pid_t pid)
+{
+       monitor_child_pid = pid;
+}
 
-       return (authctxt);
+static void
+monitor_child_handler(int sig)
+{
+       kill(monitor_child_pid, sig);
 }
 
 void
 monitor_child_postauth(struct monitor *pmonitor)
 {
+       monitor_set_child_handler(pmonitor->m_pid);
+       signal(SIGHUP, &monitor_child_handler);
+       signal(SIGTERM, &monitor_child_handler);
+       signal(SIGINT, &monitor_child_handler);
+
        if (compat20) {
                mon_dispatch = mon_dispatch_postauth20;
 
@@ -377,12 +474,19 @@ monitor_child_postauth(struct monitor *pmonitor)
                monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
                monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
 
+#ifdef GSSAPI
+               /* and for the GSSAPI key exchange */
+               monitor_permit(mon_dispatch, MONITOR_REQ_GSSMECHS,1);
+               monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP,1);
+               monitor_permit(mon_dispatch, MONITOR_REQ_GSSERR,1);
+#endif
+
        } else {
                mon_dispatch = mon_dispatch_postauth15;
                monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
        }
 #ifdef GSSAPI          
-       monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTAT, 1);
+       monitor_permit(mon_dispatch, MONITOR_REQ_GSSERR, 1);
 #endif
        if (!no_pty_flag) {
                monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
@@ -478,7 +582,7 @@ monitor_reset_key_state(void)
 }
 
 int
-mm_answer_moduli(int socket, Buffer *m)
+mm_answer_moduli(int sock, Buffer *m)
 {
        DH *dh;
        int min, want, max;
@@ -508,12 +612,12 @@ mm_answer_moduli(int socket, Buffer *m)
 
                DH_free(dh);
        }
-       mm_request_send(socket, MONITOR_ANS_MODULI, m);
+       mm_request_send(sock, MONITOR_ANS_MODULI, m);
        return (0);
 }
 
 int
-mm_answer_sign(int socket, Buffer *m)
+mm_answer_sign(int sock, Buffer *m)
 {
        Key *key;
        u_char *p;
@@ -526,8 +630,12 @@ mm_answer_sign(int socket, Buffer *m)
        keyid = buffer_get_int(m);
        p = buffer_get_string(m, &datlen);
 
-       if (datlen != 20)
-               fatal("%s: data length incorrect: %d", __func__, datlen);
+       /*
+        * Supported KEX types will only return SHA1 (20 byte) or
+        * SHA256 (32 byte) hashes
+        */
+       if (datlen != 20 && datlen != 32)
+               fatal("%s: data length incorrect: %u", __func__, datlen);
 
        /* save session id, it will be passed on the first call */
        if (session_id2_len == 0) {
@@ -541,7 +649,7 @@ mm_answer_sign(int socket, Buffer *m)
        if (key_sign(key, &signature, &siglen, p, datlen) < 0)
                fatal("%s: key_sign failed", __func__);
 
-       debug3("%s: signature %p(%d)", __func__, signature, siglen);
+       debug3("%s: signature %p(%u)", __func__, signature, siglen);
 
        buffer_clear(m);
        buffer_put_string(m, signature, siglen);
@@ -549,7 +657,7 @@ mm_answer_sign(int socket, Buffer *m)
        xfree(p);
        xfree(signature);
 
-       mm_request_send(socket, MONITOR_ANS_SIGN, m);
+       mm_request_send(sock, MONITOR_ANS_SIGN, m);
 
        /* Turn on permissions for getpwnam */
        monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1);
@@ -560,27 +668,33 @@ mm_answer_sign(int socket, Buffer *m)
 /* Retrieves the password entry and also checks if the user is permitted */
 
 int
-mm_answer_pwnamallow(int socket, Buffer *m)
+mm_answer_pwnamallow(int sock, Buffer *m)
 {
-       char *login;
+       char *username;
        struct passwd *pwent;
        int allowed = 0;
 
        debug3("%s", __func__);
 
-       login = buffer_get_string(m, NULL);
+       username = buffer_get_string(m, NULL);
 
-       pwent = getpwnamallow(login);
+       pwent = getpwnamallow(username);
 
        if (authctxt->user) xfree(authctxt->user);
-       authctxt->user = xstrdup(login);
-       setproctitle("%s [priv]", pwent ? login : "unknown");
-       xfree(login);
+       authctxt->user = xstrdup(username);
+#ifdef USE_PAM
+    if (options.permit_pam_user_change)
+        setproctitle("%s [priv]", pwent ? "[pam]" : "unknown");
+    else
+#endif
+       setproctitle("%s [priv]", pwent ? username : "unknown");
+       xfree(username);
 
        buffer_clear(m);
 
        if (pwent == NULL) {
                buffer_put_char(m, 0);
+               authctxt->pw = fakepw();
                goto out;
        }
 
@@ -600,8 +714,11 @@ mm_answer_pwnamallow(int socket, Buffer *m)
        buffer_put_cstring(m, pwent->pw_shell);
 
  out:
+       buffer_put_string(m, &options, sizeof(options));
+       if (options.banner != NULL)
+               buffer_put_cstring(m, options.banner);
        debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);
-       mm_request_send(socket, MONITOR_ANS_PWNAM, m);
+       mm_request_send(sock, MONITOR_ANS_PWNAM, m);
 
        /* For SSHv1 allow authentication now */
        if (!compat20)
@@ -613,29 +730,30 @@ mm_answer_pwnamallow(int socket, Buffer *m)
        }
 
 #ifdef USE_PAM
-       monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1);
+       if (options.use_pam)
+               monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1);
 #endif
 
        return (0);
 }
 
-int mm_answer_auth2_read_banner(int socket, Buffer *m)
+int mm_answer_auth2_read_banner(int sock, Buffer *m)
 {
        char *banner;
 
        buffer_clear(m);
        banner = auth2_read_banner();
        buffer_put_cstring(m, banner != NULL ? banner : "");
-       mm_request_send(socket, MONITOR_ANS_AUTH2_READ_BANNER, m);
+       mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m);
 
        if (banner != NULL)
-               free(banner);
+               xfree(banner);
 
        return (0);
 }
 
 int
-mm_answer_authserv(int socket, Buffer *m)
+mm_answer_authserv(int sock, Buffer *m)
 {
        monitor_permit_authentications(1);
 
@@ -653,16 +771,17 @@ mm_answer_authserv(int socket, Buffer *m)
 }
 
 int
-mm_answer_authpassword(int socket, Buffer *m)
+mm_answer_authpassword(int sock, Buffer *m)
 {
        static int call_count;
        char *passwd;
-       int authenticated, plen;
+       int authenticated;
+       u_int plen;
 
        passwd = buffer_get_string(m, &plen);
        /* Only authenticate if the context is valid */
        authenticated = options.password_authentication &&
-           authctxt->valid && auth_password(authctxt, passwd);
+           auth_password(authctxt, passwd);
        memset(passwd, 0, strlen(passwd));
        xfree(passwd);
 
@@ -670,7 +789,7 @@ mm_answer_authpassword(int socket, Buffer *m)
        buffer_put_int(m, authenticated);
 
        debug3("%s: sending result %d", __func__, authenticated);
-       mm_request_send(socket, MONITOR_ANS_AUTHPASSWORD, m);
+       mm_request_send(sock, MONITOR_ANS_AUTHPASSWORD, m);
 
        call_count++;
        if (plen == 0 && call_count == 1)
@@ -684,26 +803,26 @@ mm_answer_authpassword(int socket, Buffer *m)
 
 #ifdef BSD_AUTH
 int
-mm_answer_bsdauthquery(int socket, Buffer *m)
+mm_answer_bsdauthquery(int sock, Buffer *m)
 {
        char *name, *infotxt;
        u_int numprompts;
        u_int *echo_on;
        char **prompts;
-       int res;
+       u_int success;
 
-       res = bsdauth_query(authctxt, &name, &infotxt, &numprompts,
-           &prompts, &echo_on);
+       success = bsdauth_query(authctxt, &name, &infotxt, &numprompts,
+           &prompts, &echo_on) < 0 ? 0 : 1;
 
        buffer_clear(m);
-       buffer_put_int(m, res);
-       if (res != -1)
+       buffer_put_int(m, success);
+       if (success)
                buffer_put_cstring(m, prompts[0]);
 
-       debug3("%s: sending challenge res: %d", __func__, res);
-       mm_request_send(socket, MONITOR_ANS_BSDAUTHQUERY, m);
+       debug3("%s: sending challenge success: %u", __func__, success);
+       mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m);
 
-       if (res != -1) {
+       if (success) {
                xfree(name);
                xfree(infotxt);
                xfree(prompts);
@@ -714,7 +833,7 @@ mm_answer_bsdauthquery(int socket, Buffer *m)
 }
 
 int
-mm_answer_bsdauthrespond(int socket, Buffer *m)
+mm_answer_bsdauthrespond(int sock, Buffer *m)
 {
        char *response;
        int authok;
@@ -733,7 +852,7 @@ mm_answer_bsdauthrespond(int socket, Buffer *m)
        buffer_put_int(m, authok);
 
        debug3("%s: sending authenticated: %d", __func__, authok);
-       mm_request_send(socket, MONITOR_ANS_BSDAUTHRESPOND, m);
+       mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m);
 
        auth_method = "bsdauth";
 
@@ -743,27 +862,28 @@ mm_answer_bsdauthrespond(int socket, Buffer *m)
 
 #ifdef SKEY
 int
-mm_answer_skeyquery(int socket, Buffer *m)
+mm_answer_skeyquery(int sock, Buffer *m)
 {
        struct skey skey;
        char challenge[1024];
-       int res;
+       u_int success;
 
-       res = skeychallenge(&skey, authctxt->user, challenge);
+       success = _compat_skeychallenge(&skey, authctxt->user, challenge,
+           sizeof(challenge)) < 0 ? 0 : 1;
 
        buffer_clear(m);
-       buffer_put_int(m, res);
-       if (res != -1)
+       buffer_put_int(m, success);
+       if (success)
                buffer_put_cstring(m, challenge);
 
-       debug3("%s: sending challenge res: %d", __func__, res);
-       mm_request_send(socket, MONITOR_ANS_SKEYQUERY, m);
+       debug3("%s: sending challenge success: %u", __func__, success);
+       mm_request_send(sock, MONITOR_ANS_SKEYQUERY, m);
 
        return (0);
 }
 
 int
-mm_answer_skeyrespond(int socket, Buffer *m)
+mm_answer_skeyrespond(int sock, Buffer *m)
 {
        char *response;
        int authok;
@@ -781,7 +901,7 @@ mm_answer_skeyrespond(int socket, Buffer *m)
        buffer_put_int(m, authok);
 
        debug3("%s: sending authenticated: %d", __func__, authok);
-       mm_request_send(socket, MONITOR_ANS_SKEYRESPOND, m);
+       mm_request_send(sock, MONITOR_ANS_SKEYRESPOND, m);
 
        auth_method = "skey";
 
@@ -791,18 +911,134 @@ mm_answer_skeyrespond(int socket, Buffer *m)
 
 #ifdef USE_PAM
 int
-mm_answer_pam_start(int socket, Buffer *m)
+mm_answer_pam_start(int sock, Buffer *m)
 {
-       char *user;
-       
-       user = buffer_get_string(m, NULL);
+       if (!options.use_pam)
+               fatal("UsePAM not set, but ended up in %s anyway", __func__);
+
+       start_pam(authctxt);
+
+       monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1);
+
+       return (0);
+}
+
+int
+mm_answer_pam_account(int sock, Buffer *m)
+{
+       u_int ret;
+
+       if (!options.use_pam)
+               fatal("UsePAM not set, but ended up in %s anyway", __func__);
+
+       ret = do_pam_account();
+
+       buffer_put_int(m, ret);
+       buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg));
+
+       mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m);
+
+       return (ret);
+}
 
-       start_pam(user);
+static void *sshpam_ctxt, *sshpam_authok;
+extern KbdintDevice sshpam_device;
 
-       xfree(user);
+int
+mm_answer_pam_init_ctx(int sock, Buffer *m)
+{
+
+       debug3("%s", __func__);
+       authctxt->user = buffer_get_string(m, NULL);
+       sshpam_ctxt = (sshpam_device.init_ctx)(authctxt);
+       sshpam_authok = NULL;
+       buffer_clear(m);
+       if (sshpam_ctxt != NULL) {
+               monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1);
+               buffer_put_int(m, 1);
+       } else {
+               buffer_put_int(m, 0);
+       }
+       mm_request_send(sock, MONITOR_ANS_PAM_INIT_CTX, m);
+       return (0);
+}
+
+int
+mm_answer_pam_query(int sock, Buffer *m)
+{
+       char *name, *info, **prompts;
+       u_int i, num, *echo_on;
+       int ret;
 
+       debug3("%s", __func__);
+       sshpam_authok = NULL;
+       ret = (sshpam_device.query)(sshpam_ctxt, &name, &info, &num, &prompts, &echo_on);
+       if (ret == 0 && num == 0)
+               sshpam_authok = sshpam_ctxt;
+       if (num > 1 || name == NULL || info == NULL)
+               ret = -1;
+       buffer_clear(m);
+       buffer_put_int(m, ret);
+       buffer_put_cstring(m, name);
+       xfree(name);
+       buffer_put_cstring(m, info);
+       xfree(info);
+       buffer_put_int(m, num);
+       for (i = 0; i < num; ++i) {
+               buffer_put_cstring(m, prompts[i]);
+               xfree(prompts[i]);
+               buffer_put_int(m, echo_on[i]);
+       }
+       if (prompts != NULL)
+               xfree(prompts);
+       if (echo_on != NULL)
+               xfree(echo_on);
+       auth_method = "keyboard-interactive/pam";
+       mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m);
        return (0);
 }
+
+int
+mm_answer_pam_respond(int sock, Buffer *m)
+{
+       char **resp;
+       u_int i, num;
+       int ret;
+
+       debug3("%s", __func__);
+       sshpam_authok = NULL;
+       num = buffer_get_int(m);
+       if (num > 0) {
+               resp = xcalloc(num, sizeof(char *));
+               for (i = 0; i < num; ++i)
+                       resp[i] = buffer_get_string(m, NULL);
+               ret = (sshpam_device.respond)(sshpam_ctxt, num, resp);
+               for (i = 0; i < num; ++i)
+                       xfree(resp[i]);
+               xfree(resp);
+       } else {
+               ret = (sshpam_device.respond)(sshpam_ctxt, num, NULL);
+       }
+       buffer_clear(m);
+       buffer_put_int(m, ret);
+       mm_request_send(sock, MONITOR_ANS_PAM_RESPOND, m);
+       auth_method = "keyboard-interactive/pam";
+       if (ret == 0)
+               sshpam_authok = sshpam_ctxt;
+       return (0);
+}
+
+int
+mm_answer_pam_free_ctx(int sock, Buffer *m)
+{
+
+       debug3("%s", __func__);
+       (sshpam_device.free_ctx)(sshpam_ctxt);
+       buffer_clear(m);
+       mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m);
+       auth_method = "keyboard-interactive/pam";
+       return (sshpam_authok == sshpam_ctxt);
+}
 #endif
 
 static void
@@ -817,10 +1053,11 @@ mm_append_debug(Buffer *m)
 }
 
 int
-mm_answer_keyallowed(int socket, Buffer *m)
+mm_answer_keyallowed(int sock, Buffer *m)
 {
        Key *key;
-       u_char *cuser, *chost, *blob;
+       char *cuser, *chost;
+       u_char *blob;
        u_int bloblen;
        enum mm_keytype type = 0;
        int allowed = 0;
@@ -840,29 +1077,37 @@ mm_answer_keyallowed(int socket, Buffer *m)
 
        debug3("%s: key_from_blob: %p", __func__, key);
 
-       if (key != NULL && authctxt->pw != NULL) {
-               switch(type) {
+       if (key != NULL && authctxt->valid) {
+               switch (type) {
                case MM_USERKEY:
                        allowed = options.pubkey_authentication &&
                            user_key_allowed(authctxt->pw, key);
+                       auth_method = "publickey";
+                       if (options.pubkey_authentication && allowed != 1)
+                               auth_clear_options();
                        break;
                case MM_HOSTKEY:
                        allowed = options.hostbased_authentication &&
                            hostbased_key_allowed(authctxt->pw,
                            cuser, chost, key);
+                       auth_method = "hostbased";
                        break;
                case MM_RSAHOSTKEY:
                        key->type = KEY_RSA1; /* XXX */
                        allowed = options.rhosts_rsa_authentication &&
                            auth_rhosts_rsa_key_allowed(authctxt->pw,
                            cuser, chost, key);
+                       if (options.rhosts_rsa_authentication && allowed != 1)
+                               auth_clear_options();
+                       auth_method = "rsa";
                        break;
                default:
                        fatal("%s: unknown key type %d", __func__, type);
                        break;
                }
-               key_free(key);
        }
+       if (key != NULL)
+               key_free(key);
 
        /* clear temporarily storage (used by verify) */
        monitor_reset_key_state();
@@ -874,17 +1119,24 @@ mm_answer_keyallowed(int socket, Buffer *m)
                key_blobtype = type;
                hostbased_cuser = cuser;
                hostbased_chost = chost;
+       } else {
+               /* Log failed attempt */
+               auth_log(authctxt, 0, auth_method, compat20 ? " ssh2" : "");
+               xfree(blob);
+               xfree(cuser);
+               xfree(chost);
        }
 
        debug3("%s: key %p is %s",
-           __func__, key, allowed ? "allowed" : "disallowed");
+           __func__, key, allowed ? "allowed" : "not allowed");
 
        buffer_clear(m);
        buffer_put_int(m, allowed);
+       buffer_put_int(m, forced_command != NULL);
 
        mm_append_debug(m);
 
-       mm_request_send(socket, MONITOR_ANS_KEYALLOWED, m);
+       mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m);
 
        if (type == MM_RSAHOSTKEY)
                monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed);
@@ -896,7 +1148,7 @@ static int
 monitor_valid_userblob(u_char *data, u_int datalen)
 {
        Buffer b;
-       u_char *p;
+       char *p;
        u_int len;
        int fail = 0;
 
@@ -923,7 +1175,7 @@ monitor_valid_userblob(u_char *data, u_int datalen)
                fail++;
        p = buffer_get_string(&b, NULL);
        if (strcmp(authctxt->user, p) != 0) {
-               log("wrong user name passed to monitor: expected %s != %.100s",
+               logit("wrong user name passed to monitor: expected %s != %.100s",
                    authctxt->user, p);
                fail++;
        }
@@ -949,11 +1201,11 @@ monitor_valid_userblob(u_char *data, u_int datalen)
 }
 
 static int
-monitor_valid_hostbasedblob(u_char *data, u_int datalen, u_char *cuser,
-    u_char *chost)
+monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
+    char *chost)
 {
        Buffer b;
-       u_char *p;
+       char *p;
        u_int len;
        int fail = 0;
 
@@ -971,7 +1223,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, u_char *cuser,
                fail++;
        p = buffer_get_string(&b, NULL);
        if (strcmp(authctxt->user, p) != 0) {
-               log("wrong user name passed to monitor: expected %s != %.100s",
+               logit("wrong user name passed to monitor: expected %s != %.100s",
                    authctxt->user, p);
                fail++;
        }
@@ -1005,7 +1257,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, u_char *cuser,
 }
 
 int
-mm_answer_keyverify(int socket, Buffer *m)
+mm_answer_keyverify(int sock, Buffer *m)
 {
        Key *key;
        u_char *signature, *data, *blob;
@@ -1042,7 +1294,7 @@ mm_answer_keyverify(int socket, Buffer *m)
 
        verified = key_verify(key, signature, signaturelen, data, datalen);
        debug3("%s: key %p signature %s",
-           __func__, key, verified ? "verified" : "unverified");
+           __func__, key, (verified == 1) ? "verified" : "unverified");
 
        key_free(key);
        xfree(blob);
@@ -1055,9 +1307,9 @@ mm_answer_keyverify(int socket, Buffer *m)
 
        buffer_clear(m);
        buffer_put_int(m, verified);
-       mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m);
+       mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
 
-       return (verified);
+       return (verified == 1);
 }
 
 static void
@@ -1071,34 +1323,33 @@ mm_record_login(Session *s, struct passwd *pw)
         * the address be 0.0.0.0.
         */
        memset(&from, 0, sizeof(from));
+       fromlen = sizeof(from);
        if (packet_connection_is_on_socket()) {
-               fromlen = sizeof(from);
                if (getpeername(packet_get_connection_in(),
-                       (struct sockaddr *) & from, &fromlen) < 0) {
+                   (struct sockaddr *)&from, &fromlen) < 0) {
                        debug("getpeername: %.100s", strerror(errno));
-                       fatal_cleanup();
+                       cleanup_exit(255);
                }
        }
        /* Record that there was a login on that tty from the remote host. */
        record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid,
-           get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping),
-           (struct sockaddr *)&from);
+           get_remote_name_or_ip(utmp_len, options.use_dns),
+           (struct sockaddr *)&from, fromlen);
 }
 
 static void
 mm_session_close(Session *s)
 {
-       debug3("%s: session %d pid %d", __func__, s->self, s->pid);
+       debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid);
        if (s->ttyfd != -1) {
-               debug3("%s: tty %s ptyfd %d",  __func__, s->tty, s->ptyfd);
-               fatal_remove_cleanup(session_pty_cleanup2, (void *)s);
+               debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
                session_pty_cleanup2(s);
        }
-       s->used = 0;
+       session_unused(s->self);
 }
 
 int
-mm_answer_pty(int socket, Buffer *m)
+mm_answer_pty(int sock, Buffer *m)
 {
        extern struct monitor *pmonitor;
        Session *s;
@@ -1116,15 +1367,10 @@ mm_answer_pty(int socket, Buffer *m)
        res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
        if (res == 0)
                goto error;
-       fatal_add_cleanup(session_pty_cleanup2, (void *)s);
        pty_setowner(authctxt->pw, s->tty);
 
        buffer_put_int(m, 1);
        buffer_put_cstring(m, s->tty);
-       mm_request_send(socket, MONITOR_ANS_PTY, m);
-
-       mm_send_fd(socket, s->ptyfd);
-       mm_send_fd(socket, s->ttyfd);
 
        /* We need to trick ttyslot */
        if (dup2(s->ttyfd, 0) == -1)
@@ -1135,6 +1381,16 @@ mm_answer_pty(int socket, Buffer *m)
        /* Now we can close the file descriptor again */
        close(0);
 
+       /* send messages generated by record_login */
+       buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg));
+       buffer_clear(&loginmsg);
+
+       mm_request_send(sock, MONITOR_ANS_PTY, m);
+
+       if (mm_send_fd(sock, s->ptyfd) == -1 ||
+           mm_send_fd(sock, s->ttyfd) == -1)
+               fatal("%s: send fds failed", __func__);
+
        /* make sure nothing uses fd 0 */
        if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0)
                fatal("%s: open(/dev/null): %s", __func__, strerror(errno));
@@ -1147,7 +1403,7 @@ mm_answer_pty(int socket, Buffer *m)
        /* no need to dup() because nobody closes ptyfd */
        s->ptymaster = s->ptyfd;
 
-       debug3("%s: tty %s ptyfd %d",  __func__, s->tty, s->ttyfd);
+       debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd);
 
        return (0);
 
@@ -1155,12 +1411,12 @@ mm_answer_pty(int socket, Buffer *m)
        if (s != NULL)
                mm_session_close(s);
        buffer_put_int(m, 0);
-       mm_request_send(socket, MONITOR_ANS_PTY, m);
+       mm_request_send(sock, MONITOR_ANS_PTY, m);
        return (0);
 }
 
 int
-mm_answer_pty_cleanup(int socket, Buffer *m)
+mm_answer_pty_cleanup(int sock, Buffer *m)
 {
        Session *s;
        char *tty;
@@ -1176,13 +1432,13 @@ mm_answer_pty_cleanup(int socket, Buffer *m)
 }
 
 int
-mm_answer_sesskey(int socket, Buffer *m)
+mm_answer_sesskey(int sock, Buffer *m)
 {
        BIGNUM *p;
        int rsafail;
 
        /* Turn off permissions */
-       monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1);
+       monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 0);
 
        if ((p = BN_new()) == NULL)
                fatal("%s: BN_new", __func__);
@@ -1197,7 +1453,7 @@ mm_answer_sesskey(int socket, Buffer *m)
 
        BN_clear_free(p);
 
-       mm_request_send(socket, MONITOR_ANS_SESSKEY, m);
+       mm_request_send(sock, MONITOR_ANS_SESSKEY, m);
 
        /* Turn on permissions for sessid passing */
        monitor_permit(mon_dispatch, MONITOR_REQ_SESSID, 1);
@@ -1206,7 +1462,7 @@ mm_answer_sesskey(int socket, Buffer *m)
 }
 
 int
-mm_answer_sessid(int socket, Buffer *m)
+mm_answer_sessid(int sock, Buffer *m)
 {
        int i;
 
@@ -1224,7 +1480,7 @@ mm_answer_sessid(int socket, Buffer *m)
 }
 
 int
-mm_answer_rsa_keyallowed(int socket, Buffer *m)
+mm_answer_rsa_keyallowed(int sock, Buffer *m)
 {
        BIGNUM *client_n;
        Key *key = NULL;
@@ -1234,6 +1490,7 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m)
 
        debug3("%s entering", __func__);
 
+       auth_method = "rsa";
        if (options.rsa_authentication && authctxt->valid) {
                if ((client_n = BN_new()) == NULL)
                        fatal("%s: BN_new", __func__);
@@ -1243,6 +1500,7 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m)
        }
        buffer_clear(m);
        buffer_put_int(m, allowed);
+       buffer_put_int(m, forced_command != NULL);
 
        /* clear temporarily storage (used by generate challenge) */
        monitor_reset_key_state();
@@ -1257,12 +1515,13 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m)
                key_blob = blob;
                key_bloblen = blen;
                key_blobtype = MM_RSAUSERKEY;
-               key_free(key);
        }
+       if (key != NULL)
+               key_free(key);
 
        mm_append_debug(m);
 
-       mm_request_send(socket, MONITOR_ANS_RSAKEYALLOWED, m);
+       mm_request_send(sock, MONITOR_ANS_RSAKEYALLOWED, m);
 
        monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed);
        monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 0);
@@ -1270,7 +1529,7 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m)
 }
 
 int
-mm_answer_rsa_challenge(int socket, Buffer *m)
+mm_answer_rsa_challenge(int sock, Buffer *m)
 {
        Key *key = NULL;
        u_char *blob;
@@ -1287,7 +1546,9 @@ mm_answer_rsa_challenge(int socket, Buffer *m)
                fatal("%s: key type mismatch", __func__);
        if ((key = key_from_blob(blob, blen)) == NULL)
                fatal("%s: received bad key", __func__);
-
+       if (key->type != KEY_RSA)
+               fatal("%s: received bad key type %d", __func__, key->type);
+       key->type = KEY_RSA1;
        if (ssh1_challenge)
                BN_clear_free(ssh1_challenge);
        ssh1_challenge = auth_rsa_generate_challenge(key);
@@ -1296,14 +1557,17 @@ mm_answer_rsa_challenge(int socket, Buffer *m)
        buffer_put_bignum2(m, ssh1_challenge);
 
        debug3("%s sending reply", __func__);
-       mm_request_send(socket, MONITOR_ANS_RSACHALLENGE, m);
+       mm_request_send(sock, MONITOR_ANS_RSACHALLENGE, m);
 
        monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1);
+
+       xfree(blob);
+       key_free(key);
        return (0);
 }
 
 int
-mm_answer_rsa_response(int socket, Buffer *m)
+mm_answer_rsa_response(int sock, Buffer *m)
 {
        Key *key = NULL;
        u_char *blob, *response;
@@ -1329,6 +1593,7 @@ mm_answer_rsa_response(int socket, Buffer *m)
                fatal("%s: received bad response to challenge", __func__);
        success = auth_rsa_verify_response(key, ssh1_challenge, response);
 
+       xfree(blob);
        key_free(key);
        xfree(response);
 
@@ -1341,13 +1606,13 @@ mm_answer_rsa_response(int socket, Buffer *m)
 
        buffer_clear(m);
        buffer_put_int(m, success);
-       mm_request_send(socket, MONITOR_ANS_RSARESPONSE, m);
+       mm_request_send(sock, MONITOR_ANS_RSARESPONSE, m);
 
        return (success);
 }
 
 int
-mm_answer_term(int socket, Buffer *req)
+mm_answer_term(int sock, Buffer *req)
 {
        extern struct monitor *pmonitor;
        int res, status;
@@ -1357,6 +1622,11 @@ mm_answer_term(int socket, Buffer *req)
        /* The child is terminating */
        session_destroy_all(&mm_session_close);
 
+#ifdef USE_PAM
+       if (options.use_pam)
+               sshpam_cleanup();
+#endif
+
        while (waitpid(pmonitor->m_pid, &status, 0) == -1)
                if (errno != EINTR)
                        exit(1);
@@ -1364,9 +1634,51 @@ mm_answer_term(int socket, Buffer *req)
        res = WIFEXITED(status) ? WEXITSTATUS(status) : 1;
 
        /* Terminate process */
-       exit (res);
+       exit(res);
 }
 
+#ifdef SSH_AUDIT_EVENTS
+/* Report that an audit event occurred */
+int
+mm_answer_audit_event(int socket, Buffer *m)
+{
+       ssh_audit_event_t event;
+
+       debug3("%s entering", __func__);
+
+       event = buffer_get_int(m);
+       switch(event) {
+       case SSH_AUTH_FAIL_PUBKEY:
+       case SSH_AUTH_FAIL_HOSTBASED:
+       case SSH_AUTH_FAIL_GSSAPI:
+       case SSH_LOGIN_EXCEED_MAXTRIES:
+       case SSH_LOGIN_ROOT_DENIED:
+       case SSH_CONNECTION_CLOSE:
+       case SSH_INVALID_USER:
+               audit_event(event);
+               break;
+       default:
+               fatal("Audit event type %d not permitted", event);
+       }
+
+       return (0);
+}
+
+int
+mm_answer_audit_command(int socket, Buffer *m)
+{
+       u_int len;
+       char *cmd;
+
+       debug3("%s entering", __func__);
+       cmd = buffer_get_string(m, &len);
+       /* sanity check command, if so how? */
+       audit_run_command(cmd);
+       xfree(cmd);
+       return (0);
+}
+#endif /* SSH_AUDIT_EVENTS */
+
 void
 monitor_apply_keystate(struct monitor *pmonitor)
 {
@@ -1404,15 +1716,20 @@ monitor_apply_keystate(struct monitor *pmonitor)
 
        /* Network I/O buffers */
        /* XXX inefficient for large buffers, need: buffer_init_from_string */
-       buffer_clear(&input);
-       buffer_append(&input, child_state.input, child_state.ilen);
+       buffer_clear(packet_get_input());
+       buffer_append(packet_get_input(), child_state.input, child_state.ilen);
        memset(child_state.input, 0, child_state.ilen);
        xfree(child_state.input);
 
-       buffer_clear(&output);
-       buffer_append(&output, child_state.output, child_state.olen);
+       buffer_clear(packet_get_output());
+       buffer_append(packet_get_output(), child_state.output,
+                     child_state.olen);
        memset(child_state.output, 0, child_state.olen);
        xfree(child_state.output);
+
+       /* Roaming */
+       if (compat20)
+               roam_set_bytes(child_state.sent_bytes, child_state.recv_bytes);
 }
 
 static Kex *
@@ -1422,14 +1739,24 @@ mm_get_kex(Buffer *m)
        void *blob;
        u_int bloblen;
 
-       kex = xmalloc(sizeof(*kex));
-       memset(kex, 0, sizeof(*kex));
+       kex = xcalloc(1, sizeof(*kex));
        kex->session_id = buffer_get_string(m, &kex->session_id_len);
        if ((session_id2 == NULL) ||
            (kex->session_id_len != session_id2_len) ||
            (memcmp(kex->session_id, session_id2, session_id2_len) != 0))
                fatal("mm_get_get: internal error: bad session id");
        kex->we_need = buffer_get_int(m);
+       kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
+       kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
+       kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
+       kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
+#ifdef GSSAPI
+       if (options.gss_keyex) {
+               kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
+               kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
+               kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
+       }
+#endif
        kex->server = 1;
        kex->hostkey_type = buffer_get_int(m);
        kex->kex_type = buffer_get_int(m);
@@ -1459,6 +1786,8 @@ mm_get_keystate(struct monitor *pmonitor)
        Buffer m;
        u_char *blob, *p;
        u_int bloblen, plen;
+       u_int32_t seqnr, packets;
+       u_int64_t blocks, bytes;
 
        debug3("%s: Waiting for new keys", __func__);
 
@@ -1488,8 +1817,16 @@ mm_get_keystate(struct monitor *pmonitor)
        xfree(blob);
 
        /* Now get sequence numbers for the packets */
-       packet_set_seqnr(MODE_OUT, buffer_get_int(&m));
-       packet_set_seqnr(MODE_IN, buffer_get_int(&m));
+       seqnr = buffer_get_int(&m);
+       blocks = buffer_get_int64(&m);
+       packets = buffer_get_int(&m);
+       bytes = buffer_get_int64(&m);
+       packet_set_state(MODE_OUT, seqnr, blocks, packets, bytes);
+       seqnr = buffer_get_int(&m);
+       blocks = buffer_get_int64(&m);
+       packets = buffer_get_int(&m);
+       bytes = buffer_get_int64(&m);
+       packet_set_state(MODE_IN, seqnr, blocks, packets, bytes);
 
  skip:
        /* Get the key context */
@@ -1515,6 +1852,12 @@ mm_get_keystate(struct monitor *pmonitor)
        child_state.input = buffer_get_string(&m, &child_state.ilen);
        child_state.output = buffer_get_string(&m, &child_state.olen);
 
+       /* Roaming */
+       if (compat20) {
+               child_state.sent_bytes = buffer_get_int64(&m);
+               child_state.recv_bytes = buffer_get_int64(&m);
+       }
+
        buffer_free(&m);
 }
 
@@ -1523,10 +1866,10 @@ mm_get_keystate(struct monitor *pmonitor)
 void *
 mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
 {
-       int len = size * ncount;
+       size_t len = (size_t) size * ncount;
        void *address;
 
-       if (len <= 0)
+       if (len == 0 || ncount > SIZE_T_MAX / size)
                fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);
 
        address = mm_malloc(mm, len);
@@ -1581,7 +1924,7 @@ monitor_init(void)
        struct monitor *mon;
        int pair[2];
 
-       mon = xmalloc(sizeof(*mon));
+       mon = xcalloc(1, sizeof(*mon));
 
        monitor_socketpair(pair);
 
@@ -1612,65 +1955,166 @@ monitor_reinit(struct monitor *mon)
 }
 
 #ifdef GSSAPI
+int
+mm_answer_gss_setup_ctx(int sock, Buffer *m)
+{
+       gss_OID_desc goid;
+       OM_uint32 major;
+       u_int len;
+
+       if (!options.gss_authentication && !options.gss_keyex)
+               fatal("In GSSAPI monitor when GSSAPI is disabled");
+
+       goid.elements = buffer_get_string(m, &len);
+       goid.length = len;
+
+       major = ssh_gssapi_server_ctx(&gsscontext, &goid);
+
+       xfree(goid.elements);
+
+       buffer_clear(m);
+       buffer_put_int(m, major);
+
+       mm_request_send(sock, MONITOR_ANS_GSSSETUP, m);
+
+       /* Now we have a context, enable the step */
+       monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1);
+
+       return (0);
+}
 
 int
-mm_answer_gss_setup_ctx(int socket, Buffer *m) {
-        gss_OID_desc oid;
-        OM_uint32 major;
-       int len;
+mm_answer_gss_accept_ctx(int sock, Buffer *m)
+{
+       gss_buffer_desc in;
+       gss_buffer_desc out = GSS_C_EMPTY_BUFFER;
+       OM_uint32 major, minor;
+       OM_uint32 flags = 0; /* GSI needs this */
+       u_int len;
 
-        oid.elements=buffer_get_string(m,&len);
-       oid.length=len;
-                
-        major=ssh_gssapi_server_ctx(&gsscontext,&oid);
+       if (!options.gss_authentication && !options.gss_keyex)
+               fatal("In GSSAPI monitor when GSSAPI is disabled");
 
-        xfree(oid.elements);
+       in.value = buffer_get_string(m, &len);
+       in.length = len;
+       major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
+       xfree(in.value);
 
-        buffer_clear(m);
-        buffer_put_int(m,major);
+       buffer_clear(m);
+       buffer_put_int(m, major);
+       buffer_put_string(m, out.value, out.length);
+       buffer_put_int(m, flags);
+       mm_request_send(sock, MONITOR_ANS_GSSSTEP, m);
 
-        mm_request_send(socket,MONITOR_ANS_GSSSETUP,m);
+       gss_release_buffer(&minor, &out);
 
-        return(0);
+       if (major == GSS_S_COMPLETE) {
+               monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
+               monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
+               monitor_permit(mon_dispatch, MONITOR_REQ_GSSSIGN, 1);
+               monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
+               monitor_permit(mon_dispatch, MONITOR_REQ_GSSSIGN, 1);
+       }
+       return (0);
 }
 
 int
-mm_answer_gss_accept_ctx(int socket, Buffer *m) {
-        gss_buffer_desc in,out;
-        OM_uint32 major,minor;
-        OM_uint32 flags = 0; /* GSI needs this */
+mm_answer_gss_checkmic(int sock, Buffer *m)
+{
+       gss_buffer_desc gssbuf, mic;
+       OM_uint32 ret;
+       u_int len;
 
-        in.value = buffer_get_string(m,&in.length);
-        major=ssh_gssapi_accept_ctx(gsscontext,&in,&out,&flags);
-        xfree(in.value);
+       if (!options.gss_authentication && !options.gss_keyex)
+               fatal("In GSSAPI monitor when GSSAPI is disabled");
 
-        buffer_clear(m);
-        buffer_put_int(m, major);
-        buffer_put_string(m, out.value, out.length);
-        buffer_put_int(m, flags);
-        mm_request_send(socket,MONITOR_ANS_GSSSTEP,m);
+       gssbuf.value = buffer_get_string(m, &len);
+       gssbuf.length = len;
+       mic.value = buffer_get_string(m, &len);
+       mic.length = len;
 
-        gss_release_buffer(&minor, &out);
+       ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic);
 
-        return(0);
+       xfree(gssbuf.value);
+       xfree(mic.value);
+
+       buffer_clear(m);
+       buffer_put_int(m, ret);
+
+       mm_request_send(sock, MONITOR_ANS_GSSCHECKMIC, m);
+
+       if (!GSS_ERROR(ret))
+               monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
+
+       return (0);
 }
+
 int
-mm_answer_gss_userok(int socket, Buffer *m) {
+mm_answer_gss_userok(int sock, Buffer *m)
+{
        int authenticated;
 
-        authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
+       if (!options.gss_authentication && !options.gss_keyex)
+               fatal("In GSSAPI monitor when GSSAPI is disabled");
 
-        buffer_clear(m);
-        buffer_put_int(m, authenticated);
+       authenticated = authctxt->valid && 
+           ssh_gssapi_userok(authctxt->user, authctxt->pw);
+
+       buffer_clear(m);
+       buffer_put_int(m, authenticated);
+
+       debug3("%s: sending result %d", __func__, authenticated);
+       mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m);
 
-        debug3("%s: sending result %d", __func__, authenticated);
-        mm_request_send(socket, MONITOR_ANS_GSSUSEROK, m);
+       auth_method = "gssapi-with-mic";
 
-       auth_method="gssapi";
+       /* Monitor loop will terminate if authenticated */
+       return (authenticated);
+}
+
+int
+mm_answer_gss_error(int socket, Buffer *m) {
+        OM_uint32 major,minor;
+        char *msg;
+
+       msg=ssh_gssapi_last_error(gsscontext,&major,&minor);
+       buffer_clear(m);
+       buffer_put_int(m,major);
+       buffer_put_int(m,minor);
+       buffer_put_cstring(m,msg);
+
+       mm_request_send(socket,MONITOR_ANS_GSSERR,m);
+
+       xfree(msg);
        
-        /* Monitor loop will terminate if authenticated */
-        return(authenticated);
+        return(0);
 }
+
+int
+mm_answer_gss_indicate_mechs(int socket, Buffer *m) {
+        OM_uint32 major,minor;
+       gss_OID_set mech_set;
+       size_t i;
+
+       major=gss_indicate_mechs(&minor, &mech_set);
+
+       buffer_clear(m);
+       buffer_put_int(m, major);
+       buffer_put_int(m, mech_set->count);
+       for (i=0; i < mech_set->count; i++) {
+           buffer_put_string(m, mech_set->elements[i].elements,
+                             mech_set->elements[i].length);
+       }
+
+#if !defined(MECHGLUE) /* mechglue memory management bug ??? */
+       gss_release_oid_set(&minor,&mech_set);
+#endif
+       
+       mm_request_send(socket,MONITOR_ANS_GSSMECHS,m);
+
+       return(0);
+}
+
 int
 mm_answer_gss_localname(int socket, Buffer *m) {
        char *name;
@@ -1692,125 +2136,274 @@ mm_answer_gss_localname(int socket, Buffer *m) {
         return(0);
 }
 
-int
-mm_answer_gss_sign(int socket, Buffer *m) {
-        gss_buffer_desc data,hash;
-        OM_uint32 major,minor;
+int 
+mm_answer_gss_sign(int socket, Buffer *m)
+{
+       gss_buffer_desc data;
+       gss_buffer_desc hash = GSS_C_EMPTY_BUFFER;
+       OM_uint32 major, minor;
+       u_int len;
 
-        data.value = buffer_get_string(m,&data.length);
-        if (data.length != 16) {  /* HACK - i.e. we are using SSHv1 */
-        if (data.length != 20)
-                fatal("%s: data length incorrect: %d", __func__, data.length);
+       if (!options.gss_authentication && !options.gss_keyex)
+               fatal("In GSSAPI monitor when GSSAPI is disabled");
 
-        /* Save the session ID - only first time round */
-        if (session_id2_len == 0) {
-                session_id2_len=data.length;
-                session_id2 = xmalloc(session_id2_len);
-                memcpy(session_id2, data.value, session_id2_len);
-        }
-        } /* HACK - end */
-        major=ssh_gssapi_sign(gsscontext, &data, &hash);
+       data.value = buffer_get_string(m, &len);
+       data.length = len;
+       if (data.length != 20) 
+               fatal("%s: data length incorrect: %d", __func__, 
+                   (int) data.length);
 
-        xfree(data.value);
+       /* Save the session ID on the first time around */
+       if (session_id2_len == 0) {
+               session_id2_len = data.length;
+               session_id2 = xmalloc(session_id2_len);
+               memcpy(session_id2, data.value, session_id2_len);
+       }
+       major = ssh_gssapi_sign(gsscontext, &data, &hash);
 
-        buffer_clear(m);
-        buffer_put_int(m, major);
-        buffer_put_string(m, hash.value, hash.length);
+       xfree(data.value);
 
-        mm_request_send(socket,MONITOR_ANS_GSSSIGN,m);
+       buffer_clear(m);
+       buffer_put_int(m, major);
+       buffer_put_string(m, hash.value, hash.length);
 
-        gss_release_buffer(&minor,&hash);
+       mm_request_send(socket, MONITOR_ANS_GSSSIGN, m);
 
-       /* Turn on permissions for getpwnam */
+       gss_release_buffer(&minor, &hash);
+
+       /* Turn on getpwnam permissions */
        monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1);
        
-        return(0);
+       /* And credential updating, for when rekeying */
+       monitor_permit(mon_dispatch, MONITOR_REQ_GSSUPCREDS, 1);
+
+       return (0);
 }
 
 int
-mm_answer_gss_indicate_mechs(int socket, Buffer *m) {
-        OM_uint32 major,minor;
-       gss_OID_set mech_set;
-       int i;
+mm_answer_gss_updatecreds(int socket, Buffer *m) {
+       ssh_gssapi_ccache store;
+       int ok;
 
-       major=gss_indicate_mechs(&minor, &mech_set);
+       store.filename = buffer_get_string(m, NULL);
+       store.envvar   = buffer_get_string(m, NULL);
+       store.envval   = buffer_get_string(m, NULL);
+
+       ok = ssh_gssapi_update_creds(&store);
+
+       xfree(store.filename);
+       xfree(store.envvar);
+       xfree(store.envval);
 
        buffer_clear(m);
-       buffer_put_int(m, major);
-       buffer_put_int(m, mech_set->count);
-       for (i=0; i < mech_set->count; i++) {
-           buffer_put_string(m, mech_set->elements[i].elements,
-                             mech_set->elements[i].length);
-       }
+       buffer_put_int(m, ok);
 
-       mm_request_send(socket,MONITOR_ANS_GSSMECHS,m);
+       mm_request_send(socket, MONITOR_ANS_GSSUPCREDS, m);
 
        return(0);
 }
 
+#endif /* GSSAPI */
+
+#ifdef JPAKE
 int
-mm_answer_gss_display_status(int socket, Buffer *m) {
-        OM_uint32 major,minor,status_value,message_context;
-       int status_type;
-       gss_OID_desc mech_type_desc;
-       gss_OID mech_type;
-       gss_buffer_desc status_string;
-       u_int length;
-
-       status_value = buffer_get_int(m);
-       status_type = buffer_get_int(m);
-       mech_type_desc.elements = buffer_get_string(m, &length);
-       mech_type_desc.length = length;
-       if (length != 0) {
-           mech_type = &mech_type_desc;
-       } else if (gsscontext) {
-           mech_type = gsscontext->oid;
-       } else {
-           mech_type = GSS_C_NO_OID;
-       }
-       message_context = buffer_get_int(m);
+mm_answer_jpake_step1(int sock, Buffer *m)
+{
+       struct jpake_ctx *pctx;
+       u_char *x3_proof, *x4_proof;
+       u_int x3_proof_len, x4_proof_len;
+
+       if (!options.zero_knowledge_password_authentication)
+               fatal("zero_knowledge_password_authentication disabled");
 
-       major=gss_display_status(&minor, status_value, status_type, mech_type,
-                                &message_context, &status_string);
+       if (authctxt->jpake_ctx != NULL)
+               fatal("%s: authctxt->jpake_ctx already set (%p)",
+                   __func__, authctxt->jpake_ctx);
+       authctxt->jpake_ctx = pctx = jpake_new();
+
+       jpake_step1(pctx->grp,
+           &pctx->server_id, &pctx->server_id_len,
+           &pctx->x3, &pctx->x4, &pctx->g_x3, &pctx->g_x4,
+           &x3_proof, &x3_proof_len,
+           &x4_proof, &x4_proof_len);
+
+       JPAKE_DEBUG_CTX((pctx, "step1 done in %s", __func__));
 
        buffer_clear(m);
-       buffer_put_int(m, message_context);
-       buffer_put_string(m, status_string.value, status_string.length);
 
-       mm_request_send(socket,MONITOR_ANS_GSSSTAT,m);
+       buffer_put_string(m, pctx->server_id, pctx->server_id_len);
+       buffer_put_bignum2(m, pctx->g_x3);
+       buffer_put_bignum2(m, pctx->g_x4);
+       buffer_put_string(m, x3_proof, x3_proof_len);
+       buffer_put_string(m, x4_proof, x4_proof_len);
 
-       if (mech_type_desc.elements) {
-           xfree(mech_type_desc.elements);
-       }
+       debug3("%s: sending step1", __func__);
+       mm_request_send(sock, MONITOR_ANS_JPAKE_STEP1, m);
+
+       bzero(x3_proof, x3_proof_len);
+       bzero(x4_proof, x4_proof_len);
+       xfree(x3_proof);
+       xfree(x4_proof);
+
+       monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1);
+       monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0);
 
        return 0;
 }
 
-#endif /* GSSAPI */
+int
+mm_answer_jpake_get_pwdata(int sock, Buffer *m)
+{
+       struct jpake_ctx *pctx = authctxt->jpake_ctx;
+       char *hash_scheme, *salt;
 
-#ifdef GSI
+       if (pctx == NULL)
+               fatal("%s: pctx == NULL", __func__);
+
+       auth2_jpake_get_pwdata(authctxt, &pctx->s, &hash_scheme, &salt);
+
+       buffer_clear(m);
+       /* pctx->s is sensitive, not returned to slave */
+       buffer_put_cstring(m, hash_scheme);
+       buffer_put_cstring(m, salt);
+
+       debug3("%s: sending pwdata", __func__);
+       mm_request_send(sock, MONITOR_ANS_JPAKE_GET_PWDATA, m);
+
+       bzero(hash_scheme, strlen(hash_scheme));
+       bzero(salt, strlen(salt));
+       xfree(hash_scheme);
+       xfree(salt);
+
+       monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1);
+
+       return 0;
+}
 
 int
-mm_answer_gsi_gridmap(int socket, Buffer *m) {
-    char *subject, *name;
+mm_answer_jpake_step2(int sock, Buffer *m)
+{
+       struct jpake_ctx *pctx = authctxt->jpake_ctx;
+       u_char *x1_proof, *x2_proof, *x4_s_proof;
+       u_int x1_proof_len, x2_proof_len, x4_s_proof_len;
 
-    subject = buffer_get_string(m, NULL);
-    
-    gsi_gridmap(subject, &name);
+       if (pctx == NULL)
+               fatal("%s: pctx == NULL", __func__);
 
-    buffer_clear(m);
-    if (name) {
-       buffer_put_cstring(m, name);
-       debug3("%s: sending result %s", __func__, name);
-       xfree(name);
-    } else {
-       buffer_put_cstring(m, "");
-       debug3("%s: sending result \"\"", __func__);
-    }
+       if ((pctx->g_x1 = BN_new()) == NULL ||
+           (pctx->g_x2 = BN_new()) == NULL)
+               fatal("%s: BN_new", __func__);
+       buffer_get_bignum2(m, pctx->g_x1);
+       buffer_get_bignum2(m, pctx->g_x2);
+       pctx->client_id = buffer_get_string(m, &pctx->client_id_len);
+       x1_proof = buffer_get_string(m, &x1_proof_len);
+       x2_proof = buffer_get_string(m, &x2_proof_len);
+
+       jpake_step2(pctx->grp, pctx->s, pctx->g_x3,
+           pctx->g_x1, pctx->g_x2, pctx->x4,
+           pctx->client_id, pctx->client_id_len,
+           pctx->server_id, pctx->server_id_len,
+           x1_proof, x1_proof_len,
+           x2_proof, x2_proof_len,
+           &pctx->b,
+           &x4_s_proof, &x4_s_proof_len);
+
+       JPAKE_DEBUG_CTX((pctx, "step2 done in %s", __func__));
+
+       bzero(x1_proof, x1_proof_len);
+       bzero(x2_proof, x2_proof_len);
+       xfree(x1_proof);
+       xfree(x2_proof);
+
+       buffer_clear(m);
+
+       buffer_put_bignum2(m, pctx->b);
+       buffer_put_string(m, x4_s_proof, x4_s_proof_len);
+
+       debug3("%s: sending step2", __func__);
+       mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m);
+
+       bzero(x4_s_proof, x4_s_proof_len);
+       xfree(x4_s_proof);
+
+       monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1);
+
+       return 0;
+}
+
+int
+mm_answer_jpake_key_confirm(int sock, Buffer *m)
+{
+       struct jpake_ctx *pctx = authctxt->jpake_ctx;
+       u_char *x2_s_proof;
+       u_int x2_s_proof_len;
+
+       if (pctx == NULL)
+               fatal("%s: pctx == NULL", __func__);
+
+       if ((pctx->a = BN_new()) == NULL)
+               fatal("%s: BN_new", __func__);
+       buffer_get_bignum2(m, pctx->a);
+       x2_s_proof = buffer_get_string(m, &x2_s_proof_len);
+
+       jpake_key_confirm(pctx->grp, pctx->s, pctx->a,
+           pctx->x4, pctx->g_x3, pctx->g_x4, pctx->g_x1, pctx->g_x2,
+           pctx->server_id, pctx->server_id_len,
+           pctx->client_id, pctx->client_id_len,
+           session_id2, session_id2_len,
+           x2_s_proof, x2_s_proof_len,
+           &pctx->k,
+           &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len);
+
+       JPAKE_DEBUG_CTX((pctx, "key_confirm done in %s", __func__));
+
+       bzero(x2_s_proof, x2_s_proof_len);
+       buffer_clear(m);
+
+       /* pctx->k is sensitive, not sent */
+       buffer_put_string(m, pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len);
+
+       debug3("%s: sending confirmation hash", __func__);
+       mm_request_send(sock, MONITOR_ANS_JPAKE_KEY_CONFIRM, m);
+
+       monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_CHECK_CONFIRM, 1);
+
+       return 0;
+}
+
+int
+mm_answer_jpake_check_confirm(int sock, Buffer *m)
+{
+       int authenticated = 0;
+       u_char *peer_confirm_hash;
+       u_int peer_confirm_hash_len;
+       struct jpake_ctx *pctx = authctxt->jpake_ctx;
+
+       if (pctx == NULL)
+               fatal("%s: pctx == NULL", __func__);
+
+       peer_confirm_hash = buffer_get_string(m, &peer_confirm_hash_len);
+
+       authenticated = jpake_check_confirm(pctx->k,
+           pctx->client_id, pctx->client_id_len,
+           session_id2, session_id2_len,
+           peer_confirm_hash, peer_confirm_hash_len) && authctxt->valid;
+
+       JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__));
+
+       bzero(peer_confirm_hash, peer_confirm_hash_len);
+       xfree(peer_confirm_hash);
+
+       buffer_clear(m);
+       buffer_put_int(m, authenticated);
+
+       debug3("%s: sending result %d", __func__, authenticated);
+       mm_request_send(sock, MONITOR_ANS_JPAKE_CHECK_CONFIRM, m);
 
-    mm_request_send(socket, MONITOR_ANS_GSIGRIDMAP, m);
+       monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 1);
 
-    return(0);
+       auth_method = "jpake-01@openssh.com";
+       return authenticated;
 }
 
-#endif /* GSI */
+#endif /* JPAKE */