*/
#include "includes.h"
-RCSID("$OpenBSD: monitor_wrap.c,v 1.11 2002/06/19 18:01:00 markus Exp $");
+RCSID("$OpenBSD: monitor_wrap.c,v 1.24 2003/04/01 10:22:21 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dh.h>
#include "dh.h"
#include "kex.h"
#include "auth.h"
+#include "auth-options.h"
#include "buffer.h"
#include "bufaux.h"
#include "packet.h"
void
mm_request_send(int socket, enum monitor_reqtype type, Buffer *m)
{
- u_char buf[5];
u_int mlen = buffer_len(m);
+ u_char buf[5];
debug3("%s entering: type %d", __func__, type);
mm_request_receive(int socket, Buffer *m)
{
u_char buf[4];
- ssize_t res;
u_int msg_len;
+ ssize_t res;
debug3("%s entering", __func__);
return (pw);
}
-char* mm_auth2_read_banner(void)
+char *mm_auth2_read_banner(void)
{
Buffer m;
char *banner;
Buffer m;
u_char *blob;
u_int len;
- int allowed = 0;
+ int allowed = 0, have_forced = 0;
debug3("%s entering", __func__);
allowed = buffer_get_int(&m);
+ /* fake forced command */
+ auth_clear_options();
+ have_forced = buffer_get_int(&m);
+ forced_command = have_forced ? xstrdup("true") : NULL;
+
/* Send potential debug messages */
mm_send_debug(&m);
enc->key = buffer_get_string(&b, &enc->key_len);
enc->iv = buffer_get_string(&b, &len);
if (len != enc->block_size)
- fatal("%s: bad ivlen: expected %d != %d", __func__,
+ fatal("%s: bad ivlen: expected %u != %u", __func__,
enc->block_size, len);
if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher)
mac->enabled = buffer_get_int(&b);
mac->key = buffer_get_string(&b, &len);
if (len > mac->key_len)
- fatal("%s: bad mac key length: %d > %d", __func__, len,
+ fatal("%s: bad mac key length: %u > %d", __func__, len,
mac->key_len);
mac->key_len = len;
len = buffer_len(&b);
if (len != 0)
- error("newkeys_from_blob: remaining bytes in blob %d", len);
+ error("newkeys_from_blob: remaining bytes in blob %u", len);
buffer_free(&b);
return (newkey);
}
{
Buffer b;
int len;
- u_char *buf;
Enc *enc;
Mac *mac;
Comp *comp;
buffer_put_cstring(&b, comp->name);
len = buffer_len(&b);
- buf = xmalloc(len);
- memcpy(buf, buffer_ptr(&b), len);
- memset(buffer_ptr(&b), 0, len);
- buffer_free(&b);
if (lenp != NULL)
*lenp = len;
- if (blobp != NULL)
- *blobp = buf;
+ if (blobp != NULL) {
+ *blobp = xmalloc(len);
+ memcpy(*blobp, buffer_ptr(&b), len);
+ }
+ memset(buffer_ptr(&b), 0, len);
+ buffer_free(&b);
return len;
}
mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
{
Buffer m;
- u_char *p;
+ char *p;
int success = 0;
buffer_init(&m);
*name = xstrdup("");
*infotxt = xstrdup("");
*numprompts = 1;
- *prompts = xmalloc(*numprompts * sizeof(char*));
+ *prompts = xmalloc(*numprompts * sizeof(char *));
*echo_on = xmalloc(*numprompts * sizeof(u_int));
(*echo_on)[0] = 0;
}
u_int *numprompts, char ***prompts, u_int **echo_on)
{
Buffer m;
- int res;
+ u_int success;
char *challenge;
debug3("%s: entering", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY,
&m);
- res = buffer_get_int(&m);
- if (res == -1) {
+ success = buffer_get_int(&m);
+ if (success == 0) {
debug3("%s: no challenge", __func__);
buffer_free(&m);
return (-1);
u_int *numprompts, char ***prompts, u_int **echo_on)
{
Buffer m;
- int len, res;
+ int len;
+ u_int success;
char *p, *challenge;
debug3("%s: entering", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY,
&m);
- res = buffer_get_int(&m);
- if (res == -1) {
+ success = buffer_get_int(&m);
+ if (success == 0) {
debug3("%s: no challenge", __func__);
buffer_free(&m);
return (-1);
Key *key;
u_char *blob;
u_int blen;
- int allowed = 0;
+ int allowed = 0, have_forced = 0;
debug3("%s entering", __func__);
allowed = buffer_get_int(&m);
+ /* fake forced command */
+ auth_clear_options();
+ have_forced = buffer_get_int(&m);
+ forced_command = have_forced ? xstrdup("true") : NULL;
+
if (allowed && rkey != NULL) {
blob = buffer_get_string(&m, &blen);
if ((key = key_from_blob(blob, blen)) == NULL)
return (success);
}
+
+#ifdef KRB4
+int
+mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply)
+{
+ KTEXT auth, reply;
+ Buffer m;
+ u_int rlen;
+ int success = 0;
+ char *p;
+
+ debug3("%s entering", __func__);
+ auth = _auth;
+ reply = _reply;
+
+ buffer_init(&m);
+ buffer_put_string(&m, auth->dat, auth->length);
+
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB4, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB4, &m);
+
+ success = buffer_get_int(&m);
+ if (success) {
+ *client = buffer_get_string(&m, NULL);
+ p = buffer_get_string(&m, &rlen);
+ if (rlen >= MAX_KTXT_LEN)
+ fatal("%s: reply from monitor too large", __func__);
+ reply->length = rlen;
+ memcpy(reply->dat, p, rlen);
+ memset(p, 0, rlen);
+ xfree(p);
+ }
+ buffer_free(&m);
+ return (success);
+}
+#endif
+
+#ifdef KRB5
+int
+mm_auth_krb5(void *ctx, void *argp, char **userp, void *resp)
+{
+ krb5_data *tkt, *reply;
+ Buffer m;
+ int success;
+
+ debug3("%s entering", __func__);
+ tkt = (krb5_data *) argp;
+ reply = (krb5_data *) resp;
+
+ buffer_init(&m);
+ buffer_put_string(&m, tkt->data, tkt->length);
+
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB5, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB5, &m);
+
+ success = buffer_get_int(&m);
+ if (success) {
+ u_int len;
+
+ *userp = buffer_get_string(&m, NULL);
+ reply->data = buffer_get_string(&m, &len);
+ reply->length = len;
+ } else {
+ memset(reply, 0, sizeof(*reply));
+ *userp = NULL;
+ }
+
+ buffer_free(&m);
+ return (success);
+}
+#endif
#ifdef GSSAPI
OM_uint32
mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) {
buffer_put_string(&m,oid->elements,oid->length);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m);
-
- debug3("%s: waiting for MONITOR_ANS_GSSSETUP",__func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m);
+
major=buffer_get_int(&m);
+ buffer_free(&m);
return(major);
}
OM_uint32
mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in,
gss_buffer_desc *out, OM_uint32 *flags) {
-
+
Buffer m;
OM_uint32 major;
buffer_init(&m);
buffer_put_string(&m, in->value, in->length);
- mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m);
- debug3("%s: waiting for MONITOR_ANS_GSSSTEP", __func__);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m);
major=buffer_get_int(&m);
out->value=buffer_get_string(&m,&out->length);
if (flags) *flags=buffer_get_int(&m);
+ buffer_free(&m);
+
return(major);
}
int authenticated = 0;
buffer_init(&m);
+
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m);
-
- debug3("%s: waiting for MONITOR_ANS_GSSUSEROK", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK,
&m);
return(authenticated);
}
-int
-mm_ssh_gssapi_localname(char **lname)
-{
- Buffer m;
-
- buffer_init(&m);
- mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSLOCALNAME, &m);
-
- debug3("%s: waiting for MONITOR_ANS_GSSLOCALNAME", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSLOCALNAME,
- &m);
-
- *lname = buffer_get_string(&m, NULL);
-
- buffer_free(&m);
- if (lname[0] == '\0') {
- debug3("%s: gssapi identity mapping failed", __func__);
- } else {
- debug3("%s: gssapi identity mapped to %s", __func__, *lname);
- }
-
- return(0);
-}
-
OM_uint32
mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash) {
Buffer m;
buffer_put_string(&m, data->value, data->length);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSIGN, &m);
-
- debug3("%s: waiting for MONITOR_ANS_GSSSIGN",__func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSIGN, &m);
+
major=buffer_get_int(&m);
hash->value = buffer_get_string(&m, &hash->length);
+ buffer_free(&m);
+
return(major);
}
+char *
+mm_ssh_gssapi_last_error(Gssctxt *ctx, OM_uint32 *major, OM_uint32 *minor) {
+ Buffer m;
+ OM_uint32 maj,min;
+ char *errstr;
+
+ buffer_init(&m);
+
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSERR, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSERR, &m);
+
+ maj = buffer_get_int(&m);
+ min = buffer_get_int(&m);
+
+ if (major) *major=maj;
+ if (minor) *minor=min;
+
+ errstr=buffer_get_string(&m,NULL);
+
+ buffer_free(&m);
+
+ return(errstr);
+}
+
OM_uint32
mm_gss_indicate_mechs(OM_uint32 *minor_status, gss_OID_set *mech_set)
{
Buffer m;
- OM_uint32 major;
- int i=0;
+ OM_uint32 major,minor;
+ int count;
+ gss_OID_desc oid;
+ u_int length;
buffer_init(&m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSMECHS, &m);
-
- debug3("%s: waiting for MONITOR_ANS_GSSMECHS",__func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSMECHS,
&m);
major=buffer_get_int(&m);
- *mech_set = xmalloc(sizeof(gss_OID_set_desc));
- (*mech_set)->count=buffer_get_int(&m);
- (*mech_set)->elements=xmalloc(sizeof(gss_OID_desc)*(*mech_set)->count);
- for (i=0; i < (*mech_set)->count; i++) {
- u_int length;
- (*mech_set)->elements[i].elements=buffer_get_string(&m, &length);
- (*mech_set)->elements[i].length = length;
+ count=buffer_get_int(&m);
+
+ gss_create_empty_oid_set(&minor,mech_set);
+ while(count-->0) {
+ oid.elements=buffer_get_string(&m,&length);
+ oid.length=length;
+ gss_add_oid_set_member(&minor,&oid,mech_set);
}
+ buffer_free(&m);
+
return(major);
}
-OM_uint32
-mm_gss_display_status(OM_uint32 *minor_status, OM_uint32 status_value,
- int status_type, const gss_OID mech_type,
- OM_uint32 *message_context, gss_buffer_t status_string)
+int
+mm_ssh_gssapi_localname(char **lname)
{
Buffer m;
- OM_uint32 major;
buffer_init(&m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSLOCALNAME, &m);
- buffer_put_int(&m, status_value);
- buffer_put_int(&m, status_type);
- if (mech_type) {
- buffer_put_string(&m, mech_type->elements, mech_type->length);
- } else {
- buffer_put_string(&m, "", 0);
- }
- if (message_context) {
- buffer_put_int(&m, *message_context);
- } else {
- buffer_put_int(&m, 0);
- }
+ debug3("%s: waiting for MONITOR_ANS_GSSLOCALNAME", __func__);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSLOCALNAME,
+ &m);
- mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTAT, &m);
+ *lname = buffer_get_string(&m, NULL);
- debug3("%s: waiting for MONITOR_ANS_GSSMECHS",__func__);
- mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTAT,
- &m);
-
- if (message_context) {
- *message_context = buffer_get_int(&m);
+ buffer_free(&m);
+ if (lname[0] == '\0') {
+ debug3("%s: gssapi identity mapping failed", __func__);
} else {
- buffer_get_int(&m);
+ debug3("%s: gssapi identity mapped to %s", __func__, *lname);
}
- status_string->value = buffer_get_string(&m, &status_string->length);
-
- return major;
-}
+
+ return(0);
+}
#endif /* GSSAPI */
#ifdef GSI
buffer_put_cstring(&m, subject_name);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSIGRIDMAP, &m);
- debug3("%s: waiting for MONITOR_ANS_GSIGRIDMAP", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSIGRIDMAP,
&m);
andersk / gssapi-openssh.git / blobdiff