The man2html from jbasney on pkilab2 works whereas the standard one doesn't.

[gssapi-openssh.git] / openssh / monitor.c

diff --git a/openssh/monitor.c b/openssh/monitor.c
index e0434d5bcf506f732da2fb2212953acdd1a8464d..1528127fde1b7327af88471167cf69d8bdc4ab17 100644 (file)
--- a/openssh/monitor.c
+++ b/openssh/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.101 2009/02/12 03:26:22 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.104 2009/06/12 20:43:22 andreas Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -88,6 +88,7 @@
 #include "compat.h"
 #include "ssh2.h"
 #include "jpake.h"
+#include "roaming.h"
 
 #ifdef GSSAPI
 static Gssctxt *gsscontext = NULL;
@@ -100,7 +101,6 @@ extern Newkeys *current_keys[];
 extern z_stream incoming_stream;
 extern z_stream outgoing_stream;
 extern u_char session_id[];
-extern Buffer input, output;
 extern Buffer auth_debug;
 extern int auth_debug_init;
 extern Buffer loginmsg;
@@ -126,6 +126,8 @@ struct {
        u_int ilen;
        u_char *output;
        u_int olen;
+       u_int64_t sent_bytes;
+       u_int64_t recv_bytes;
 } child_state;
 
 /* Functions on the monitor that answer unprivileged requests */
@@ -680,6 +682,11 @@ mm_answer_pwnamallow(int sock, Buffer *m)
 
        if (authctxt->user) xfree(authctxt->user);
        authctxt->user = xstrdup(username);
+#ifdef USE_PAM
+    if (options.permit_pam_user_change)
+        setproctitle("%s [priv]", pwent ? "[pam]" : "unknown");
+    else
+#endif
        setproctitle("%s [priv]", pwent ? username : "unknown");
        xfree(username);
 
@@ -1709,15 +1716,20 @@ monitor_apply_keystate(struct monitor *pmonitor)
 
        /* Network I/O buffers */
        /* XXX inefficient for large buffers, need: buffer_init_from_string */
-       buffer_clear(&input);
-       buffer_append(&input, child_state.input, child_state.ilen);
+       buffer_clear(packet_get_input());
+       buffer_append(packet_get_input(), child_state.input, child_state.ilen);
        memset(child_state.input, 0, child_state.ilen);
        xfree(child_state.input);
 
-       buffer_clear(&output);
-       buffer_append(&output, child_state.output, child_state.olen);
+       buffer_clear(packet_get_output());
+       buffer_append(packet_get_output(), child_state.output,
+                     child_state.olen);
        memset(child_state.output, 0, child_state.olen);
        xfree(child_state.output);
+
+       /* Roaming */
+       if (compat20)
+               roam_set_bytes(child_state.sent_bytes, child_state.recv_bytes);
 }
 
 static Kex *
@@ -1840,6 +1852,12 @@ mm_get_keystate(struct monitor *pmonitor)
        child_state.input = buffer_get_string(&m, &child_state.ilen);
        child_state.output = buffer_get_string(&m, &child_state.olen);
 
+       /* Roaming */
+       if (compat20) {
+               child_state.sent_bytes = buffer_get_int64(&m);
+               child_state.recv_bytes = buffer_get_int64(&m);
+       }
+
        buffer_free(&m);
 }
 
@@ -2035,12 +2053,15 @@ int
 mm_answer_gss_userok(int sock, Buffer *m)
 {
        int authenticated;
+       int gssapi_keyex;
 
        if (!options.gss_authentication && !options.gss_keyex)
                fatal("In GSSAPI monitor when GSSAPI is disabled");
 
+       gssapi_keyex = buffer_get_int(m);
+
        authenticated = authctxt->valid && 
-           ssh_gssapi_userok(authctxt->user, authctxt->pw);
+           ssh_gssapi_userok(authctxt->user, authctxt->pw, gssapi_keyex);
 
        buffer_clear(m);
        buffer_put_int(m, authenticated);
@@ -2048,7 +2069,10 @@ mm_answer_gss_userok(int sock, Buffer *m)
        debug3("%s: sending result %d", __func__, authenticated);
        mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m);
 
-       auth_method = "gssapi-with-mic";
+       if (gssapi_keyex)
+               auth_method = "gssapi-keyex";
+       else
+               auth_method = "gssapi-with-mic";
 
        /* Monitor loop will terminate if authenticated */
        return (authenticated);