-/* $OpenBSD: monitor.c,v 1.101 2009/02/12 03:26:22 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.104 2009/06/12 20:43:22 andreas Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
#include "compat.h"
#include "ssh2.h"
#include "jpake.h"
+#include "roaming.h"
#ifdef GSSAPI
static Gssctxt *gsscontext = NULL;
extern z_stream incoming_stream;
extern z_stream outgoing_stream;
extern u_char session_id[];
-extern Buffer input, output;
extern Buffer auth_debug;
extern int auth_debug_init;
extern Buffer loginmsg;
u_int ilen;
u_char *output;
u_int olen;
+ u_int64_t sent_bytes;
+ u_int64_t recv_bytes;
} child_state;
/* Functions on the monitor that answer unprivileged requests */
if (authctxt->user) xfree(authctxt->user);
authctxt->user = xstrdup(username);
+#ifdef USE_PAM
+ if (options.permit_pam_user_change)
+ setproctitle("%s [priv]", pwent ? "[pam]" : "unknown");
+ else
+#endif
setproctitle("%s [priv]", pwent ? username : "unknown");
xfree(username);
/* Network I/O buffers */
/* XXX inefficient for large buffers, need: buffer_init_from_string */
- buffer_clear(&input);
- buffer_append(&input, child_state.input, child_state.ilen);
+ buffer_clear(packet_get_input());
+ buffer_append(packet_get_input(), child_state.input, child_state.ilen);
memset(child_state.input, 0, child_state.ilen);
xfree(child_state.input);
- buffer_clear(&output);
- buffer_append(&output, child_state.output, child_state.olen);
+ buffer_clear(packet_get_output());
+ buffer_append(packet_get_output(), child_state.output,
+ child_state.olen);
memset(child_state.output, 0, child_state.olen);
xfree(child_state.output);
+
+ /* Roaming */
+ if (compat20)
+ roam_set_bytes(child_state.sent_bytes, child_state.recv_bytes);
}
static Kex *
child_state.input = buffer_get_string(&m, &child_state.ilen);
child_state.output = buffer_get_string(&m, &child_state.olen);
+ /* Roaming */
+ if (compat20) {
+ child_state.sent_bytes = buffer_get_int64(&m);
+ child_state.recv_bytes = buffer_get_int64(&m);
+ }
+
buffer_free(&m);
}
mm_answer_gss_userok(int sock, Buffer *m)
{
int authenticated;
+ int gssapi_keyex;
if (!options.gss_authentication && !options.gss_keyex)
fatal("In GSSAPI monitor when GSSAPI is disabled");
+ gssapi_keyex = buffer_get_int(m);
+
authenticated = authctxt->valid &&
- ssh_gssapi_userok(authctxt->user, authctxt->pw);
+ ssh_gssapi_userok(authctxt->user, authctxt->pw, gssapi_keyex);
buffer_clear(m);
buffer_put_int(m, authenticated);
debug3("%s: sending result %d", __func__, authenticated);
mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m);
- auth_method = "gssapi-with-mic";
+ if (gssapi_keyex)
+ auth_method = "gssapi-keyex";
+ else
+ auth_method = "gssapi-with-mic";
/* Monitor loop will terminate if authenticated */
return (authenticated);