*/
#include "includes.h"
-RCSID("$OpenBSD: monitor_wrap.c,v 1.19 2002/09/26 11:38:43 markus Exp $");
+RCSID("$OpenBSD: monitor_wrap.c,v 1.26 2003/04/07 08:29:57 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dh.h>
#include "dh.h"
#include "kex.h"
#include "auth.h"
+#include "auth-options.h"
#include "buffer.h"
#include "bufaux.h"
#include "packet.h"
#include "atomicio.h"
#include "monitor_fdpass.h"
#include "getput.h"
+#include "servconf.h"
#include "auth.h"
#include "channels.h"
extern z_stream outgoing_stream;
extern struct monitor *pmonitor;
extern Buffer input, output;
+extern ServerOptions options;
void
mm_request_send(int socket, enum monitor_reqtype type, Buffer *m)
Buffer m;
u_char *blob;
u_int len;
- int allowed = 0;
+ int allowed = 0, have_forced = 0;
debug3("%s entering", __func__);
allowed = buffer_get_int(&m);
+ /* fake forced command */
+ auth_clear_options();
+ have_forced = buffer_get_int(&m);
+ forced_command = have_forced ? xstrdup("true") : NULL;
+
/* Send potential debug messages */
mm_send_debug(&m);
Buffer m;
u_char *blob, *p;
u_int bloblen, plen;
+ u_int32_t seqnr, packets;
+ u_int64_t blocks;
buffer_init(&m);
buffer_put_string(&m, blob, bloblen);
xfree(blob);
- buffer_put_int(&m, packet_get_seqnr(MODE_OUT));
- buffer_put_int(&m, packet_get_seqnr(MODE_IN));
+ packet_get_state(MODE_OUT, &seqnr, &blocks, &packets);
+ buffer_put_int(&m, seqnr);
+ buffer_put_int64(&m, blocks);
+ buffer_put_int(&m, packets);
+ packet_get_state(MODE_IN, &seqnr, &blocks, &packets);
+ buffer_put_int(&m, seqnr);
+ buffer_put_int64(&m, blocks);
+ buffer_put_int(&m, packets);
debug3("%s: New keys have been sent", __func__);
skip:
Buffer m;
debug3("%s entering", __func__);
+ if (!options.use_pam)
+ fatal("UsePAM=no, but ended up in %s anyway", __func__);
buffer_init(&m);
buffer_put_cstring(&m, user);
buffer_free(&m);
}
+
+void *
+mm_sshpam_init_ctx(Authctxt *authctxt)
+{
+ Buffer m;
+ int success;
+
+ debug3("%s", __func__);
+ buffer_init(&m);
+ buffer_put_cstring(&m, authctxt->user);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m);
+ debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m);
+ success = buffer_get_int(&m);
+ if (success == 0) {
+ debug3("%s: pam_init_ctx failed", __func__);
+ buffer_free(&m);
+ return (NULL);
+ }
+ buffer_free(&m);
+ return (authctxt);
+}
+
+int
+mm_sshpam_query(void *ctx, char **name, char **info,
+ u_int *num, char ***prompts, u_int **echo_on)
+{
+ Buffer m;
+ int i, ret;
+
+ debug3("%s", __func__);
+ buffer_init(&m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, &m);
+ debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, &m);
+ ret = buffer_get_int(&m);
+ debug3("%s: pam_query returned %d", __func__, ret);
+ *name = buffer_get_string(&m, NULL);
+ *info = buffer_get_string(&m, NULL);
+ *num = buffer_get_int(&m);
+ *prompts = xmalloc((*num + 1) * sizeof(char *));
+ *echo_on = xmalloc((*num + 1) * sizeof(u_int));
+ for (i = 0; i < *num; ++i) {
+ (*prompts)[i] = buffer_get_string(&m, NULL);
+ (*echo_on)[i] = buffer_get_int(&m);
+ }
+ buffer_free(&m);
+ return (ret);
+}
+
+int
+mm_sshpam_respond(void *ctx, u_int num, char **resp)
+{
+ Buffer m;
+ int i, ret;
+
+ debug3("%s", __func__);
+ buffer_init(&m);
+ buffer_put_int(&m, num);
+ for (i = 0; i < num; ++i)
+ buffer_put_cstring(&m, resp[i]);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, &m);
+ debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_RESPOND, &m);
+ ret = buffer_get_int(&m);
+ debug3("%s: pam_respond returned %d", __func__, ret);
+ buffer_free(&m);
+ return (ret);
+}
+
+void
+mm_sshpam_free_ctx(void *ctxtp)
+{
+ Buffer m;
+
+ debug3("%s", __func__);
+ buffer_init(&m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, &m);
+ debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_FREE_CTX, &m);
+ buffer_free(&m);
+}
#endif /* USE_PAM */
/* Request process termination */
u_int *numprompts, char ***prompts, u_int **echo_on)
{
Buffer m;
- int res;
+ u_int success;
char *challenge;
debug3("%s: entering", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY,
&m);
- res = buffer_get_int(&m);
- if (res == -1) {
+ success = buffer_get_int(&m);
+ if (success == 0) {
debug3("%s: no challenge", __func__);
buffer_free(&m);
return (-1);
u_int *numprompts, char ***prompts, u_int **echo_on)
{
Buffer m;
- int len, res;
+ int len;
+ u_int success;
char *p, *challenge;
debug3("%s: entering", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY,
&m);
- res = buffer_get_int(&m);
- if (res == -1) {
+ success = buffer_get_int(&m);
+ if (success == 0) {
debug3("%s: no challenge", __func__);
buffer_free(&m);
return (-1);
Key *key;
u_char *blob;
u_int blen;
- int allowed = 0;
+ int allowed = 0, have_forced = 0;
debug3("%s entering", __func__);
allowed = buffer_get_int(&m);
+ /* fake forced command */
+ auth_clear_options();
+ have_forced = buffer_get_int(&m);
+ forced_command = have_forced ? xstrdup("true") : NULL;
+
if (allowed && rkey != NULL) {
blob = buffer_get_string(&m, &blen);
if ((key = key_from_blob(blob, blen)) == NULL)
xfree(p);
}
buffer_free(&m);
- return (success);
+ return (success);
}
#endif