- markus@cvs.openbsd.org 2003/11/17 11:06:07

[auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h sshconnect2.c ssh-gss.h] replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.
author: Damien Miller <djm@mindrot.org> 2003-11-17 22:18:21 +1100
committer: Damien Miller <djm@mindrot.org> 2003-11-17 22:18:21 +1100
commit: 0425d40194f36c57423c014b0730a9d344dbe019 (patch)
tree: 537527b6d0092152ee9f0c4ad01ea4bb41d8c271 /monitor.c
parent: c756e9b56e5b4649f120c417eb9bc99cf23db10f (diff)
1 files changed, 33 insertions, 3 deletions
diff --git a/monitor.c b/monitor.c
index e83fb45a7..97f1ee9f4 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.51 2003/11/04 08:54:09 djm Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.52 2003/11/17 11:06:07 markus Exp $");
 #include <openssl/dh.h>
@@ -134,6 +134,7 @@ int mm_answer_pam_free_ctx(int, Buffer *);
 int mm_answer_gss_setup_ctx(int, Buffer *);
 int mm_answer_gss_accept_ctx(int, Buffer *);
 int mm_answer_gss_userok(int, Buffer *);
+int mm_answer_gss_checkmic(int, Buffer *);
 #endif
 static Authctxt *authctxt;
@@ -193,6 +194,7 @@ struct mon_table mon_dispatch_proto20[] = {
    {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx},
    {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
    {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
+    {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
 #endif
    {0, 0, NULL}
 };
@@ -1781,15 +1783,43 @@ mm_answer_gss_accept_ctx(int socket, Buffer *m)
        gss_release_buffer(&minor, &out);
-        /* Complete - now we can do signing */
        if (major==GSS_S_COMPLETE) {
                monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
                monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
+                monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
        }
        return (0);
 }
 int
+mm_answer_gss_checkmic(int socket, Buffer *m)
+{
+        gss_buffer_desc gssbuf, mic;
+        OM_uint32 ret;
+        u_int len;
+        
+        gssbuf.value = buffer_get_string(m, &len);
+        gssbuf.length = len;
+        mic.value = buffer_get_string(m, &len);
+        mic.length = len;
+        
+        ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic);
+        
+        xfree(gssbuf.value);
+        xfree(mic.value);
+        
+        buffer_clear(m);
+        buffer_put_int(m, ret);
+        
+        mm_request_send(socket, MONITOR_ANS_GSSCHECKMIC, m);
+        
+        if (!GSS_ERROR(ret))
+                monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
+        
+        return (0);
+}
+int
 mm_answer_gss_userok(int socket, Buffer *m)
 {
        int authenticated;
@@ -1802,7 +1832,7 @@ mm_answer_gss_userok(int socket, Buffer *m)
        debug3("%s: sending result %d", __func__, authenticated);
        mm_request_send(socket, MONITOR_ANS_GSSUSEROK, m);
-        auth_method="gssapi";
+        auth_method="gssapi-with-mic";
        /* Monitor loop will terminate if authenticated */
        return (authenticated);
author	Damien Miller <djm@mindrot.org>	2003-11-17 22:18:21 +1100
committer	Damien Miller <djm@mindrot.org>	2003-11-17 22:18:21 +1100
commit	0425d40194f36c57423c014b0730a9d344dbe019 (patch)
tree	537527b6d0092152ee9f0c4ad01ea4bb41d8c271 /monitor.c
parent	c756e9b56e5b4649f120c417eb9bc99cf23db10f (diff)