- markus@cvs.openbsd.org 2002/09/26 11:38:43

[auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h] krb4 + privsep; ok dugsong@, deraadt@
author: Damien Miller <djm@mindrot.org> 2002-09-27 13:25:58 +1000
committer: Damien Miller <djm@mindrot.org> 2002-09-27 13:25:58 +1000
commit: d94e549ea8c622c8a75023b649a5d4c051aacf7f (patch)
tree: 84b39347f655ba0e33b7a9b6c3d23011a5befdad /monitor.c
parent: d27a76de65d557e36420046e44a014d3190f89cb (diff)
1 files changed, 52 insertions, 1 deletions
diff --git a/monitor.c b/monitor.c
index e07e97eac..4ad3f3d21 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.28 2002/09/24 08:46:04 markus Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.29 2002/09/26 11:38:43 markus Exp $");
 #include <openssl/dh.h>
@@ -120,6 +120,9 @@ int mm_answer_sessid(int, Buffer *);
 int mm_answer_pam_start(int, Buffer *);
 #endif
+#ifdef KRB4
+int mm_answer_krb4(int, Buffer *);
+#endif
 #ifdef KRB5
 int mm_answer_krb5(int, Buffer *);
 #endif
@@ -203,6 +206,9 @@ struct mon_table mon_dispatch_proto15[] = {
 #ifdef USE_PAM
    {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
 #endif
+#ifdef KRB4
+    {MONITOR_REQ_KRB4, MON_ONCE|MON_AUTH, mm_answer_krb4},
+#endif
 #ifdef KRB5
    {MONITOR_REQ_KRB5, MON_ONCE|MON_AUTH, mm_answer_krb5},
 #endif
@@ -1285,6 +1291,51 @@ mm_answer_rsa_response(int socket, Buffer *m)
        return (success);
 }
+#ifdef KRB4
+int
+mm_answer_krb4(int socket, Buffer *m)
+{
+        KTEXT_ST auth, reply;
+        char  *client, *p;
+        int success;
+        u_int alen;
+        reply.length = auth.length = 0;
+ 
+        p = buffer_get_string(m, &alen);
+        if (alen >=  MAX_KTXT_LEN)
+                 fatal("%s: auth too large", __func__);
+        memcpy(auth.dat, p, alen);
+        auth.length = alen;
+        memset(p, 0, alen);
+        xfree(p);
+        success = options.kerberos_authentication &&
+            authctxt->valid &&
+            auth_krb4(authctxt, &auth, &client, &reply);
+        memset(auth.dat, 0, alen);
+        buffer_clear(m);
+        buffer_put_int(m, success);
+        if (success) {
+                buffer_put_cstring(m, client);
+                buffer_put_string(m, reply.dat, reply.length);
+                if (client)
+                        xfree(client);
+                if (reply.length)
+                        memset(reply.dat, 0, reply.length);
+        }
+        debug3("%s: sending result %d", __func__, success);
+        mm_request_send(socket, MONITOR_ANS_KRB4, m);
+        auth_method = "kerberos";
+        /* Causes monitor loop to terminate if authenticated */
+        return (success);
+}
+#endif
 #ifdef KRB5
 int
author	Damien Miller <djm@mindrot.org>	2002-09-27 13:25:58 +1000
committer	Damien Miller <djm@mindrot.org>	2002-09-27 13:25:58 +1000
commit	d94e549ea8c622c8a75023b649a5d4c051aacf7f (patch)
tree	84b39347f655ba0e33b7a9b6c3d23011a5befdad /monitor.c
parent	d27a76de65d557e36420046e44a014d3190f89cb (diff)

diff --git a/monitor.c b/monitor.c index e07e97eac..4ad3f3d21 100644 --- a/monitor.c +++ b/monitor.c
@@ -25,7 +25,7 @@
25	*/	25	*/
26		26
27	#include "includes.h"	27	#include "includes.h"
28	RCSID("$OpenBSD: monitor.c,v 1.28 2002/09/24 08:46:04 markus Exp $");	28	RCSID("$OpenBSD: monitor.c,v 1.29 2002/09/26 11:38:43 markus Exp $");
29		29
30	#include <openssl/dh.h>	30	#include <openssl/dh.h>
31		31
@@ -120,6 +120,9 @@ int mm_answer_sessid(int, Buffer *);
120	int mm_answer_pam_start(int, Buffer *);	120	int mm_answer_pam_start(int, Buffer *);
121	#endif	121	#endif
122		122
		123	#ifdef KRB4
		124	int mm_answer_krb4(int, Buffer *);
		125	#endif
123	#ifdef KRB5	126	#ifdef KRB5
124	int mm_answer_krb5(int, Buffer *);	127	int mm_answer_krb5(int, Buffer *);
125	#endif	128	#endif
@@ -203,6 +206,9 @@ struct mon_table mon_dispatch_proto15[] = {
203	#ifdef USE_PAM	206	#ifdef USE_PAM
204	{MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},	207	{MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
205	#endif	208	#endif
		209	#ifdef KRB4
		210	{MONITOR_REQ_KRB4, MON_ONCE\|MON_AUTH, mm_answer_krb4},
		211	#endif
206	#ifdef KRB5	212	#ifdef KRB5
207	{MONITOR_REQ_KRB5, MON_ONCE\|MON_AUTH, mm_answer_krb5},	213	{MONITOR_REQ_KRB5, MON_ONCE\|MON_AUTH, mm_answer_krb5},
208	#endif	214	#endif
@@ -1285,6 +1291,51 @@ mm_answer_rsa_response(int socket, Buffer *m)
1285	return (success);	1291	return (success);
1286	}	1292	}
1287		1293
		1294	#ifdef KRB4
		1295	int
		1296	mm_answer_krb4(int socket, Buffer *m)
		1297	{
		1298	KTEXT_ST auth, reply;
		1299	char client, p;
		1300	int success;
		1301	u_int alen;
		1302
		1303	reply.length = auth.length = 0;
		1304
		1305	p = buffer_get_string(m, &alen);
		1306	if (alen >= MAX_KTXT_LEN)
		1307	fatal("%s: auth too large", __func__);
		1308	memcpy(auth.dat, p, alen);
		1309	auth.length = alen;
		1310	memset(p, 0, alen);
		1311	xfree(p);
		1312
		1313	success = options.kerberos_authentication &&
		1314	authctxt->valid &&
		1315	auth_krb4(authctxt, &auth, &client, &reply);
		1316
		1317	memset(auth.dat, 0, alen);
		1318	buffer_clear(m);
		1319	buffer_put_int(m, success);
		1320
		1321	if (success) {
		1322	buffer_put_cstring(m, client);
		1323	buffer_put_string(m, reply.dat, reply.length);
		1324	if (client)
		1325	xfree(client);
		1326	if (reply.length)
		1327	memset(reply.dat, 0, reply.length);
		1328	}
		1329
		1330	debug3("%s: sending result %d", __func__, success);
		1331	mm_request_send(socket, MONITOR_ANS_KRB4, m);
		1332
		1333	auth_method = "kerberos";
		1334
		1335	/* Causes monitor loop to terminate if authenticated */
		1336	return (success);
		1337	}
		1338	#endif
1288		1339
1289	#ifdef KRB5	1340	#ifdef KRB5
1290	int	1341	int