Merge 3.7.1p2 to the trunk. I have absolutely no idea yet whether this will

work.
author: Colin Watson <cjwatson@debian.org> 2003-09-23 18:08:35 +0000
committer: Colin Watson <cjwatson@debian.org> 2003-09-23 18:08:35 +0000
commit: d59fd3e421aa81b8e5e118f3f806081df2aca879 (patch)
tree: 356a4e607edc979c625bb33db63c656d771478bd /monitor_wrap.c
parent: 7505658c58e96b8d270f1928a0e1fa7f3e0c266b (diff)
parent: 45431c9b4677608680cd071768cbf156b316a7e8 (diff)
1 files changed, 174 insertions, 56 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c
index c9714138a..4034d569c 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -25,7 +25,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: monitor_wrap.c,v 1.24 2003/04/01 10:22:21 markus Exp $");
+RCSID("$OpenBSD: monitor_wrap.c,v 1.31 2003/08/28 12:54:34 markus Exp $");
 #include <openssl/bn.h>
 #include <openssl/dh.h>
@@ -47,11 +47,16 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.24 2003/04/01 10:22:21 markus Exp $");
 #include "atomicio.h"
 #include "monitor_fdpass.h"
 #include "getput.h"
+#include "servconf.h"
 #include "auth.h"
 #include "channels.h"
 #include "session.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
 /* Imports */
 extern int compat20;
 extern Newkeys *newkeys[];
@@ -59,6 +64,7 @@ extern z_stream incoming_stream;
 extern z_stream outgoing_stream;
 extern struct monitor *pmonitor;
 extern Buffer input, output;
+extern ServerOptions options;
 void
 mm_request_send(int socket, enum monitor_reqtype type, Buffer *m)
@@ -70,9 +76,9 @@ mm_request_send(int socket, enum monitor_reqtype type, Buffer *m)
        PUT_32BIT(buf, mlen + 1);
        buf[4] = (u_char) type;         /* 1st byte of payload is mesg-type */
-        if (atomicio(write, socket, buf, sizeof(buf)) != sizeof(buf))
+        if (atomicio(vwrite, socket, buf, sizeof(buf)) != sizeof(buf))
                fatal("%s: write", __func__);
-        if (atomicio(write, socket, buffer_ptr(m), mlen) != mlen)
+        if (atomicio(vwrite, socket, buffer_ptr(m), mlen) != mlen)
                fatal("%s: write", __func__);
 }
@@ -520,6 +526,8 @@ mm_send_keystate(struct monitor *pmonitor)
        Buffer m;
        u_char *blob, *p;
        u_int bloblen, plen;
+        u_int32_t seqnr, packets;
+        u_int64_t blocks;
        buffer_init(&m);
@@ -568,8 +576,14 @@ mm_send_keystate(struct monitor *pmonitor)
        buffer_put_string(&m, blob, bloblen);
        xfree(blob);
-        buffer_put_int(&m, packet_get_seqnr(MODE_OUT));
+        packet_get_state(MODE_OUT, &seqnr, &blocks, &packets);
-        buffer_put_int(&m, packet_get_seqnr(MODE_IN));
+        buffer_put_int(&m, seqnr);
+        buffer_put_int64(&m, blocks);
+        buffer_put_int(&m, packets);
+        packet_get_state(MODE_IN, &seqnr, &blocks, &packets);
+        buffer_put_int(&m, seqnr);
+        buffer_put_int64(&m, blocks);
+        buffer_put_int(&m, packets);
        debug3("%s: New keys have been sent", __func__);
 skip:
@@ -661,6 +675,8 @@ mm_start_pam(char *user)
        Buffer m;
        debug3("%s entering", __func__);
+        if (!options.use_pam)
+                fatal("UsePAM=no, but ended up in %s anyway", __func__);
        buffer_init(&m);
        buffer_put_cstring(&m, user);
@@ -669,6 +685,112 @@ mm_start_pam(char *user)
        buffer_free(&m);
 }
+u_int
+mm_do_pam_account(void)
+{
+        Buffer m;
+        u_int ret;
+        debug3("%s entering", __func__);
+        if (!options.use_pam)
+                fatal("UsePAM=no, but ended up in %s anyway", __func__);
+        buffer_init(&m);
+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, &m);
+        mm_request_receive_expect(pmonitor->m_recvfd, 
+            MONITOR_ANS_PAM_ACCOUNT, &m);
+        ret = buffer_get_int(&m);
+        buffer_free(&m);
+        
+        debug3("%s returning %d", __func__, ret);
+        return (ret);
+}
+void *
+mm_sshpam_init_ctx(Authctxt *authctxt)
+{
+        Buffer m;
+        int success;
+        debug3("%s", __func__);
+        buffer_init(&m);
+        buffer_put_cstring(&m, authctxt->user);
+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m);
+        debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
+        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m);
+        success = buffer_get_int(&m);
+        if (success == 0) {
+                debug3("%s: pam_init_ctx failed", __func__);
+                buffer_free(&m);
+                return (NULL);
+        }
+        buffer_free(&m);
+        return (authctxt);
+}
+int
+mm_sshpam_query(void *ctx, char **name, char **info,
+    u_int *num, char ***prompts, u_int **echo_on)
+{
+        Buffer m;
+        int i, ret;
+        debug3("%s", __func__);
+        buffer_init(&m);
+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, &m);
+        debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__);
+        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, &m);
+        ret = buffer_get_int(&m);
+        debug3("%s: pam_query returned %d", __func__, ret);
+        *name = buffer_get_string(&m, NULL);
+        *info = buffer_get_string(&m, NULL);
+        *num = buffer_get_int(&m);
+        *prompts = xmalloc((*num + 1) * sizeof(char *));
+        *echo_on = xmalloc((*num + 1) * sizeof(u_int));
+        for (i = 0; i < *num; ++i) {
+                (*prompts)[i] = buffer_get_string(&m, NULL);
+                (*echo_on)[i] = buffer_get_int(&m);
+        }
+        buffer_free(&m);
+        return (ret);
+}
+int
+mm_sshpam_respond(void *ctx, u_int num, char **resp)
+{
+        Buffer m;
+        int i, ret;
+        debug3("%s", __func__);
+        buffer_init(&m);
+        buffer_put_int(&m, num);
+        for (i = 0; i < num; ++i)
+                buffer_put_cstring(&m, resp[i]);
+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, &m);
+        debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__);
+        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_RESPOND, &m);
+        ret = buffer_get_int(&m);
+        debug3("%s: pam_respond returned %d", __func__, ret);
+        buffer_free(&m);
+        return (ret);
+}
+void
+mm_sshpam_free_ctx(void *ctxtp)
+{
+        Buffer m;
+        debug3("%s", __func__);
+        buffer_init(&m);
+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, &m);
+        debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__);
+        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_FREE_CTX, &m);
+        buffer_free(&m);
+}
 #endif /* USE_PAM */
 /* Request process termination */
@@ -949,73 +1071,69 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16])
        return (success);
 }
-#ifdef KRB4
+#ifdef GSSAPI
-int
+OM_uint32
-mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply)
+mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
 {
-        KTEXT auth, reply;
+        Buffer m;
-        Buffer m;
+        OM_uint32 major;
-        u_int rlen;
-        int success = 0;
-        char *p;
-        debug3("%s entering", __func__);
+        /* Client doesn't get to see the context */
-        auth = _auth;
+        *ctx = NULL;
-        reply = _reply;
        buffer_init(&m);
-        buffer_put_string(&m, auth->dat, auth->length);
+        buffer_put_string(&m, oid->elements, oid->length);
-        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB4, &m);
+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m);
-        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB4, &m);
+        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m);
+        major = buffer_get_int(&m);
-        success = buffer_get_int(&m);
-        if (success) {
-                *client = buffer_get_string(&m, NULL);
-                p = buffer_get_string(&m, &rlen);
-                if (rlen >= MAX_KTXT_LEN)
-                        fatal("%s: reply from monitor too large", __func__);
-                reply->length = rlen;
-                memcpy(reply->dat, p, rlen);
-                memset(p, 0, rlen);
-                xfree(p);
-        }
        buffer_free(&m);
-        return (success);
+        return (major);
 }
-#endif
-#ifdef KRB5
+OM_uint32
-int
+mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in,
-mm_auth_krb5(void *ctx, void *argp, char **userp, void *resp)
+    gss_buffer_desc *out, OM_uint32 *flags)
 {
-        krb5_data *tkt, *reply;
        Buffer m;
-        int success;
+        OM_uint32 major;
+        u_int len;
-        debug3("%s entering", __func__);
-        tkt = (krb5_data *) argp;
-        reply = (krb5_data *) resp;
        buffer_init(&m);
-        buffer_put_string(&m, tkt->data, tkt->length);
+        buffer_put_string(&m, in->value, in->length);
-        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB5, &m);
+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m);
-        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB5, &m);
+        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m);
-        success = buffer_get_int(&m);
+        major = buffer_get_int(&m);
-        if (success) {
+        out->value = buffer_get_string(&m, &len);
-                u_int len;
+        out->length = len;
+        if (flags)
+                *flags = buffer_get_int(&m);
-                *userp = buffer_get_string(&m, NULL);
+        buffer_free(&m);
-                reply->data = buffer_get_string(&m, &len);
-                reply->length = len;
+        return (major);
-        } else {
+}
-                memset(reply, 0, sizeof(*reply));
-                *userp = NULL;
+int
-        }
+mm_ssh_gssapi_userok(char *user)
+{
+        Buffer m;
+        int authenticated = 0;
+        buffer_init(&m);
+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m);
+        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK,
+                                  &m);
+        authenticated = buffer_get_int(&m);
        buffer_free(&m);
-        return (success);
+        debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
+        return (authenticated);
 }
-#endif
+#endif /* GSSAPI */
author	Colin Watson <cjwatson@debian.org>	2003-09-23 18:08:35 +0000
committer	Colin Watson <cjwatson@debian.org>	2003-09-23 18:08:35 +0000
commit	d59fd3e421aa81b8e5e118f3f806081df2aca879 (patch)
tree	356a4e607edc979c625bb33db63c656d771478bd /monitor_wrap.c
parent	7505658c58e96b8d270f1928a0e1fa7f3e0c266b (diff)
parent	45431c9b4677608680cd071768cbf156b316a7e8 (diff)

diff --git a/monitor_wrap.c b/monitor_wrap.c index c9714138a..4034d569c 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c
@@ -25,7 +25,7 @@
25	*/	25	*/
26		26
27	#include "includes.h"	27	#include "includes.h"
28	RCSID("$OpenBSD: monitor_wrap.c,v 1.24 2003/04/01 10:22:21 markus Exp $");	28	RCSID("$OpenBSD: monitor_wrap.c,v 1.31 2003/08/28 12:54:34 markus Exp $");
29		29
30	#include <openssl/bn.h>	30	#include <openssl/bn.h>
31	#include <openssl/dh.h>	31	#include <openssl/dh.h>
@@ -47,11 +47,16 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.24 2003/04/01 10:22:21 markus Exp $");
47	#include "atomicio.h"	47	#include "atomicio.h"
48	#include "monitor_fdpass.h"	48	#include "monitor_fdpass.h"
49	#include "getput.h"	49	#include "getput.h"
		50	#include "servconf.h"
50		51
51	#include "auth.h"	52	#include "auth.h"
52	#include "channels.h"	53	#include "channels.h"
53	#include "session.h"	54	#include "session.h"
54		55
		56	#ifdef GSSAPI
		57	#include "ssh-gss.h"
		58	#endif
		59
55	/* Imports */	60	/* Imports */
56	extern int compat20;	61	extern int compat20;
57	extern Newkeys *newkeys[];	62	extern Newkeys *newkeys[];
@@ -59,6 +64,7 @@ extern z_stream incoming_stream;
59	extern z_stream outgoing_stream;	64	extern z_stream outgoing_stream;
60	extern struct monitor *pmonitor;	65	extern struct monitor *pmonitor;
61	extern Buffer input, output;	66	extern Buffer input, output;
		67	extern ServerOptions options;
62		68
63	void	69	void
64	mm_request_send(int socket, enum monitor_reqtype type, Buffer *m)	70	mm_request_send(int socket, enum monitor_reqtype type, Buffer *m)
@@ -70,9 +76,9 @@ mm_request_send(int socket, enum monitor_reqtype type, Buffer *m)
70		76
71	PUT_32BIT(buf, mlen + 1);	77	PUT_32BIT(buf, mlen + 1);
72	buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */	78	buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */
73	if (atomicio(write, socket, buf, sizeof(buf)) != sizeof(buf))	79	if (atomicio(vwrite, socket, buf, sizeof(buf)) != sizeof(buf))
74	fatal("%s: write", __func__);	80	fatal("%s: write", __func__);
75	if (atomicio(write, socket, buffer_ptr(m), mlen) != mlen)	81	if (atomicio(vwrite, socket, buffer_ptr(m), mlen) != mlen)
76	fatal("%s: write", __func__);	82	fatal("%s: write", __func__);
77	}	83	}
78		84
@@ -520,6 +526,8 @@ mm_send_keystate(struct monitor *pmonitor)
520	Buffer m;	526	Buffer m;
521	u_char blob, p;	527	u_char blob, p;
522	u_int bloblen, plen;	528	u_int bloblen, plen;
		529	u_int32_t seqnr, packets;
		530	u_int64_t blocks;
523		531
524	buffer_init(&m);	532	buffer_init(&m);
525		533
@@ -568,8 +576,14 @@ mm_send_keystate(struct monitor *pmonitor)
568	buffer_put_string(&m, blob, bloblen);	576	buffer_put_string(&m, blob, bloblen);
569	xfree(blob);	577	xfree(blob);
570		578
571	buffer_put_int(&m, packet_get_seqnr(MODE_OUT));	579	packet_get_state(MODE_OUT, &seqnr, &blocks, &packets);
572	buffer_put_int(&m, packet_get_seqnr(MODE_IN));	580	buffer_put_int(&m, seqnr);
		581	buffer_put_int64(&m, blocks);
		582	buffer_put_int(&m, packets);
		583	packet_get_state(MODE_IN, &seqnr, &blocks, &packets);
		584	buffer_put_int(&m, seqnr);
		585	buffer_put_int64(&m, blocks);
		586	buffer_put_int(&m, packets);
573		587
574	debug3("%s: New keys have been sent", __func__);	588	debug3("%s: New keys have been sent", __func__);
575	skip:	589	skip:
@@ -661,6 +675,8 @@ mm_start_pam(char *user)
661	Buffer m;	675	Buffer m;
662		676
663	debug3("%s entering", __func__);	677	debug3("%s entering", __func__);
		678	if (!options.use_pam)
		679	fatal("UsePAM=no, but ended up in %s anyway", __func__);
664		680
665	buffer_init(&m);	681	buffer_init(&m);
666	buffer_put_cstring(&m, user);	682	buffer_put_cstring(&m, user);
@@ -669,6 +685,112 @@ mm_start_pam(char *user)
669		685
670	buffer_free(&m);	686	buffer_free(&m);
671	}	687	}
		688
		689	u_int
		690	mm_do_pam_account(void)
		691	{
		692	Buffer m;
		693	u_int ret;
		694
		695	debug3("%s entering", __func__);
		696	if (!options.use_pam)
		697	fatal("UsePAM=no, but ended up in %s anyway", __func__);
		698
		699	buffer_init(&m);
		700	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, &m);
		701
		702	mm_request_receive_expect(pmonitor->m_recvfd,
		703	MONITOR_ANS_PAM_ACCOUNT, &m);
		704	ret = buffer_get_int(&m);
		705
		706	buffer_free(&m);
		707
		708	debug3("%s returning %d", __func__, ret);
		709
		710	return (ret);
		711	}
		712
		713	void *
		714	mm_sshpam_init_ctx(Authctxt *authctxt)
		715	{
		716	Buffer m;
		717	int success;
		718
		719	debug3("%s", __func__);
		720	buffer_init(&m);
		721	buffer_put_cstring(&m, authctxt->user);
		722	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m);
		723	debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
		724	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m);
		725	success = buffer_get_int(&m);
		726	if (success == 0) {
		727	debug3("%s: pam_init_ctx failed", __func__);
		728	buffer_free(&m);
		729	return (NULL);
		730	}
		731	buffer_free(&m);
		732	return (authctxt);
		733	}
		734
		735	int
		736	mm_sshpam_query(void ctx, char name, char *info,
		737	u_int num, char prompts, u_int echo_on)
		738	{
		739	Buffer m;
		740	int i, ret;
		741
		742	debug3("%s", __func__);
		743	buffer_init(&m);
		744	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, &m);
		745	debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__);
		746	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, &m);
		747	ret = buffer_get_int(&m);
		748	debug3("%s: pam_query returned %d", __func__, ret);
		749	*name = buffer_get_string(&m, NULL);
		750	*info = buffer_get_string(&m, NULL);
		751	*num = buffer_get_int(&m);
		752	prompts = xmalloc((num + 1) * sizeof(char *));
		753	echo_on = xmalloc((num + 1) * sizeof(u_int));
		754	for (i = 0; i < *num; ++i) {
		755	(*prompts)[i] = buffer_get_string(&m, NULL);
		756	(*echo_on)[i] = buffer_get_int(&m);
		757	}
		758	buffer_free(&m);
		759	return (ret);
		760	}
		761
		762	int
		763	mm_sshpam_respond(void ctx, u_int num, char *resp)
		764	{
		765	Buffer m;
		766	int i, ret;
		767
		768	debug3("%s", __func__);
		769	buffer_init(&m);
		770	buffer_put_int(&m, num);
		771	for (i = 0; i < num; ++i)
		772	buffer_put_cstring(&m, resp[i]);
		773	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, &m);
		774	debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__);
		775	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_RESPOND, &m);
		776	ret = buffer_get_int(&m);
		777	debug3("%s: pam_respond returned %d", __func__, ret);
		778	buffer_free(&m);
		779	return (ret);
		780	}
		781
		782	void
		783	mm_sshpam_free_ctx(void *ctxtp)
		784	{
		785	Buffer m;
		786
		787	debug3("%s", __func__);
		788	buffer_init(&m);
		789	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, &m);
		790	debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__);
		791	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_FREE_CTX, &m);
		792	buffer_free(&m);
		793	}
672	#endif /* USE_PAM */	794	#endif /* USE_PAM */
673		795
674	/* Request process termination */	796	/* Request process termination */
@@ -949,73 +1071,69 @@ mm_auth_rsa_verify_response(Key key, BIGNUM p, u_char response[16])
949	return (success);	1071	return (success);
950	}	1072	}
951		1073
952	#ifdef KRB4	1074	#ifdef GSSAPI
953	int	1075	OM_uint32
954	mm_auth_krb4(Authctxt authctxt, void _auth, char *client, void _reply)	1076	mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
955	{	1077	{
956	KTEXT auth, reply;	1078	Buffer m;
957	Buffer m;	1079	OM_uint32 major;
958	u_int rlen;
959	int success = 0;
960	char *p;
961		1080
962	debug3("%s entering", __func__);	1081	/* Client doesn't get to see the context */
963	auth = _auth;	1082	*ctx = NULL;
964	reply = _reply;
965		1083
966	buffer_init(&m);	1084	buffer_init(&m);
967	buffer_put_string(&m, auth->dat, auth->length);	1085	buffer_put_string(&m, oid->elements, oid->length);
968		1086
969	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB4, &m);	1087	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m);
970	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB4, &m);	1088	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m);
		1089
		1090	major = buffer_get_int(&m);
971		1091
972	success = buffer_get_int(&m);
973	if (success) {
974	*client = buffer_get_string(&m, NULL);
975	p = buffer_get_string(&m, &rlen);
976	if (rlen >= MAX_KTXT_LEN)
977	fatal("%s: reply from monitor too large", __func__);
978	reply->length = rlen;
979	memcpy(reply->dat, p, rlen);
980	memset(p, 0, rlen);
981	xfree(p);
982	}
983	buffer_free(&m);	1092	buffer_free(&m);
984	return (success);	1093	return (major);
985	}	1094	}
986	#endif
987		1095
988	#ifdef KRB5	1096	OM_uint32
989	int	1097	mm_ssh_gssapi_accept_ctx(Gssctxt ctx, gss_buffer_desc in,
990	mm_auth_krb5(void ctx, void argp, char *userp, void resp)	1098	gss_buffer_desc out, OM_uint32 flags)
991	{	1099	{
992	krb5_data tkt, reply;
993	Buffer m;	1100	Buffer m;
994	int success;	1101	OM_uint32 major;
995		1102	u_int len;
996	debug3("%s entering", __func__);
997	tkt = (krb5_data *) argp;
998	reply = (krb5_data *) resp;
999		1103
1000	buffer_init(&m);	1104	buffer_init(&m);
1001	buffer_put_string(&m, tkt->data, tkt->length);	1105	buffer_put_string(&m, in->value, in->length);
1002		1106
1003	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB5, &m);	1107	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m);
1004	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB5, &m);	1108	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m);
1005		1109
1006	success = buffer_get_int(&m);	1110	major = buffer_get_int(&m);
1007	if (success) {	1111	out->value = buffer_get_string(&m, &len);
1008	u_int len;	1112	out->length = len;
		1113	if (flags)
		1114	*flags = buffer_get_int(&m);
1009		1115
1010	*userp = buffer_get_string(&m, NULL);	1116	buffer_free(&m);
1011	reply->data = buffer_get_string(&m, &len);	1117
1012	reply->length = len;	1118	return (major);
1013	} else {	1119	}
1014	memset(reply, 0, sizeof(*reply));	1120
1015	*userp = NULL;	1121	int
1016	}	1122	mm_ssh_gssapi_userok(char *user)
		1123	{
		1124	Buffer m;
		1125	int authenticated = 0;
		1126
		1127	buffer_init(&m);
		1128
		1129	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m);
		1130	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK,
		1131	&m);
		1132
		1133	authenticated = buffer_get_int(&m);
1017		1134
1018	buffer_free(&m);	1135	buffer_free(&m);
1019	return (success);	1136	debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
		1137	return (authenticated);
1020	}	1138	}
1021	#endif	1139	#endif /* GSSAPI */