diff options
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 36 |
1 files changed, 33 insertions, 3 deletions
@@ -25,7 +25,7 @@ | |||
25 | */ | 25 | */ |
26 | 26 | ||
27 | #include "includes.h" | 27 | #include "includes.h" |
28 | RCSID("$OpenBSD: monitor.c,v 1.51 2003/11/04 08:54:09 djm Exp $"); | 28 | RCSID("$OpenBSD: monitor.c,v 1.52 2003/11/17 11:06:07 markus Exp $"); |
29 | 29 | ||
30 | #include <openssl/dh.h> | 30 | #include <openssl/dh.h> |
31 | 31 | ||
@@ -134,6 +134,7 @@ int mm_answer_pam_free_ctx(int, Buffer *); | |||
134 | int mm_answer_gss_setup_ctx(int, Buffer *); | 134 | int mm_answer_gss_setup_ctx(int, Buffer *); |
135 | int mm_answer_gss_accept_ctx(int, Buffer *); | 135 | int mm_answer_gss_accept_ctx(int, Buffer *); |
136 | int mm_answer_gss_userok(int, Buffer *); | 136 | int mm_answer_gss_userok(int, Buffer *); |
137 | int mm_answer_gss_checkmic(int, Buffer *); | ||
137 | #endif | 138 | #endif |
138 | 139 | ||
139 | static Authctxt *authctxt; | 140 | static Authctxt *authctxt; |
@@ -193,6 +194,7 @@ struct mon_table mon_dispatch_proto20[] = { | |||
193 | {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx}, | 194 | {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx}, |
194 | {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, | 195 | {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, |
195 | {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, | 196 | {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, |
197 | {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, | ||
196 | #endif | 198 | #endif |
197 | {0, 0, NULL} | 199 | {0, 0, NULL} |
198 | }; | 200 | }; |
@@ -1781,15 +1783,43 @@ mm_answer_gss_accept_ctx(int socket, Buffer *m) | |||
1781 | 1783 | ||
1782 | gss_release_buffer(&minor, &out); | 1784 | gss_release_buffer(&minor, &out); |
1783 | 1785 | ||
1784 | /* Complete - now we can do signing */ | ||
1785 | if (major==GSS_S_COMPLETE) { | 1786 | if (major==GSS_S_COMPLETE) { |
1786 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); | 1787 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); |
1787 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); | 1788 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); |
1789 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); | ||
1788 | } | 1790 | } |
1789 | return (0); | 1791 | return (0); |
1790 | } | 1792 | } |
1791 | 1793 | ||
1792 | int | 1794 | int |
1795 | mm_answer_gss_checkmic(int socket, Buffer *m) | ||
1796 | { | ||
1797 | gss_buffer_desc gssbuf, mic; | ||
1798 | OM_uint32 ret; | ||
1799 | u_int len; | ||
1800 | |||
1801 | gssbuf.value = buffer_get_string(m, &len); | ||
1802 | gssbuf.length = len; | ||
1803 | mic.value = buffer_get_string(m, &len); | ||
1804 | mic.length = len; | ||
1805 | |||
1806 | ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); | ||
1807 | |||
1808 | xfree(gssbuf.value); | ||
1809 | xfree(mic.value); | ||
1810 | |||
1811 | buffer_clear(m); | ||
1812 | buffer_put_int(m, ret); | ||
1813 | |||
1814 | mm_request_send(socket, MONITOR_ANS_GSSCHECKMIC, m); | ||
1815 | |||
1816 | if (!GSS_ERROR(ret)) | ||
1817 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); | ||
1818 | |||
1819 | return (0); | ||
1820 | } | ||
1821 | |||
1822 | int | ||
1793 | mm_answer_gss_userok(int socket, Buffer *m) | 1823 | mm_answer_gss_userok(int socket, Buffer *m) |
1794 | { | 1824 | { |
1795 | int authenticated; | 1825 | int authenticated; |
@@ -1802,7 +1832,7 @@ mm_answer_gss_userok(int socket, Buffer *m) | |||
1802 | debug3("%s: sending result %d", __func__, authenticated); | 1832 | debug3("%s: sending result %d", __func__, authenticated); |
1803 | mm_request_send(socket, MONITOR_ANS_GSSUSEROK, m); | 1833 | mm_request_send(socket, MONITOR_ANS_GSSUSEROK, m); |
1804 | 1834 | ||
1805 | auth_method="gssapi"; | 1835 | auth_method="gssapi-with-mic"; |
1806 | 1836 | ||
1807 | /* Monitor loop will terminate if authenticated */ | 1837 | /* Monitor loop will terminate if authenticated */ |
1808 | return (authenticated); | 1838 | return (authenticated); |