diff options
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 53 |
1 files changed, 52 insertions, 1 deletions
@@ -25,7 +25,7 @@ | |||
25 | */ | 25 | */ |
26 | 26 | ||
27 | #include "includes.h" | 27 | #include "includes.h" |
28 | RCSID("$OpenBSD: monitor.c,v 1.28 2002/09/24 08:46:04 markus Exp $"); | 28 | RCSID("$OpenBSD: monitor.c,v 1.29 2002/09/26 11:38:43 markus Exp $"); |
29 | 29 | ||
30 | #include <openssl/dh.h> | 30 | #include <openssl/dh.h> |
31 | 31 | ||
@@ -120,6 +120,9 @@ int mm_answer_sessid(int, Buffer *); | |||
120 | int mm_answer_pam_start(int, Buffer *); | 120 | int mm_answer_pam_start(int, Buffer *); |
121 | #endif | 121 | #endif |
122 | 122 | ||
123 | #ifdef KRB4 | ||
124 | int mm_answer_krb4(int, Buffer *); | ||
125 | #endif | ||
123 | #ifdef KRB5 | 126 | #ifdef KRB5 |
124 | int mm_answer_krb5(int, Buffer *); | 127 | int mm_answer_krb5(int, Buffer *); |
125 | #endif | 128 | #endif |
@@ -203,6 +206,9 @@ struct mon_table mon_dispatch_proto15[] = { | |||
203 | #ifdef USE_PAM | 206 | #ifdef USE_PAM |
204 | {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, | 207 | {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, |
205 | #endif | 208 | #endif |
209 | #ifdef KRB4 | ||
210 | {MONITOR_REQ_KRB4, MON_ONCE|MON_AUTH, mm_answer_krb4}, | ||
211 | #endif | ||
206 | #ifdef KRB5 | 212 | #ifdef KRB5 |
207 | {MONITOR_REQ_KRB5, MON_ONCE|MON_AUTH, mm_answer_krb5}, | 213 | {MONITOR_REQ_KRB5, MON_ONCE|MON_AUTH, mm_answer_krb5}, |
208 | #endif | 214 | #endif |
@@ -1285,6 +1291,51 @@ mm_answer_rsa_response(int socket, Buffer *m) | |||
1285 | return (success); | 1291 | return (success); |
1286 | } | 1292 | } |
1287 | 1293 | ||
1294 | #ifdef KRB4 | ||
1295 | int | ||
1296 | mm_answer_krb4(int socket, Buffer *m) | ||
1297 | { | ||
1298 | KTEXT_ST auth, reply; | ||
1299 | char *client, *p; | ||
1300 | int success; | ||
1301 | u_int alen; | ||
1302 | |||
1303 | reply.length = auth.length = 0; | ||
1304 | |||
1305 | p = buffer_get_string(m, &alen); | ||
1306 | if (alen >= MAX_KTXT_LEN) | ||
1307 | fatal("%s: auth too large", __func__); | ||
1308 | memcpy(auth.dat, p, alen); | ||
1309 | auth.length = alen; | ||
1310 | memset(p, 0, alen); | ||
1311 | xfree(p); | ||
1312 | |||
1313 | success = options.kerberos_authentication && | ||
1314 | authctxt->valid && | ||
1315 | auth_krb4(authctxt, &auth, &client, &reply); | ||
1316 | |||
1317 | memset(auth.dat, 0, alen); | ||
1318 | buffer_clear(m); | ||
1319 | buffer_put_int(m, success); | ||
1320 | |||
1321 | if (success) { | ||
1322 | buffer_put_cstring(m, client); | ||
1323 | buffer_put_string(m, reply.dat, reply.length); | ||
1324 | if (client) | ||
1325 | xfree(client); | ||
1326 | if (reply.length) | ||
1327 | memset(reply.dat, 0, reply.length); | ||
1328 | } | ||
1329 | |||
1330 | debug3("%s: sending result %d", __func__, success); | ||
1331 | mm_request_send(socket, MONITOR_ANS_KRB4, m); | ||
1332 | |||
1333 | auth_method = "kerberos"; | ||
1334 | |||
1335 | /* Causes monitor loop to terminate if authenticated */ | ||
1336 | return (success); | ||
1337 | } | ||
1338 | #endif | ||
1288 | 1339 | ||
1289 | #ifdef KRB5 | 1340 | #ifdef KRB5 |
1290 | int | 1341 | int |