1 files changed, 56 insertions, 1 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 001a8fa1c..6edb509a3 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -993,13 +993,15 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
 }
 int
-mm_ssh_gssapi_userok(char *user)
+mm_ssh_gssapi_userok(char *user, struct passwd *pw, int kex)
 {
        struct sshbuf *m;
        int r, authenticated = 0;
        if ((m = sshbuf_new()) == NULL)
                fatal("%s: sshbuf_new failed", __func__);
+        if ((r = sshbuf_put_u32(m, kex)) != 0)
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m);
        mm_request_receive_expect(pmonitor->m_recvfd,
@@ -1012,4 +1014,57 @@ mm_ssh_gssapi_userok(char *user)
        debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
        return (authenticated);
 }
+OM_uint32
+mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash)
+{
+        struct sshbuf *m;
+        OM_uint32 major;
+        int r;
+        if ((m = sshbuf_new()) == NULL)
+                fatal("%s: sshbuf_new failed", __func__);
+        if ((r = sshbuf_put_string(m, data->value, data->length)) != 0)
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSIGN, m);
+        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSIGN, m);
+        if ((r = sshbuf_get_u32(m, &major)) != 0 ||
+            (r = ssh_gssapi_get_buffer_desc(m, hash)) != 0)
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
+        sshbuf_free(m);
+        return (major);
+}
+int
+mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *store)
+{
+        struct sshbuf *m;
+        int r, ok;
+        if ((m = sshbuf_new()) == NULL)
+                fatal("%s: sshbuf_new failed", __func__);
+        if ((r = sshbuf_put_cstring(m,
+            store->filename ? store->filename : "")) != 0 ||
+            (r = sshbuf_put_cstring(m,
+            store->envvar ? store->envvar : "")) != 0 ||
+            (r = sshbuf_put_cstring(m,
+            store->envval ? store->envval : "")) != 0)
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUPCREDS, m);
+        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUPCREDS, m);
+        if ((r = sshbuf_get_u32(m, &ok)) != 0)
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
+        sshbuf_free(m);
+        return (ok);
+}
 #endif /* GSSAPI */

diff --git a/monitor_wrap.c b/monitor_wrap.c index 001a8fa1c..6edb509a3 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c
@@ -993,13 +993,15 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
993	}	993	}
994		994
995	int	995	int
996	mm_ssh_gssapi_userok(char *user)	996	mm_ssh_gssapi_userok(char user, struct passwd pw, int kex)
997	{	997	{
998	struct sshbuf *m;	998	struct sshbuf *m;
999	int r, authenticated = 0;	999	int r, authenticated = 0;
1000		1000
1001	if ((m = sshbuf_new()) == NULL)	1001	if ((m = sshbuf_new()) == NULL)
1002	fatal("%s: sshbuf_new failed", __func__);	1002	fatal("%s: sshbuf_new failed", __func__);
		1003	if ((r = sshbuf_put_u32(m, kex)) != 0)
		1004	fatal("%s: buffer error: %s", __func__, ssh_err(r));
1003		1005
1004	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m);	1006	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m);
1005	mm_request_receive_expect(pmonitor->m_recvfd,	1007	mm_request_receive_expect(pmonitor->m_recvfd,
@@ -1012,4 +1014,57 @@ mm_ssh_gssapi_userok(char *user)
1012	debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");	1014	debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
1013	return (authenticated);	1015	return (authenticated);
1014	}	1016	}
		1017
		1018	OM_uint32
		1019	mm_ssh_gssapi_sign(Gssctxt ctx, gss_buffer_desc data, gss_buffer_desc *hash)
		1020	{
		1021	struct sshbuf *m;
		1022	OM_uint32 major;
		1023	int r;
		1024
		1025	if ((m = sshbuf_new()) == NULL)
		1026	fatal("%s: sshbuf_new failed", __func__);
		1027	if ((r = sshbuf_put_string(m, data->value, data->length)) != 0)
		1028	fatal("%s: buffer error: %s", __func__, ssh_err(r));
		1029
		1030	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSIGN, m);
		1031	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSIGN, m);
		1032
		1033	if ((r = sshbuf_get_u32(m, &major)) != 0 \|\|
		1034	(r = ssh_gssapi_get_buffer_desc(m, hash)) != 0)
		1035	fatal("%s: buffer error: %s", __func__, ssh_err(r));
		1036
		1037	sshbuf_free(m);
		1038
		1039	return (major);
		1040	}
		1041
		1042	int
		1043	mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *store)
		1044	{
		1045	struct sshbuf *m;
		1046	int r, ok;
		1047
		1048	if ((m = sshbuf_new()) == NULL)
		1049	fatal("%s: sshbuf_new failed", __func__);
		1050
		1051	if ((r = sshbuf_put_cstring(m,
		1052	store->filename ? store->filename : "")) != 0 \|\|
		1053	(r = sshbuf_put_cstring(m,
		1054	store->envvar ? store->envvar : "")) != 0 \|\|
		1055	(r = sshbuf_put_cstring(m,
		1056	store->envval ? store->envval : "")) != 0)
		1057	fatal("%s: buffer error: %s", __func__, ssh_err(r));
		1058
		1059	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUPCREDS, m);
		1060	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUPCREDS, m);
		1061
		1062	if ((r = sshbuf_get_u32(m, &ok)) != 0)
		1063	fatal("%s: buffer error: %s", __func__, ssh_err(r));
		1064
		1065	sshbuf_free(m);
		1066
		1067	return (ok);
		1068	}
		1069
1015	#endif /* GSSAPI */	1070	#endif /* GSSAPI */