diff options
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r-- | monitor_wrap.c | 57 |
1 files changed, 56 insertions, 1 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c index 001a8fa1c..6edb509a3 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -993,13 +993,15 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) | |||
993 | } | 993 | } |
994 | 994 | ||
995 | int | 995 | int |
996 | mm_ssh_gssapi_userok(char *user) | 996 | mm_ssh_gssapi_userok(char *user, struct passwd *pw, int kex) |
997 | { | 997 | { |
998 | struct sshbuf *m; | 998 | struct sshbuf *m; |
999 | int r, authenticated = 0; | 999 | int r, authenticated = 0; |
1000 | 1000 | ||
1001 | if ((m = sshbuf_new()) == NULL) | 1001 | if ((m = sshbuf_new()) == NULL) |
1002 | fatal("%s: sshbuf_new failed", __func__); | 1002 | fatal("%s: sshbuf_new failed", __func__); |
1003 | if ((r = sshbuf_put_u32(m, kex)) != 0) | ||
1004 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
1003 | 1005 | ||
1004 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m); | 1006 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m); |
1005 | mm_request_receive_expect(pmonitor->m_recvfd, | 1007 | mm_request_receive_expect(pmonitor->m_recvfd, |
@@ -1012,4 +1014,57 @@ mm_ssh_gssapi_userok(char *user) | |||
1012 | debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); | 1014 | debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); |
1013 | return (authenticated); | 1015 | return (authenticated); |
1014 | } | 1016 | } |
1017 | |||
1018 | OM_uint32 | ||
1019 | mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash) | ||
1020 | { | ||
1021 | struct sshbuf *m; | ||
1022 | OM_uint32 major; | ||
1023 | int r; | ||
1024 | |||
1025 | if ((m = sshbuf_new()) == NULL) | ||
1026 | fatal("%s: sshbuf_new failed", __func__); | ||
1027 | if ((r = sshbuf_put_string(m, data->value, data->length)) != 0) | ||
1028 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
1029 | |||
1030 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSIGN, m); | ||
1031 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSIGN, m); | ||
1032 | |||
1033 | if ((r = sshbuf_get_u32(m, &major)) != 0 || | ||
1034 | (r = ssh_gssapi_get_buffer_desc(m, hash)) != 0) | ||
1035 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
1036 | |||
1037 | sshbuf_free(m); | ||
1038 | |||
1039 | return (major); | ||
1040 | } | ||
1041 | |||
1042 | int | ||
1043 | mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *store) | ||
1044 | { | ||
1045 | struct sshbuf *m; | ||
1046 | int r, ok; | ||
1047 | |||
1048 | if ((m = sshbuf_new()) == NULL) | ||
1049 | fatal("%s: sshbuf_new failed", __func__); | ||
1050 | |||
1051 | if ((r = sshbuf_put_cstring(m, | ||
1052 | store->filename ? store->filename : "")) != 0 || | ||
1053 | (r = sshbuf_put_cstring(m, | ||
1054 | store->envvar ? store->envvar : "")) != 0 || | ||
1055 | (r = sshbuf_put_cstring(m, | ||
1056 | store->envval ? store->envval : "")) != 0) | ||
1057 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
1058 | |||
1059 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUPCREDS, m); | ||
1060 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUPCREDS, m); | ||
1061 | |||
1062 | if ((r = sshbuf_get_u32(m, &ok)) != 0) | ||
1063 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
1064 | |||
1065 | sshbuf_free(m); | ||
1066 | |||
1067 | return (ok); | ||
1068 | } | ||
1069 | |||
1015 | #endif /* GSSAPI */ | 1070 | #endif /* GSSAPI */ |