diff options
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r-- | monitor_wrap.c | 57 |
1 files changed, 56 insertions, 1 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c index 186e8f022..8e4c1c1f8 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -978,13 +978,15 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) | |||
978 | } | 978 | } |
979 | 979 | ||
980 | int | 980 | int |
981 | mm_ssh_gssapi_userok(char *user) | 981 | mm_ssh_gssapi_userok(char *user, struct passwd *pw, int kex) |
982 | { | 982 | { |
983 | struct sshbuf *m; | 983 | struct sshbuf *m; |
984 | int r, authenticated = 0; | 984 | int r, authenticated = 0; |
985 | 985 | ||
986 | if ((m = sshbuf_new()) == NULL) | 986 | if ((m = sshbuf_new()) == NULL) |
987 | fatal("%s: sshbuf_new failed", __func__); | 987 | fatal("%s: sshbuf_new failed", __func__); |
988 | if ((r = sshbuf_put_u32(m, kex)) != 0) | ||
989 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
988 | 990 | ||
989 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m); | 991 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m); |
990 | mm_request_receive_expect(pmonitor->m_recvfd, | 992 | mm_request_receive_expect(pmonitor->m_recvfd, |
@@ -997,4 +999,57 @@ mm_ssh_gssapi_userok(char *user) | |||
997 | debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); | 999 | debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); |
998 | return (authenticated); | 1000 | return (authenticated); |
999 | } | 1001 | } |
1002 | |||
1003 | OM_uint32 | ||
1004 | mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash) | ||
1005 | { | ||
1006 | struct sshbuf *m; | ||
1007 | OM_uint32 major; | ||
1008 | int r; | ||
1009 | |||
1010 | if ((m = sshbuf_new()) == NULL) | ||
1011 | fatal("%s: sshbuf_new failed", __func__); | ||
1012 | if ((r = sshbuf_put_string(m, data->value, data->length)) != 0) | ||
1013 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
1014 | |||
1015 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSIGN, m); | ||
1016 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSIGN, m); | ||
1017 | |||
1018 | if ((r = sshbuf_get_u32(m, &major)) != 0 || | ||
1019 | (r = ssh_gssapi_get_buffer_desc(m, hash)) != 0) | ||
1020 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
1021 | |||
1022 | sshbuf_free(m); | ||
1023 | |||
1024 | return (major); | ||
1025 | } | ||
1026 | |||
1027 | int | ||
1028 | mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *store) | ||
1029 | { | ||
1030 | struct sshbuf *m; | ||
1031 | int r, ok; | ||
1032 | |||
1033 | if ((m = sshbuf_new()) == NULL) | ||
1034 | fatal("%s: sshbuf_new failed", __func__); | ||
1035 | |||
1036 | if ((r = sshbuf_put_cstring(m, | ||
1037 | store->filename ? store->filename : "")) != 0 || | ||
1038 | (r = sshbuf_put_cstring(m, | ||
1039 | store->envvar ? store->envvar : "")) != 0 || | ||
1040 | (r = sshbuf_put_cstring(m, | ||
1041 | store->envval ? store->envval : "")) != 0) | ||
1042 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
1043 | |||
1044 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUPCREDS, m); | ||
1045 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUPCREDS, m); | ||
1046 | |||
1047 | if ((r = sshbuf_get_u32(m, &ok)) != 0) | ||
1048 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
1049 | |||
1050 | sshbuf_free(m); | ||
1051 | |||
1052 | return (ok); | ||
1053 | } | ||
1054 | |||
1000 | #endif /* GSSAPI */ | 1055 | #endif /* GSSAPI */ |