1 files changed, 56 insertions, 1 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 4169b7604..fdca39a6a 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -978,13 +978,15 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
 }
 int
-mm_ssh_gssapi_userok(char *user)
+mm_ssh_gssapi_userok(char *user, struct passwd *pw, int kex)
 {
        struct sshbuf *m;
        int r, authenticated = 0;
        if ((m = sshbuf_new()) == NULL)
                fatal("%s: sshbuf_new failed", __func__);
+        if ((r = sshbuf_put_u32(m, kex)) != 0)
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m);
        mm_request_receive_expect(pmonitor->m_recvfd,
@@ -997,4 +999,57 @@ mm_ssh_gssapi_userok(char *user)
        debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
        return (authenticated);
 }
+OM_uint32
+mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash)
+{
+        struct sshbuf *m;
+        OM_uint32 major;
+        int r;
+        if ((m = sshbuf_new()) == NULL)
+                fatal("%s: sshbuf_new failed", __func__);
+        if ((r = sshbuf_put_string(m, data->value, data->length)) != 0)
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSIGN, m);
+        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSIGN, m);
+        if ((r = sshbuf_get_u32(m, &major)) != 0 ||
+            (r = ssh_gssapi_get_buffer_desc(m, hash)) != 0)
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
+        sshbuf_free(m);
+        return (major);
+}
+int
+mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *store)
+{
+        struct sshbuf *m;
+        int r, ok;
+        if ((m = sshbuf_new()) == NULL)
+                fatal("%s: sshbuf_new failed", __func__);
+        if ((r = sshbuf_put_cstring(m,
+            store->filename ? store->filename : "")) != 0 ||
+            (r = sshbuf_put_cstring(m,
+            store->envvar ? store->envvar : "")) != 0 ||
+            (r = sshbuf_put_cstring(m,
+            store->envval ? store->envval : "")) != 0)
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUPCREDS, m);
+        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUPCREDS, m);
+        if ((r = sshbuf_get_u32(m, &ok)) != 0)
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
+        sshbuf_free(m);
+        return (ok);
+}
 #endif /* GSSAPI */

diff --git a/monitor_wrap.c b/monitor_wrap.c index 4169b7604..fdca39a6a 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c
@@ -978,13 +978,15 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
978	}	978	}
979		979
980	int	980	int
981	mm_ssh_gssapi_userok(char *user)	981	mm_ssh_gssapi_userok(char user, struct passwd pw, int kex)
982	{	982	{
983	struct sshbuf *m;	983	struct sshbuf *m;
984	int r, authenticated = 0;	984	int r, authenticated = 0;
985		985
986	if ((m = sshbuf_new()) == NULL)	986	if ((m = sshbuf_new()) == NULL)
987	fatal("%s: sshbuf_new failed", __func__);	987	fatal("%s: sshbuf_new failed", __func__);
		988	if ((r = sshbuf_put_u32(m, kex)) != 0)
		989	fatal("%s: buffer error: %s", __func__, ssh_err(r));
988		990
989	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m);	991	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m);
990	mm_request_receive_expect(pmonitor->m_recvfd,	992	mm_request_receive_expect(pmonitor->m_recvfd,
@@ -997,4 +999,57 @@ mm_ssh_gssapi_userok(char *user)
997	debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");	999	debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
998	return (authenticated);	1000	return (authenticated);
999	}	1001	}
		1002
		1003	OM_uint32
		1004	mm_ssh_gssapi_sign(Gssctxt ctx, gss_buffer_desc data, gss_buffer_desc *hash)
		1005	{
		1006	struct sshbuf *m;
		1007	OM_uint32 major;
		1008	int r;
		1009
		1010	if ((m = sshbuf_new()) == NULL)
		1011	fatal("%s: sshbuf_new failed", __func__);
		1012	if ((r = sshbuf_put_string(m, data->value, data->length)) != 0)
		1013	fatal("%s: buffer error: %s", __func__, ssh_err(r));
		1014
		1015	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSIGN, m);
		1016	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSIGN, m);
		1017
		1018	if ((r = sshbuf_get_u32(m, &major)) != 0 \|\|
		1019	(r = ssh_gssapi_get_buffer_desc(m, hash)) != 0)
		1020	fatal("%s: buffer error: %s", __func__, ssh_err(r));
		1021
		1022	sshbuf_free(m);
		1023
		1024	return (major);
		1025	}
		1026
		1027	int
		1028	mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *store)
		1029	{
		1030	struct sshbuf *m;
		1031	int r, ok;
		1032
		1033	if ((m = sshbuf_new()) == NULL)
		1034	fatal("%s: sshbuf_new failed", __func__);
		1035
		1036	if ((r = sshbuf_put_cstring(m,
		1037	store->filename ? store->filename : "")) != 0 \|\|
		1038	(r = sshbuf_put_cstring(m,
		1039	store->envvar ? store->envvar : "")) != 0 \|\|
		1040	(r = sshbuf_put_cstring(m,
		1041	store->envval ? store->envval : "")) != 0)
		1042	fatal("%s: buffer error: %s", __func__, ssh_err(r));
		1043
		1044	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUPCREDS, m);
		1045	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUPCREDS, m);
		1046
		1047	if ((r = sshbuf_get_u32(m, &ok)) != 0)
		1048	fatal("%s: buffer error: %s", __func__, ssh_err(r));
		1049
		1050	sshbuf_free(m);
		1051
		1052	return (ok);
		1053	}
		1054
1000	#endif /* GSSAPI */	1055	#endif /* GSSAPI */