diff options
author | Damien Miller <djm@mindrot.org> | 2002-09-27 13:25:58 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2002-09-27 13:25:58 +1000 |
commit | d94e549ea8c622c8a75023b649a5d4c051aacf7f (patch) | |
tree | 84b39347f655ba0e33b7a9b6c3d23011a5befdad /monitor.c | |
parent | d27a76de65d557e36420046e44a014d3190f89cb (diff) |
- markus@cvs.openbsd.org 2002/09/26 11:38:43
[auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h]
krb4 + privsep; ok dugsong@, deraadt@
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 53 |
1 files changed, 52 insertions, 1 deletions
@@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.28 2002/09/24 08:46:04 markus Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.29 2002/09/26 11:38:43 markus Exp $"); #include <openssl/dh.h> @@ -120,6 +120,9 @@ int mm_answer_sessid(int, Buffer *); int mm_answer_pam_start(int, Buffer *); #endif +#ifdef KRB4 +int mm_answer_krb4(int, Buffer *); +#endif #ifdef KRB5 int mm_answer_krb5(int, Buffer *); #endif @@ -203,6 +206,9 @@ struct mon_table mon_dispatch_proto15[] = { #ifdef USE_PAM {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, #endif +#ifdef KRB4 + {MONITOR_REQ_KRB4, MON_ONCE|MON_AUTH, mm_answer_krb4}, +#endif #ifdef KRB5 {MONITOR_REQ_KRB5, MON_ONCE|MON_AUTH, mm_answer_krb5}, #endif @@ -1285,6 +1291,51 @@ mm_answer_rsa_response(int socket, Buffer *m) return (success); } +#ifdef KRB4 +int +mm_answer_krb4(int socket, Buffer *m) +{ + KTEXT_ST auth, reply; + char *client, *p; + int success; + u_int alen; + + reply.length = auth.length = 0; + + p = buffer_get_string(m, &alen); + if (alen >= MAX_KTXT_LEN) + fatal("%s: auth too large", __func__); + memcpy(auth.dat, p, alen); + auth.length = alen; + memset(p, 0, alen); + xfree(p); + + success = options.kerberos_authentication && + authctxt->valid && + auth_krb4(authctxt, &auth, &client, &reply); + + memset(auth.dat, 0, alen); + buffer_clear(m); + buffer_put_int(m, success); + + if (success) { + buffer_put_cstring(m, client); + buffer_put_string(m, reply.dat, reply.length); + if (client) + xfree(client); + if (reply.length) + memset(reply.dat, 0, reply.length); + } + + debug3("%s: sending result %d", __func__, success); + mm_request_send(socket, MONITOR_ANS_KRB4, m); + + auth_method = "kerberos"; + + /* Causes monitor loop to terminate if authenticated */ + return (success); +} +#endif #ifdef KRB5 int |