gitweb.dragonflybsd.org Git - dragonfly.git/blame

Commit	Line	Data
36e94dc5	1	/* $OpenBSD: monitor_wrap.c,v 1.80 2014/04/29 18:01:49 markus Exp $ */
16c343f1 PA	2	/*
	3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>
	4	* Copyright 2002 Markus Friedl <markus@openbsd.org>
	5	* All rights reserved.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	* 1. Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	* 2. Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in the
	14	* documentation and/or other materials provided with the distribution.
	15	*
	16	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	17	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	18	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	19	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	20	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	21	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	22	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	23	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	24	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	25	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	26	*/
	27
	28	#include "includes.h"
	29
	30	#include <sys/types.h>
	31	#include <sys/uio.h>
	32
	33	#include <errno.h>
	34	#include <pwd.h>
	35	#include <signal.h>
	36	#include <stdarg.h>
	37	#include <stdio.h>
	38	#include <string.h>
	39	#include <unistd.h>
	40
36e94dc5	41	#ifdef WITH_OPENSSL
16c343f1 PA	42	#include <openssl/bn.h>
16c343f1 PA	43	#include <openssl/dh.h>
cb5eb4f1	44	#include <openssl/evp.h>
36e94dc5	45	#endif
16c343f1	46
3b69e377	47	#include "openbsd-compat/sys-queue.h"
16c343f1 PA	48	#include "xmalloc.h"
16c343f1 PA	49	#include "ssh.h"
36e94dc5	50	#ifdef WITH_OPENSSL
16c343f1	51	#include "dh.h"
36e94dc5	52	#endif
16c343f1 PA	53	#include "buffer.h"
	54	#include "key.h"
	55	#include "cipher.h"
	56	#include "kex.h"
	57	#include "hostfile.h"
	58	#include "auth.h"
	59	#include "auth-options.h"
	60	#include "packet.h"
	61	#include "mac.h"
	62	#include "log.h"
	63	#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */
	64	#undef TARGET_OS_MAC
	65	#include "zlib.h"
	66	#define TARGET_OS_MAC 1
	67	#else
	68	#include "zlib.h"
	69	#endif
	70	#include "monitor.h"
	71	#ifdef GSSAPI
	72	#include "ssh-gss.h"
	73	#endif
	74	#include "monitor_wrap.h"
	75	#include "atomicio.h"
	76	#include "monitor_fdpass.h"
	77	#include "misc.h"
9f304aaf	78	#include "uuencode.h"
16c343f1 PA	79
	80	#include "channels.h"
	81	#include "session.h"
	82	#include "servconf.h"
40c002af	83	#include "roaming.h"
16c343f1 PA	84
	85	/* Imports */
	86	extern int compat20;
16c343f1 PA	87	extern z_stream incoming_stream;
	88	extern z_stream outgoing_stream;
	89	extern struct monitor *pmonitor;
16c343f1 PA	90	extern Buffer loginmsg;
	91	extern ServerOptions options;
	92
1c188a7f PA	93	void
	94	mm_log_handler(LogLevel level, const char msg, void ctx)
	95	{
	96	Buffer log_msg;
	97	struct monitor mon = (struct monitor )ctx;
	98
	99	if (mon->m_log_sendfd == -1)
	100	fatal("%s: no log channel", __func__);
	101
	102	buffer_init(&log_msg);
	103	/*
	104	* Placeholder for packet length. Will be filled in with the actual
	105	* packet length once the packet has been constucted. This saves
	106	* fragile math.
	107	*/
	108	buffer_put_int(&log_msg, 0);
	109
	110	buffer_put_int(&log_msg, level);
	111	buffer_put_cstring(&log_msg, msg);
	112	put_u32(buffer_ptr(&log_msg), buffer_len(&log_msg) - 4);
	113	if (atomicio(vwrite, mon->m_log_sendfd, buffer_ptr(&log_msg),
	114	buffer_len(&log_msg)) != buffer_len(&log_msg))
	115	fatal("%s: write: %s", __func__, strerror(errno));
	116	buffer_free(&log_msg);
	117	}
	118
16c343f1 PA	119	int
	120	mm_is_monitor(void)
	121	{
	122	/*
	123	* m_pid is only set in the privileged part, and
	124	* points to the unprivileged child.
	125	*/
	126	return (pmonitor && pmonitor->m_pid > 0);
	127	}
	128
	129	void
	130	mm_request_send(int sock, enum monitor_reqtype type, Buffer *m)
	131	{
	132	u_int mlen = buffer_len(m);
	133	u_char buf[5];
	134
	135	debug3("%s entering: type %d", __func__, type);
	136
	137	put_u32(buf, mlen + 1);
	138	buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */
	139	if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf))
	140	fatal("%s: write: %s", __func__, strerror(errno));
	141	if (atomicio(vwrite, sock, buffer_ptr(m), mlen) != mlen)
	142	fatal("%s: write: %s", __func__, strerror(errno));
	143	}
	144
	145	void
	146	mm_request_receive(int sock, Buffer *m)
	147	{
	148	u_char buf[4];
	149	u_int msg_len;
	150
	151	debug3("%s entering", __func__);
	152
	153	if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
	154	if (errno == EPIPE)
	155	cleanup_exit(255);
	156	fatal("%s: read: %s", __func__, strerror(errno));
	157	}
	158	msg_len = get_u32(buf);
	159	if (msg_len > 256 * 1024)
	160	fatal("%s: read: bad msg_len %d", __func__, msg_len);
	161	buffer_clear(m);
	162	buffer_append_space(m, msg_len);
	163	if (atomicio(read, sock, buffer_ptr(m), msg_len) != msg_len)
	164	fatal("%s: read: %s", __func__, strerror(errno));
	165	}
	166
	167	void
	168	mm_request_receive_expect(int sock, enum monitor_reqtype type, Buffer *m)
	169	{
	170	u_char rtype;
	171
	172	debug3("%s entering: type %d", __func__, type);
	173
	174	mm_request_receive(sock, m);
	175	rtype = buffer_get_char(m);
	176	if (rtype != type)
	177	fatal("%s: read: rtype %d != type %d", __func__,
	178	rtype, type);
	179	}
	180
36e94dc5	181	#ifdef WITH_OPENSSL
16c343f1 PA	182	DH *
	183	mm_choose_dh(int min, int nbits, int max)
	184	{
	185	BIGNUM p, g;
	186	int success = 0;
	187	Buffer m;
	188
	189	buffer_init(&m);
	190	buffer_put_int(&m, min);
	191	buffer_put_int(&m, nbits);
	192	buffer_put_int(&m, max);
	193
	194	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, &m);
	195
	196	debug3("%s: waiting for MONITOR_ANS_MODULI", __func__);
	197	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, &m);
	198
	199	success = buffer_get_char(&m);
	200	if (success == 0)
	201	fatal("%s: MONITOR_ANS_MODULI failed", __func__);
	202
	203	if ((p = BN_new()) == NULL)
	204	fatal("%s: BN_new failed", __func__);
	205	if ((g = BN_new()) == NULL)
	206	fatal("%s: BN_new failed", __func__);
	207	buffer_get_bignum2(&m, p);
	208	buffer_get_bignum2(&m, g);
	209
	210	debug3("%s: remaining %d", __func__, buffer_len(&m));
	211	buffer_free(&m);
	212
	213	return (dh_new_group(g, p));
	214	}
36e94dc5	215	#endif
16c343f1 PA	216
	217	int
	218	mm_key_sign(Key key, u_char sigp, u_int lenp, u_char *data, u_int datalen)
	219	{
	220	Kex kex = pmonitor->m_pkex;
	221	Buffer m;
	222
	223	debug3("%s entering", __func__);
	224
	225	buffer_init(&m);
	226	buffer_put_int(&m, kex->host_key_index(key));
	227	buffer_put_string(&m, data, datalen);
	228
	229	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m);
	230
	231	debug3("%s: waiting for MONITOR_ANS_SIGN", __func__);
	232	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, &m);
	233	*sigp = buffer_get_string(&m, lenp);
	234	buffer_free(&m);
	235
	236	return (0);
	237	}
	238
	239	struct passwd *
	240	mm_getpwnamallow(const char *username)
	241	{
	242	Buffer m;
	243	struct passwd *pw;
1c188a7f	244	u_int len, i;
16c343f1 PA	245	ServerOptions *newopts;
	246
	247	debug3("%s entering", __func__);
	248
	249	buffer_init(&m);
	250	buffer_put_cstring(&m, username);
	251
	252	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, &m);
	253
	254	debug3("%s: waiting for MONITOR_ANS_PWNAM", __func__);
	255	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, &m);
	256
	257	if (buffer_get_char(&m) == 0) {
	258	pw = NULL;
	259	goto out;
	260	}
	261	pw = buffer_get_string(&m, &len);
	262	if (len != sizeof(struct passwd))
	263	fatal("%s: struct passwd size mismatch", __func__);
	264	pw->pw_name = buffer_get_string(&m, NULL);
	265	pw->pw_passwd = buffer_get_string(&m, NULL);
36e94dc5	266	#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
16c343f1	267	pw->pw_gecos = buffer_get_string(&m, NULL);
36e94dc5 PA	268	#endif
36e94dc5 PA	269	#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
16c343f1 PA	270	pw->pw_class = buffer_get_string(&m, NULL);
	271	#endif
	272	pw->pw_dir = buffer_get_string(&m, NULL);
	273	pw->pw_shell = buffer_get_string(&m, NULL);
	274
	275	out:
	276	/* copy options block as a Match directive may have changed some */
	277	newopts = buffer_get_string(&m, &len);
	278	if (len != sizeof(*newopts))
	279	fatal("%s: option block size mismatch", __func__);
1c188a7f PA	280
	281	#define M_CP_STROPT(x) do { \
	282	if (newopts->x != NULL) \
	283	newopts->x = buffer_get_string(&m, NULL); \
	284	} while (0)
	285	#define M_CP_STRARRAYOPT(x, nx) do { \
	286	for (i = 0; i < newopts->nx; i++) \
	287	newopts->x[i] = buffer_get_string(&m, NULL); \
	288	} while (0)
	289	/* See comment in servconf.h */
	290	COPY_MATCH_STRING_OPTS();
	291	#undef M_CP_STROPT
	292	#undef M_CP_STRARRAYOPT
	293
16c343f1	294	copy_set_server_options(&options, newopts, 1);
36e94dc5	295	free(newopts);
16c343f1 PA	296
	297	buffer_free(&m);
	298
	299	return (pw);
	300	}
	301
	302	char *
	303	mm_auth2_read_banner(void)
	304	{
	305	Buffer m;
	306	char *banner;
	307
	308	debug3("%s entering", __func__);
	309
	310	buffer_init(&m);
	311	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m);
	312	buffer_clear(&m);
	313
	314	mm_request_receive_expect(pmonitor->m_recvfd,
	315	MONITOR_ANS_AUTH2_READ_BANNER, &m);
	316	banner = buffer_get_string(&m, NULL);
	317	buffer_free(&m);
	318
	319	/* treat empty banner as missing banner */
	320	if (strlen(banner) == 0) {
36e94dc5	321	free(banner);
16c343f1 PA	322	banner = NULL;
	323	}
	324	return (banner);
	325	}
	326
	327	/* Inform the privileged process about service and style */
	328
	329	void
	330	mm_inform_authserv(char service, char style)
	331	{
	332	Buffer m;
	333
	334	debug3("%s entering", __func__);
	335
	336	buffer_init(&m);
	337	buffer_put_cstring(&m, service);
	338	buffer_put_cstring(&m, style ? style : "");
	339
	340	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m);
	341
	342	buffer_free(&m);
	343	}
	344
	345	/* Do the password authentication */
	346	int
	347	mm_auth_password(Authctxt authctxt, char password)
	348	{
	349	Buffer m;
	350	int authenticated = 0;
	351
	352	debug3("%s entering", __func__);
	353
	354	buffer_init(&m);
	355	buffer_put_cstring(&m, password);
	356	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m);
	357
	358	debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __func__);
	359	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m);
	360
	361	authenticated = buffer_get_int(&m);
	362
	363	buffer_free(&m);
	364
	365	debug3("%s: user %sauthenticated",
	366	__func__, authenticated ? "" : "not ");
	367	return (authenticated);
	368	}
	369
	370	int
	371	mm_user_key_allowed(struct passwd pw, Key key)
	372	{
	373	return (mm_key_allowed(MM_USERKEY, NULL, NULL, key));
	374	}
	375
	376	int
	377	mm_hostbased_key_allowed(struct passwd pw, char user, char *host,
	378	Key *key)
	379	{
	380	return (mm_key_allowed(MM_HOSTKEY, user, host, key));
	381	}
	382
	383	int
	384	mm_auth_rhosts_rsa_key_allowed(struct passwd pw, char user,
	385	char host, Key key)
386	{
387	int ret;
388
389	key->type = KEY_RSA; /* XXX hack for key_to_blob */
390	ret = mm_key_allowed(MM_RSAHOSTKEY, user, host, key);
391	key->type = KEY_RSA1;
392	return (ret);
393	}
394
16c343f1 PA	395	int
	396	mm_key_allowed(enum mm_keytype type, char user, char host, Key *key)
	397	{
	398	Buffer m;
	399	u_char *blob;
	400	u_int len;
	401	int allowed = 0, have_forced = 0;
	402
	403	debug3("%s entering", __func__);
	404
	405	/* Convert the key to a blob and the pass it over */
	406	if (!key_to_blob(key, &blob, &len))
	407	return (0);
	408
	409	buffer_init(&m);
	410	buffer_put_int(&m, type);
	411	buffer_put_cstring(&m, user ? user : "");
	412	buffer_put_cstring(&m, host ? host : "");
	413	buffer_put_string(&m, blob, len);
36e94dc5	414	free(blob);
16c343f1 PA	415
	416	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);
	417
	418	debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__);
	419	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m);
	420
	421	allowed = buffer_get_int(&m);
	422
	423	/* fake forced command */
	424	auth_clear_options();
	425	have_forced = buffer_get_int(&m);
	426	forced_command = have_forced ? xstrdup("true") : NULL;
	427
16c343f1 PA	428	buffer_free(&m);
	429
	430	return (allowed);
	431	}
	432
	433	/*
	434	* This key verify needs to send the key type along, because the
	435	* privileged parent makes the decision if the key is allowed
	436	* for authentication.
	437	*/
	438
	439	int
	440	mm_key_verify(Key key, u_char sig, u_int siglen, u_char *data, u_int datalen)
	441	{
	442	Buffer m;
	443	u_char *blob;
	444	u_int len;
	445	int verified = 0;
	446
	447	debug3("%s entering", __func__);
	448
	449	/* Convert the key to a blob and the pass it over */
	450	if (!key_to_blob(key, &blob, &len))
	451	return (0);
	452
	453	buffer_init(&m);
	454	buffer_put_string(&m, blob, len);
	455	buffer_put_string(&m, sig, siglen);
	456	buffer_put_string(&m, data, datalen);
36e94dc5	457	free(blob);
16c343f1 PA	458
	459	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m);
	460
	461	debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__);
	462	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m);
	463
	464	verified = buffer_get_int(&m);
	465
	466	buffer_free(&m);
	467
	468	return (verified);
	469	}
	470
	471	/* Export key state after authentication */
	472	Newkeys *
	473	mm_newkeys_from_blob(u_char *blob, int blen)
	474	{
	475	Buffer b;
	476	u_int len;
	477	Newkeys *newkey = NULL;
	478	Enc *enc;
	479	Mac *mac;
	480	Comp *comp;
	481
	482	debug3("%s: %p(%d)", __func__, blob, blen);
	483	#ifdef DEBUG_PK
	484	dump_base64(stderr, blob, blen);
	485	#endif
	486	buffer_init(&b);
	487	buffer_append(&b, blob, blen);
	488
36e94dc5	489	newkey = xcalloc(1, sizeof(*newkey));
16c343f1 PA	490	enc = &newkey->enc;
	491	mac = &newkey->mac;
	492	comp = &newkey->comp;
	493
	494	/* Enc structure */
	495	enc->name = buffer_get_string(&b, NULL);
	496	buffer_get(&b, &enc->cipher, sizeof(enc->cipher));
	497	enc->enabled = buffer_get_int(&b);
	498	enc->block_size = buffer_get_int(&b);
	499	enc->key = buffer_get_string(&b, &enc->key_len);
36e94dc5	500	enc->iv = buffer_get_string(&b, &enc->iv_len);
16c343f1 PA	501
	502	if (enc->name == NULL \|\| cipher_by_name(enc->name) != enc->cipher)
	503	fatal("%s: bad cipher name %s or pointer %p", __func__,
	504	enc->name, enc->cipher);
	505
	506	/* Mac structure */
36e94dc5 PA	507	if (cipher_authlen(enc->cipher) == 0) {
	508	mac->name = buffer_get_string(&b, NULL);
	509	if (mac->name == NULL \|\| mac_setup(mac, mac->name) == -1)
	510	fatal("%s: can not setup mac %s", __func__, mac->name);
	511	mac->enabled = buffer_get_int(&b);
	512	mac->key = buffer_get_string(&b, &len);
	513	if (len > mac->key_len)
	514	fatal("%s: bad mac key length: %u > %d", __func__, len,
	515	mac->key_len);
	516	mac->key_len = len;
	517	}
16c343f1 PA	518
	519	/* Comp structure */
	520	comp->type = buffer_get_int(&b);
	521	comp->enabled = buffer_get_int(&b);
	522	comp->name = buffer_get_string(&b, NULL);
	523
	524	len = buffer_len(&b);
	525	if (len != 0)
	526	error("newkeys_from_blob: remaining bytes in blob %u", len);
	527	buffer_free(&b);
	528	return (newkey);
	529	}
	530
	531	int
	532	mm_newkeys_to_blob(int mode, u_char *blobp, u_int lenp)
	533	{
	534	Buffer b;
	535	int len;
	536	Enc *enc;
	537	Mac *mac;
	538	Comp *comp;
40c002af	539	Newkeys newkey = (Newkeys )packet_get_newkeys(mode);
16c343f1 PA	540
	541	debug3("%s: converting %p", __func__, newkey);
	542
	543	if (newkey == NULL) {
	544	error("%s: newkey == NULL", __func__);
	545	return 0;
	546	}
	547	enc = &newkey->enc;
	548	mac = &newkey->mac;
	549	comp = &newkey->comp;
	550
	551	buffer_init(&b);
	552	/* Enc structure */
	553	buffer_put_cstring(&b, enc->name);
	554	/* The cipher struct is constant and shared, you export pointer */
	555	buffer_append(&b, &enc->cipher, sizeof(enc->cipher));
	556	buffer_put_int(&b, enc->enabled);
	557	buffer_put_int(&b, enc->block_size);
	558	buffer_put_string(&b, enc->key, enc->key_len);
36e94dc5 PA	559	packet_get_keyiv(mode, enc->iv, enc->iv_len);
36e94dc5 PA	560	buffer_put_string(&b, enc->iv, enc->iv_len);
16c343f1 PA	561
16c343f1 PA	562	/* Mac structure */
36e94dc5 PA	563	if (cipher_authlen(enc->cipher) == 0) {
	564	buffer_put_cstring(&b, mac->name);
	565	buffer_put_int(&b, mac->enabled);
	566	buffer_put_string(&b, mac->key, mac->key_len);
	567	}
16c343f1 PA	568
	569	/* Comp structure */
	570	buffer_put_int(&b, comp->type);
	571	buffer_put_int(&b, comp->enabled);
	572	buffer_put_cstring(&b, comp->name);
	573
	574	len = buffer_len(&b);
	575	if (lenp != NULL)
	576	*lenp = len;
	577	if (blobp != NULL) {
	578	*blobp = xmalloc(len);
	579	memcpy(*blobp, buffer_ptr(&b), len);
	580	}
36e94dc5	581	explicit_bzero(buffer_ptr(&b), len);
16c343f1 PA	582	buffer_free(&b);
	583	return len;
	584	}
	585
	586	static void
	587	mm_send_kex(Buffer m, Kex kex)
	588	{
	589	buffer_put_string(m, kex->session_id, kex->session_id_len);
	590	buffer_put_int(m, kex->we_need);
	591	buffer_put_int(m, kex->hostkey_type);
	592	buffer_put_int(m, kex->kex_type);
	593	buffer_put_string(m, buffer_ptr(&kex->my), buffer_len(&kex->my));
	594	buffer_put_string(m, buffer_ptr(&kex->peer), buffer_len(&kex->peer));
	595	buffer_put_int(m, kex->flags);
	596	buffer_put_cstring(m, kex->client_version_string);
	597	buffer_put_cstring(m, kex->server_version_string);
	598	}
	599
	600	void
	601	mm_send_keystate(struct monitor *monitor)
	602	{
40c002af	603	Buffer m, input, output;
16c343f1 PA	604	u_char blob, p;
	605	u_int bloblen, plen;
	606	u_int32_t seqnr, packets;
3b69e377	607	u_int64_t blocks, bytes;
16c343f1 PA	608
	609	buffer_init(&m);
	610
	611	if (!compat20) {
	612	u_char iv[24];
	613	u_char *key;
	614	u_int ivlen, keylen;
	615
	616	buffer_put_int(&m, packet_get_protocol_flags());
	617
	618	buffer_put_int(&m, packet_get_ssh1_cipher());
	619
	620	debug3("%s: Sending ssh1 KEY+IV", __func__);
	621	keylen = packet_get_encryption_key(NULL);
	622	key = xmalloc(keylen+1); /* add 1 if keylen == 0 */
	623	keylen = packet_get_encryption_key(key);
	624	buffer_put_string(&m, key, keylen);
36e94dc5 PA	625	explicit_bzero(key, keylen);
36e94dc5 PA	626	free(key);
16c343f1 PA	627
	628	ivlen = packet_get_keyiv_len(MODE_OUT);
	629	packet_get_keyiv(MODE_OUT, iv, ivlen);
	630	buffer_put_string(&m, iv, ivlen);
36e94dc5	631	ivlen = packet_get_keyiv_len(MODE_IN);
16c343f1 PA	632	packet_get_keyiv(MODE_IN, iv, ivlen);
	633	buffer_put_string(&m, iv, ivlen);
	634	goto skip;
	635	} else {
	636	/* Kex for rekeying */
	637	mm_send_kex(&m, *monitor->m_pkex);
	638	}
	639
	640	debug3("%s: Sending new keys: %p %p",
40c002af PA	641	__func__, packet_get_newkeys(MODE_OUT),
40c002af PA	642	packet_get_newkeys(MODE_IN));
16c343f1 PA	643
	644	/* Keys from Kex */
	645	if (!mm_newkeys_to_blob(MODE_OUT, &blob, &bloblen))
	646	fatal("%s: conversion of newkeys failed", __func__);
	647
	648	buffer_put_string(&m, blob, bloblen);
36e94dc5	649	free(blob);
16c343f1 PA	650
	651	if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen))
	652	fatal("%s: conversion of newkeys failed", __func__);
	653
	654	buffer_put_string(&m, blob, bloblen);
36e94dc5	655	free(blob);
16c343f1	656
3b69e377	657	packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes);
16c343f1 PA	658	buffer_put_int(&m, seqnr);
	659	buffer_put_int64(&m, blocks);
	660	buffer_put_int(&m, packets);
3b69e377 PA	661	buffer_put_int64(&m, bytes);
3b69e377 PA	662	packet_get_state(MODE_IN, &seqnr, &blocks, &packets, &bytes);
16c343f1 PA	663	buffer_put_int(&m, seqnr);
	664	buffer_put_int64(&m, blocks);
	665	buffer_put_int(&m, packets);
3b69e377	666	buffer_put_int64(&m, bytes);
16c343f1 PA	667
	668	debug3("%s: New keys have been sent", __func__);
	669	skip:
	670	/* More key context */
	671	plen = packet_get_keycontext(MODE_OUT, NULL);
	672	p = xmalloc(plen+1);
	673	packet_get_keycontext(MODE_OUT, p);
	674	buffer_put_string(&m, p, plen);
36e94dc5	675	free(p);
16c343f1 PA	676
	677	plen = packet_get_keycontext(MODE_IN, NULL);
	678	p = xmalloc(plen+1);
	679	packet_get_keycontext(MODE_IN, p);
	680	buffer_put_string(&m, p, plen);
36e94dc5	681	free(p);
16c343f1 PA	682
	683	/* Compression state */
	684	debug3("%s: Sending compression state", __func__);
	685	buffer_put_string(&m, &outgoing_stream, sizeof(outgoing_stream));
	686	buffer_put_string(&m, &incoming_stream, sizeof(incoming_stream));
	687
	688	/* Network I/O buffers */
40c002af PA	689	input = (Buffer *)packet_get_input();
	690	output = (Buffer *)packet_get_output();
	691	buffer_put_string(&m, buffer_ptr(input), buffer_len(input));
	692	buffer_put_string(&m, buffer_ptr(output), buffer_len(output));
	693
	694	/* Roaming */
	695	if (compat20) {
	696	buffer_put_int64(&m, get_sent_bytes());
	697	buffer_put_int64(&m, get_recv_bytes());
	698	}
16c343f1 PA	699
	700	mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYEXPORT, &m);
	701	debug3("%s: Finished sending state", __func__);
	702
	703	buffer_free(&m);
	704	}
	705
	706	int
	707	mm_pty_allocate(int ptyfd, int ttyfd, char *namebuf, size_t namebuflen)
	708	{
	709	Buffer m;
	710	char p, msg;
3b69e377 PA	711	int success = 0, tmp1 = -1, tmp2 = -1;
	712
	713	/* Kludge: ensure there are fds free to receive the pty/tty */
	714	if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 \|\|
	715	(tmp2 = dup(pmonitor->m_recvfd)) == -1) {
	716	error("%s: cannot allocate fds for pty", __func__);
	717	if (tmp1 > 0)
	718	close(tmp1);
	719	if (tmp2 > 0)
	720	close(tmp2);
	721	return 0;
	722	}
	723	close(tmp1);
	724	close(tmp2);
16c343f1 PA	725
	726	buffer_init(&m);
	727	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m);
	728
	729	debug3("%s: waiting for MONITOR_ANS_PTY", __func__);
	730	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, &m);
	731
	732	success = buffer_get_int(&m);
	733	if (success == 0) {
	734	debug3("%s: pty alloc failed", __func__);
	735	buffer_free(&m);
	736	return (0);
	737	}
	738	p = buffer_get_string(&m, NULL);
	739	msg = buffer_get_string(&m, NULL);
	740	buffer_free(&m);
	741
	742	strlcpy(namebuf, p, namebuflen); /* Possible truncation */
36e94dc5	743	free(p);
16c343f1 PA	744
16c343f1 PA	745	buffer_append(&loginmsg, msg, strlen(msg));
36e94dc5	746	free(msg);
16c343f1 PA	747
	748	if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 \|\|
	749	(*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1)
	750	fatal("%s: receive fds failed", __func__);
	751
	752	/* Success */
	753	return (1);
	754	}
	755
	756	void
	757	mm_session_pty_cleanup2(Session *s)
	758	{
	759	Buffer m;
	760
	761	if (s->ttyfd == -1)
	762	return;
	763	buffer_init(&m);
	764	buffer_put_cstring(&m, s->tty);
	765	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m);
	766	buffer_free(&m);
	767
	768	/* closed dup'ed master */
3b69e377 PA	769	if (s->ptymaster != -1 && close(s->ptymaster) < 0)
	770	error("close(s->ptymaster/%d): %s",
	771	s->ptymaster, strerror(errno));
16c343f1 PA	772
	773	/* unlink pty from session */
	774	s->ttyfd = -1;
	775	}
	776
	777	#ifdef USE_PAM
	778	void
	779	mm_start_pam(Authctxt *authctxt)
	780	{
	781	Buffer m;
	782
	783	debug3("%s entering", __func__);
	784	if (!options.use_pam)
	785	fatal("UsePAM=no, but ended up in %s anyway", __func__);
	786
	787	buffer_init(&m);
	788	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, &m);
	789
	790	buffer_free(&m);
	791	}
	792
	793	u_int
	794	mm_do_pam_account(void)
	795	{
	796	Buffer m;
	797	u_int ret;
	798	char *msg;
	799
	800	debug3("%s entering", __func__);
	801	if (!options.use_pam)
	802	fatal("UsePAM=no, but ended up in %s anyway", __func__);
	803
	804	buffer_init(&m);
	805	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, &m);
	806
	807	mm_request_receive_expect(pmonitor->m_recvfd,
	808	MONITOR_ANS_PAM_ACCOUNT, &m);
	809	ret = buffer_get_int(&m);
	810	msg = buffer_get_string(&m, NULL);
	811	buffer_append(&loginmsg, msg, strlen(msg));
36e94dc5	812	free(msg);
16c343f1 PA	813
	814	buffer_free(&m);
	815
	816	debug3("%s returning %d", __func__, ret);
	817
	818	return (ret);
	819	}
	820
	821	void *
	822	mm_sshpam_init_ctx(Authctxt *authctxt)
	823	{
	824	Buffer m;
	825	int success;
	826
	827	debug3("%s", __func__);
	828	buffer_init(&m);
	829	buffer_put_cstring(&m, authctxt->user);
	830	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m);
	831	debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
	832	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m);
	833	success = buffer_get_int(&m);
	834	if (success == 0) {
	835	debug3("%s: pam_init_ctx failed", __func__);
	836	buffer_free(&m);
	837	return (NULL);
	838	}
	839	buffer_free(&m);
	840	return (authctxt);
	841	}
	842
	843	int
	844	mm_sshpam_query(void ctx, char name, char *info,
	845	u_int num, char prompts, u_int echo_on)
	846	{
	847	Buffer m;
	848	u_int i;
	849	int ret;
	850
	851	debug3("%s", __func__);
	852	buffer_init(&m);
	853	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, &m);
	854	debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__);
	855	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, &m);
	856	ret = buffer_get_int(&m);
	857	debug3("%s: pam_query returned %d", __func__, ret);
	858	*name = buffer_get_string(&m, NULL);
	859	*info = buffer_get_string(&m, NULL);
	860	*num = buffer_get_int(&m);
	861	if (*num > PAM_MAX_NUM_MSG)
	862	fatal("%s: recieved %u PAM messages, expected <= %u",
	863	__func__, *num, PAM_MAX_NUM_MSG);
	864	prompts = xcalloc((num + 1), sizeof(char *));
	865	echo_on = xcalloc((num + 1), sizeof(u_int));
	866	for (i = 0; i < *num; ++i) {
	867	(*prompts)[i] = buffer_get_string(&m, NULL);
	868	(*echo_on)[i] = buffer_get_int(&m);
	869	}
	870	buffer_free(&m);
	871	return (ret);
	872	}
	873
	874	int
	875	mm_sshpam_respond(void ctx, u_int num, char *resp)
	876	{
877	Buffer m;
878	u_int i;
879	int ret;
880
881	debug3("%s", __func__);
882	buffer_init(&m);
883	buffer_put_int(&m, num);
884	for (i = 0; i < num; ++i)
885	buffer_put_cstring(&m, resp[i]);
886	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, &m);
887	debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__);
888	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_RESPOND, &m);
889	ret = buffer_get_int(&m);
890	debug3("%s: pam_respond returned %d", __func__, ret);
891	buffer_free(&m);
892	return (ret);
893	}
894
895	void
896	mm_sshpam_free_ctx(void *ctxtp)
897	{
898	Buffer m;
899
900	debug3("%s", __func__);
901	buffer_init(&m);
902	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, &m);
903	debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__);
904	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_FREE_CTX, &m);
905	buffer_free(&m);
906	}
907	#endif /* USE_PAM */
908
909	/* Request process termination */
910
911	void
912	mm_terminate(void)
913	{
914	Buffer m;
915
916	buffer_init(&m);
917	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, &m);
918	buffer_free(&m);
919	}
920
36e94dc5	921	#ifdef WITH_SSH1
16c343f1 PA	922	int
	923	mm_ssh1_session_key(BIGNUM *num)
	924	{
	925	int rsafail;
	926	Buffer m;
	927
	928	buffer_init(&m);
	929	buffer_put_bignum2(&m, num);
	930	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSKEY, &m);
	931
	932	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SESSKEY, &m);
	933
	934	rsafail = buffer_get_int(&m);
	935	buffer_get_bignum2(&m, num);
	936
	937	buffer_free(&m);
	938
	939	return (rsafail);
	940	}
36e94dc5	941	#endif
16c343f1 PA	942
	943	static void
	944	mm_chall_setup(char name, char infotxt, u_int *numprompts,
	945	char *prompts, u_int echo_on)
	946	{
	947	*name = xstrdup("");
	948	*infotxt = xstrdup("");
	949	*numprompts = 1;
	950	prompts = xcalloc(numprompts, sizeof(char *));
	951	echo_on = xcalloc(numprompts, sizeof(u_int));
	952	(*echo_on)[0] = 0;
	953	}
	954
	955	int
	956	mm_bsdauth_query(void ctx, char name, char *infotxt,
	957	u_int numprompts, char prompts, u_int echo_on)
	958	{
	959	Buffer m;
	960	u_int success;
	961	char *challenge;
	962
	963	debug3("%s: entering", __func__);
	964
	965	buffer_init(&m);
	966	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m);
	967
	968	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY,
	969	&m);
	970	success = buffer_get_int(&m);
	971	if (success == 0) {
	972	debug3("%s: no challenge", __func__);
	973	buffer_free(&m);
	974	return (-1);
	975	}
	976
	977	/* Get the challenge, and format the response */
	978	challenge = buffer_get_string(&m, NULL);
	979	buffer_free(&m);
	980
	981	mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
	982	(*prompts)[0] = challenge;
	983
	984	debug3("%s: received challenge: %s", __func__, challenge);
	985
	986	return (0);
	987	}
	988
	989	int
	990	mm_bsdauth_respond(void ctx, u_int numresponses, char *responses)
	991	{
	992	Buffer m;
	993	int authok;
	994
	995	debug3("%s: entering", __func__);
	996	if (numresponses != 1)
	997	return (-1);
	998
	999	buffer_init(&m);
	1000	buffer_put_cstring(&m, responses[0]);
	1001	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m);
	1002
	1003	mm_request_receive_expect(pmonitor->m_recvfd,
	1004	MONITOR_ANS_BSDAUTHRESPOND, &m);
	1005
1006	authok = buffer_get_int(&m);
1007	buffer_free(&m);
1008
1009	return ((authok == 0) ? -1 : 0);
1010	}
1011
1012	#ifdef SKEY
1013	int
1014	mm_skey_query(void ctx, char name, char *infotxt,
1015	u_int numprompts, char prompts, u_int echo_on)
1016	{
1017	Buffer m;
1018	u_int success;
1019	char *challenge;
1020
1021	debug3("%s: entering", __func__);
1022
1023	buffer_init(&m);
1024	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m);
1025
1026	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY,
1027	&m);
1028	success = buffer_get_int(&m);
1029	if (success == 0) {
1030	debug3("%s: no challenge", __func__);
1031	buffer_free(&m);
1032	return (-1);
1033	}
1034
1035	/* Get the challenge, and format the response */
1036	challenge = buffer_get_string(&m, NULL);
1037	buffer_free(&m);
1038
1039	debug3("%s: received challenge: %s", __func__, challenge);
1040
1041	mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
1042
1043	xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT);
36e94dc5	1044	free(challenge);
16c343f1 PA	1045
	1046	return (0);
	1047	}
	1048
	1049	int
	1050	mm_skey_respond(void ctx, u_int numresponses, char *responses)
	1051	{
	1052	Buffer m;
	1053	int authok;
	1054
	1055	debug3("%s: entering", __func__);
	1056	if (numresponses != 1)
	1057	return (-1);
	1058
	1059	buffer_init(&m);
	1060	buffer_put_cstring(&m, responses[0]);
	1061	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m);
	1062
	1063	mm_request_receive_expect(pmonitor->m_recvfd,
	1064	MONITOR_ANS_SKEYRESPOND, &m);
	1065
	1066	authok = buffer_get_int(&m);
	1067	buffer_free(&m);
	1068
	1069	return ((authok == 0) ? -1 : 0);
	1070	}
	1071	#endif /* SKEY */
	1072
	1073	void
	1074	mm_ssh1_session_id(u_char session_id[16])
	1075	{
	1076	Buffer m;
	1077	int i;
	1078
	1079	debug3("%s entering", __func__);
	1080
	1081	buffer_init(&m);
	1082	for (i = 0; i < 16; i++)
	1083	buffer_put_char(&m, session_id[i]);
	1084
	1085	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSID, &m);
	1086	buffer_free(&m);
	1087	}
	1088
36e94dc5	1089	#ifdef WITH_SSH1
16c343f1 PA	1090	int
	1091	mm_auth_rsa_key_allowed(struct passwd pw, BIGNUM client_n, Key **rkey)
	1092	{
	1093	Buffer m;
	1094	Key *key;
	1095	u_char *blob;
	1096	u_int blen;
	1097	int allowed = 0, have_forced = 0;
	1098
	1099	debug3("%s entering", __func__);
	1100
	1101	buffer_init(&m);
	1102	buffer_put_bignum2(&m, client_n);
	1103
	1104	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSAKEYALLOWED, &m);
	1105	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSAKEYALLOWED, &m);
	1106
	1107	allowed = buffer_get_int(&m);
	1108
	1109	/* fake forced command */
	1110	auth_clear_options();
	1111	have_forced = buffer_get_int(&m);
	1112	forced_command = have_forced ? xstrdup("true") : NULL;
	1113
	1114	if (allowed && rkey != NULL) {
	1115	blob = buffer_get_string(&m, &blen);
	1116	if ((key = key_from_blob(blob, blen)) == NULL)
	1117	fatal("%s: key_from_blob failed", __func__);
	1118	*rkey = key;
36e94dc5	1119	free(blob);
16c343f1	1120	}
16c343f1 PA	1121	buffer_free(&m);
	1122
	1123	return (allowed);
	1124	}
	1125
	1126	BIGNUM *
	1127	mm_auth_rsa_generate_challenge(Key *key)
	1128	{
	1129	Buffer m;
	1130	BIGNUM *challenge;
	1131	u_char *blob;
	1132	u_int blen;
	1133
	1134	debug3("%s entering", __func__);
	1135
	1136	if ((challenge = BN_new()) == NULL)
	1137	fatal("%s: BN_new failed", __func__);
	1138
	1139	key->type = KEY_RSA; /* XXX cheat for key_to_blob */
	1140	if (key_to_blob(key, &blob, &blen) == 0)
	1141	fatal("%s: key_to_blob failed", __func__);
	1142	key->type = KEY_RSA1;
	1143
	1144	buffer_init(&m);
	1145	buffer_put_string(&m, blob, blen);
36e94dc5	1146	free(blob);
16c343f1 PA	1147
	1148	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m);
	1149	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m);
	1150
	1151	buffer_get_bignum2(&m, challenge);
	1152	buffer_free(&m);
	1153
	1154	return (challenge);
	1155	}
	1156
	1157	int
	1158	mm_auth_rsa_verify_response(Key key, BIGNUM p, u_char response[16])
	1159	{
	1160	Buffer m;
	1161	u_char *blob;
	1162	u_int blen;
	1163	int success = 0;
	1164
	1165	debug3("%s entering", __func__);
	1166
	1167	key->type = KEY_RSA; /* XXX cheat for key_to_blob */
	1168	if (key_to_blob(key, &blob, &blen) == 0)
	1169	fatal("%s: key_to_blob failed", __func__);
	1170	key->type = KEY_RSA1;
	1171
	1172	buffer_init(&m);
	1173	buffer_put_string(&m, blob, blen);
	1174	buffer_put_string(&m, response, 16);
36e94dc5	1175	free(blob);
16c343f1 PA	1176
	1177	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m);
	1178	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m);
	1179
	1180	success = buffer_get_int(&m);
	1181	buffer_free(&m);
	1182
	1183	return (success);
	1184	}
36e94dc5	1185	#endif
16c343f1 PA	1186
	1187	#ifdef SSH_AUDIT_EVENTS
	1188	void
	1189	mm_audit_event(ssh_audit_event_t event)
	1190	{
	1191	Buffer m;
	1192
	1193	debug3("%s entering", __func__);
	1194
	1195	buffer_init(&m);
	1196	buffer_put_int(&m, event);
	1197
	1198	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, &m);
	1199	buffer_free(&m);
	1200	}
	1201
	1202	void
	1203	mm_audit_run_command(const char *command)
	1204	{
	1205	Buffer m;
	1206
	1207	debug3("%s entering command %s", __func__, command);
	1208
	1209	buffer_init(&m);
	1210	buffer_put_cstring(&m, command);
	1211
	1212	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m);
	1213	buffer_free(&m);
	1214	}
	1215	#endif /* SSH_AUDIT_EVENTS */
	1216
	1217	#ifdef GSSAPI
	1218	OM_uint32
	1219	mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid)
	1220	{
	1221	Buffer m;
	1222	OM_uint32 major;
	1223
	1224	/* Client doesn't get to see the context */
	1225	*ctx = NULL;
	1226
	1227	buffer_init(&m);
	1228	buffer_put_string(&m, goid->elements, goid->length);
	1229
	1230	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m);
	1231	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m);
	1232
	1233	major = buffer_get_int(&m);
	1234
	1235	buffer_free(&m);
	1236	return (major);
	1237	}
	1238
	1239	OM_uint32
	1240	mm_ssh_gssapi_accept_ctx(Gssctxt ctx, gss_buffer_desc in,
	1241	gss_buffer_desc out, OM_uint32 flags)
	1242	{
	1243	Buffer m;
	1244	OM_uint32 major;
	1245	u_int len;
	1246
	1247	buffer_init(&m);
	1248	buffer_put_string(&m, in->value, in->length);
	1249
1250	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m);
1251	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m);
1252
1253	major = buffer_get_int(&m);
1254	out->value = buffer_get_string(&m, &len);
1255	out->length = len;
1256	if (flags)
1257	*flags = buffer_get_int(&m);
1258
1259	buffer_free(&m);
1260
1261	return (major);
1262	}
1263
1264	OM_uint32
1265	mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
1266	{
1267	Buffer m;
1268	OM_uint32 major;
1269
1270	buffer_init(&m);
1271	buffer_put_string(&m, gssbuf->value, gssbuf->length);
1272	buffer_put_string(&m, gssmic->value, gssmic->length);
1273
1274	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, &m);
1275	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSCHECKMIC,
1276	&m);
1277
1278	major = buffer_get_int(&m);
1279	buffer_free(&m);
1280	return(major);
1281	}
1282
1283	int
1284	mm_ssh_gssapi_userok(char *user)
1285	{
1286	Buffer m;
1287	int authenticated = 0;
1288
1289	buffer_init(&m);
1290
1291	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m);
1292	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK,
1293	&m);
1294
1295	authenticated = buffer_get_int(&m);
1296
1297	buffer_free(&m);
1298	debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
1299	return (authenticated);
1300	}
1301	#endif /* GSSAPI */
cb5eb4f1	1302