diff options
| author | Damien Miller <djm@mindrot.org> | 2002-04-23 20:28:48 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2002-04-23 20:28:48 +1000 |
| commit | 7941855f09b067b639d72757ee3b1d5be1925d50 (patch) | |
| tree | 0e94366b3fdd991cae8de9d0ce04a4f374fa12cf /monitor.c | |
| parent | 594a71b9b92af786d34d8d961162374e5e4af72f (diff) | |
- (djm) Make privsep work with PAM (still experimental)
Diffstat (limited to 'monitor.c')
| -rw-r--r-- | monitor.c | 34 |
1 files changed, 29 insertions, 5 deletions
| @@ -113,6 +113,10 @@ int mm_answer_rsa_response(int, Buffer *); | |||
| 113 | int mm_answer_sesskey(int, Buffer *); | 113 | int mm_answer_sesskey(int, Buffer *); |
| 114 | int mm_answer_sessid(int, Buffer *); | 114 | int mm_answer_sessid(int, Buffer *); |
| 115 | 115 | ||
| 116 | #ifdef USE_PAM | ||
| 117 | int mm_answer_pam_start(int, Buffer *); | ||
| 118 | #endif | ||
| 119 | |||
| 116 | static Authctxt *authctxt; | 120 | static Authctxt *authctxt; |
| 117 | static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ | 121 | static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ |
| 118 | 122 | ||
| @@ -143,8 +147,9 @@ struct mon_table mon_dispatch_proto20[] = { | |||
| 143 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, | 147 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, |
| 144 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, | 148 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, |
| 145 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, | 149 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, |
| 146 | #if !defined(USE_PAM) | ||
| 147 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | 150 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, |
| 151 | #ifdef USE_PAM | ||
| 152 | {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, | ||
| 148 | #endif | 153 | #endif |
| 149 | #ifdef BSD_AUTH | 154 | #ifdef BSD_AUTH |
| 150 | {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, | 155 | {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, |
| @@ -172,9 +177,7 @@ struct mon_table mon_dispatch_proto15[] = { | |||
| 172 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, | 177 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, |
| 173 | {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, | 178 | {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, |
| 174 | {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, | 179 | {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, |
| 175 | #if !defined(USE_PAM) | ||
| 176 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | 180 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, |
| 177 | #endif | ||
| 178 | {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH, mm_answer_rsa_keyallowed}, | 181 | {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH, mm_answer_rsa_keyallowed}, |
| 179 | {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, | 182 | {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, |
| 180 | {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, | 183 | {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, |
| @@ -260,6 +263,10 @@ monitor_child_preauth(struct monitor *monitor) | |||
| 260 | if (authctxt->pw->pw_uid == 0 && | 263 | if (authctxt->pw->pw_uid == 0 && |
| 261 | !auth_root_allowed(auth_method)) | 264 | !auth_root_allowed(auth_method)) |
| 262 | authenticated = 0; | 265 | authenticated = 0; |
| 266 | #ifdef USE_PAM | ||
| 267 | if (!do_pam_account(authctxt->pw->pw_name, NULL)) | ||
| 268 | authenticated = 0; | ||
| 269 | #endif | ||
| 263 | } | 270 | } |
| 264 | 271 | ||
| 265 | if (ent->flags & MON_AUTHDECIDE) { | 272 | if (ent->flags & MON_AUTHDECIDE) { |
| @@ -457,6 +464,9 @@ mm_answer_sign(int socket, Buffer *m) | |||
| 457 | /* Turn on permissions for getpwnam */ | 464 | /* Turn on permissions for getpwnam */ |
| 458 | monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); | 465 | monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); |
| 459 | 466 | ||
| 467 | #ifdef USE_PAM | ||
| 468 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); | ||
| 469 | #endif | ||
| 460 | return (0); | 470 | return (0); |
| 461 | } | 471 | } |
| 462 | 472 | ||
| @@ -537,7 +547,6 @@ mm_answer_authserv(int socket, Buffer *m) | |||
| 537 | return (0); | 547 | return (0); |
| 538 | } | 548 | } |
| 539 | 549 | ||
| 540 | #if !defined(USE_PAM) | ||
| 541 | int | 550 | int |
| 542 | mm_answer_authpassword(int socket, Buffer *m) | 551 | mm_answer_authpassword(int socket, Buffer *m) |
| 543 | { | 552 | { |
| @@ -566,7 +575,6 @@ mm_answer_authpassword(int socket, Buffer *m) | |||
| 566 | /* Causes monitor loop to terminate if authenticated */ | 575 | /* Causes monitor loop to terminate if authenticated */ |
| 567 | return (authenticated); | 576 | return (authenticated); |
| 568 | } | 577 | } |
| 569 | #endif | ||
| 570 | 578 | ||
| 571 | #ifdef BSD_AUTH | 579 | #ifdef BSD_AUTH |
| 572 | int | 580 | int |
| @@ -673,6 +681,22 @@ mm_answer_skeyrespond(int socket, Buffer *m) | |||
| 673 | } | 681 | } |
| 674 | #endif | 682 | #endif |
| 675 | 683 | ||
| 684 | #ifdef USE_PAM | ||
| 685 | int | ||
| 686 | mm_answer_pam_start(int socket, Buffer *m) | ||
| 687 | { | ||
| 688 | char *user; | ||
| 689 | |||
| 690 | user = buffer_get_string(m, NULL); | ||
| 691 | |||
| 692 | start_pam(user); | ||
| 693 | |||
| 694 | xfree(user); | ||
| 695 | |||
| 696 | return (0); | ||
| 697 | } | ||
| 698 | #endif | ||
| 699 | |||
| 676 | static void | 700 | static void |
| 677 | mm_append_debug(Buffer *m) | 701 | mm_append_debug(Buffer *m) |
| 678 | { | 702 | { |