diff options
Diffstat (limited to 'auth2.c')
-rw-r--r-- | auth2.c | 10 |
1 files changed, 8 insertions, 2 deletions
@@ -134,7 +134,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) | |||
134 | { | 134 | { |
135 | Authctxt *authctxt = ctxt; | 135 | Authctxt *authctxt = ctxt; |
136 | Authmethod *m = NULL; | 136 | Authmethod *m = NULL; |
137 | char *user, *service, *method, *style = NULL; | 137 | char *user, *service, *method, *style = NULL, *role = NULL; |
138 | int authenticated = 0; | 138 | int authenticated = 0; |
139 | 139 | ||
140 | if (authctxt == NULL) | 140 | if (authctxt == NULL) |
@@ -146,8 +146,13 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) | |||
146 | debug("userauth-request for user %s service %s method %s", user, service, method); | 146 | debug("userauth-request for user %s service %s method %s", user, service, method); |
147 | debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); | 147 | debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); |
148 | 148 | ||
149 | if ((role = strchr(user, '/')) != NULL) | ||
150 | *role++ = 0; | ||
151 | |||
149 | if ((style = strchr(user, ':')) != NULL) | 152 | if ((style = strchr(user, ':')) != NULL) |
150 | *style++ = 0; | 153 | *style++ = 0; |
154 | else if (role && (style = strchr(role, ':')) != NULL) | ||
155 | *style++ = '\0'; | ||
151 | 156 | ||
152 | if (authctxt->attempt++ == 0) { | 157 | if (authctxt->attempt++ == 0) { |
153 | /* setup auth context */ | 158 | /* setup auth context */ |
@@ -175,8 +180,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) | |||
175 | use_privsep ? " [net]" : ""); | 180 | use_privsep ? " [net]" : ""); |
176 | authctxt->service = xstrdup(service); | 181 | authctxt->service = xstrdup(service); |
177 | authctxt->style = style ? xstrdup(style) : NULL; | 182 | authctxt->style = style ? xstrdup(style) : NULL; |
183 | authctxt->role = role ? xstrdup(role) : NULL; | ||
178 | if (use_privsep) | 184 | if (use_privsep) |
179 | mm_inform_authserv(service, style); | 185 | mm_inform_authserv(service, style, role); |
180 | } else if (strcmp(user, authctxt->user) != 0 || | 186 | } else if (strcmp(user, authctxt->user) != 0 || |
181 | strcmp(service, authctxt->service) != 0) { | 187 | strcmp(service, authctxt->service) != 0) { |
182 | packet_disconnect("Change of username or service not allowed: " | 188 | packet_disconnect("Change of username or service not allowed: " |