diff options
Diffstat (limited to 'auth2.c')
| -rw-r--r-- | auth2.c | 12 |
1 files changed, 10 insertions, 2 deletions
| @@ -55,6 +55,7 @@ extern Authmethod method_passwd; | |||
| 55 | extern Authmethod method_kbdint; | 55 | extern Authmethod method_kbdint; |
| 56 | extern Authmethod method_hostbased; | 56 | extern Authmethod method_hostbased; |
| 57 | #ifdef GSSAPI | 57 | #ifdef GSSAPI |
| 58 | extern Authmethod method_gsskeyex; | ||
| 58 | extern Authmethod method_gssapi; | 59 | extern Authmethod method_gssapi; |
| 59 | #endif | 60 | #endif |
| 60 | 61 | ||
| @@ -62,6 +63,7 @@ Authmethod *authmethods[] = { | |||
| 62 | &method_none, | 63 | &method_none, |
| 63 | &method_pubkey, | 64 | &method_pubkey, |
| 64 | #ifdef GSSAPI | 65 | #ifdef GSSAPI |
| 66 | &method_gsskeyex, | ||
| 65 | &method_gssapi, | 67 | &method_gssapi, |
| 66 | #endif | 68 | #endif |
| 67 | &method_passwd, | 69 | &method_passwd, |
| @@ -134,7 +136,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) | |||
| 134 | { | 136 | { |
| 135 | Authctxt *authctxt = ctxt; | 137 | Authctxt *authctxt = ctxt; |
| 136 | Authmethod *m = NULL; | 138 | Authmethod *m = NULL; |
| 137 | char *user, *service, *method, *style = NULL; | 139 | char *user, *service, *method, *style = NULL, *role = NULL; |
| 138 | int authenticated = 0; | 140 | int authenticated = 0; |
| 139 | 141 | ||
| 140 | if (authctxt == NULL) | 142 | if (authctxt == NULL) |
| @@ -146,8 +148,13 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) | |||
| 146 | debug("userauth-request for user %s service %s method %s", user, service, method); | 148 | debug("userauth-request for user %s service %s method %s", user, service, method); |
| 147 | debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); | 149 | debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); |
| 148 | 150 | ||
| 151 | if ((role = strchr(user, '/')) != NULL) | ||
| 152 | *role++ = 0; | ||
| 153 | |||
| 149 | if ((style = strchr(user, ':')) != NULL) | 154 | if ((style = strchr(user, ':')) != NULL) |
| 150 | *style++ = 0; | 155 | *style++ = 0; |
| 156 | else if (role && (style = strchr(role, ':')) != NULL) | ||
| 157 | *style++ = '\0'; | ||
| 151 | 158 | ||
| 152 | if (authctxt->attempt++ == 0) { | 159 | if (authctxt->attempt++ == 0) { |
| 153 | /* setup auth context */ | 160 | /* setup auth context */ |
| @@ -171,8 +178,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) | |||
| 171 | use_privsep ? " [net]" : ""); | 178 | use_privsep ? " [net]" : ""); |
| 172 | authctxt->service = xstrdup(service); | 179 | authctxt->service = xstrdup(service); |
| 173 | authctxt->style = style ? xstrdup(style) : NULL; | 180 | authctxt->style = style ? xstrdup(style) : NULL; |
| 181 | authctxt->role = role ? xstrdup(role) : NULL; | ||
| 174 | if (use_privsep) | 182 | if (use_privsep) |
| 175 | mm_inform_authserv(service, style); | 183 | mm_inform_authserv(service, style, role); |
| 176 | } else if (strcmp(user, authctxt->user) != 0 || | 184 | } else if (strcmp(user, authctxt->user) != 0 || |
| 177 | strcmp(service, authctxt->service) != 0) { | 185 | strcmp(service, authctxt->service) != 0) { |
| 178 | packet_disconnect("Change of username or service not allowed: " | 186 | packet_disconnect("Change of username or service not allowed: " |