summaryrefslogtreecommitdiff
path: root/monitor.c
diff options
context:
space:
mode:
Diffstat (limited to 'monitor.c')
-rw-r--r--monitor.c76
1 files changed, 73 insertions, 3 deletions
diff --git a/monitor.c b/monitor.c
index d7a782f89..9b08020ca 100644
--- a/monitor.c
+++ b/monitor.c
@@ -97,6 +97,9 @@
97#include "ssh2.h" 97#include "ssh2.h"
98#include "jpake.h" 98#include "jpake.h"
99#include "roaming.h" 99#include "roaming.h"
100#ifdef USE_CONSOLEKIT
101#include "consolekit.h"
102#endif
100 103
101#ifdef GSSAPI 104#ifdef GSSAPI
102static Gssctxt *gsscontext = NULL; 105static Gssctxt *gsscontext = NULL;
@@ -145,6 +148,7 @@ int mm_answer_sign(int, Buffer *);
145int mm_answer_pwnamallow(int, Buffer *); 148int mm_answer_pwnamallow(int, Buffer *);
146int mm_answer_auth2_read_banner(int, Buffer *); 149int mm_answer_auth2_read_banner(int, Buffer *);
147int mm_answer_authserv(int, Buffer *); 150int mm_answer_authserv(int, Buffer *);
151int mm_answer_authrole(int, Buffer *);
148int mm_answer_authpassword(int, Buffer *); 152int mm_answer_authpassword(int, Buffer *);
149int mm_answer_bsdauthquery(int, Buffer *); 153int mm_answer_bsdauthquery(int, Buffer *);
150int mm_answer_bsdauthrespond(int, Buffer *); 154int mm_answer_bsdauthrespond(int, Buffer *);
@@ -191,6 +195,10 @@ int mm_answer_audit_command(int, Buffer *);
191 195
192static int monitor_read_log(struct monitor *); 196static int monitor_read_log(struct monitor *);
193 197
198#ifdef USE_CONSOLEKIT
199int mm_answer_consolekit_register(int, Buffer *);
200#endif
201
194static Authctxt *authctxt; 202static Authctxt *authctxt;
195static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ 203static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */
196 204
@@ -226,6 +234,7 @@ struct mon_table mon_dispatch_proto20[] = {
226 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, 234 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
227 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 235 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
228 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, 236 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
237 {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole},
229 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, 238 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
230 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 239 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
231#ifdef USE_PAM 240#ifdef USE_PAM
@@ -282,6 +291,9 @@ struct mon_table mon_dispatch_postauth20[] = {
282 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, 291 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
283 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, 292 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
284#endif 293#endif
294#ifdef USE_CONSOLEKIT
295 {MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register},
296#endif
285 {0, 0, NULL} 297 {0, 0, NULL}
286}; 298};
287 299
@@ -324,6 +336,9 @@ struct mon_table mon_dispatch_postauth15[] = {
324 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, 336 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
325 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, 337 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
326#endif 338#endif
339#ifdef USE_CONSOLEKIT
340 {MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register},
341#endif
327 {0, 0, NULL} 342 {0, 0, NULL}
328}; 343};
329 344
@@ -512,6 +527,9 @@ monitor_child_postauth(struct monitor *pmonitor)
512 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); 527 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
513 monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); 528 monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1);
514 } 529 }
530#ifdef USE_CONSOLEKIT
531 monitor_permit(mon_dispatch, MONITOR_REQ_CONSOLEKIT_REGISTER, 1);
532#endif
515 533
516 for (;;) 534 for (;;)
517 monitor_read(pmonitor, mon_dispatch, NULL); 535 monitor_read(pmonitor, mon_dispatch, NULL);
@@ -837,6 +855,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
837 else { 855 else {
838 /* Allow service/style information on the auth context */ 856 /* Allow service/style information on the auth context */
839 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); 857 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
858 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
840 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); 859 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
841 } 860 }
842#ifdef USE_PAM 861#ifdef USE_PAM
@@ -869,14 +888,37 @@ mm_answer_authserv(int sock, Buffer *m)
869 888
870 authctxt->service = buffer_get_string(m, NULL); 889 authctxt->service = buffer_get_string(m, NULL);
871 authctxt->style = buffer_get_string(m, NULL); 890 authctxt->style = buffer_get_string(m, NULL);
872 debug3("%s: service=%s, style=%s", 891 authctxt->role = buffer_get_string(m, NULL);
873 __func__, authctxt->service, authctxt->style); 892 debug3("%s: service=%s, style=%s, role=%s",
893 __func__, authctxt->service, authctxt->style, authctxt->role);
874 894
875 if (strlen(authctxt->style) == 0) { 895 if (strlen(authctxt->style) == 0) {
876 xfree(authctxt->style); 896 xfree(authctxt->style);
877 authctxt->style = NULL; 897 authctxt->style = NULL;
878 } 898 }
879 899
900 if (strlen(authctxt->role) == 0) {
901 xfree(authctxt->role);
902 authctxt->role = NULL;
903 }
904
905 return (0);
906}
907
908int
909mm_answer_authrole(int sock, Buffer *m)
910{
911 monitor_permit_authentications(1);
912
913 authctxt->role = buffer_get_string(m, NULL);
914 debug3("%s: role=%s",
915 __func__, authctxt->role);
916
917 if (strlen(authctxt->role) == 0) {
918 xfree(authctxt->role);
919 authctxt->role = NULL;
920 }
921
880 return (0); 922 return (0);
881} 923}
882 924
@@ -1471,7 +1513,7 @@ mm_answer_pty(int sock, Buffer *m)
1471 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 1513 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
1472 if (res == 0) 1514 if (res == 0)
1473 goto error; 1515 goto error;
1474 pty_setowner(authctxt->pw, s->tty); 1516 pty_setowner(authctxt->pw, s->tty, authctxt->role);
1475 1517
1476 buffer_put_int(m, 1); 1518 buffer_put_int(m, 1);
1477 buffer_put_cstring(m, s->tty); 1519 buffer_put_cstring(m, s->tty);
@@ -2206,6 +2248,34 @@ mm_answer_gss_sign(int socket, Buffer *m)
2206 buffer_put_int(m, major); 2248 buffer_put_int(m, major);
2207 buffer_put_string(m, hash.value, hash.length); 2249 buffer_put_string(m, hash.value, hash.length);
2208 2250
2251#ifdef USE_CONSOLEKIT
2252int
2253mm_answer_consolekit_register(int sock, Buffer *m)
2254{
2255 Session *s;
2256 char *tty, *display;
2257 char *cookie = NULL;
2258
2259 debug3("%s entering", __func__);
2260
2261 tty = buffer_get_string(m, NULL);
2262 display = buffer_get_string(m, NULL);
2263 s = session_by_tty(tty);
2264 if (s != NULL)
2265 cookie = consolekit_register(s, display);
2266 buffer_clear(m);
2267 buffer_put_cstring(m, cookie != NULL ? cookie : "");
2268 mm_request_send(sock, MONITOR_ANS_CONSOLEKIT_REGISTER, m);
2269
2270 if (cookie != NULL)
2271 xfree(cookie);
2272 xfree(display);
2273 xfree(tty);
2274
2275 return (0);
2276}
2277#endif /* USE_CONSOLEKIT */
2278
2209 mm_request_send(socket, MONITOR_ANS_GSSSIGN, m); 2279 mm_request_send(socket, MONITOR_ANS_GSSSIGN, m);
2210 2280
2211 gss_release_buffer(&minor, &hash); 2281 gss_release_buffer(&minor, &hash);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-11 03:17:32 +0000