summaryrefslogtreecommitdiff
path: root/monitor.c
diff options
context:
space:
mode:
Diffstat (limited to 'monitor.c')
-rw-r--r--monitor.c37
1 files changed, 33 insertions, 4 deletions
diff --git a/monitor.c b/monitor.c
index 4e574a2ae..c1e7e9b80 100644
--- a/monitor.c
+++ b/monitor.c
@@ -115,6 +115,7 @@ int mm_answer_sign(int, struct sshbuf *);
115int mm_answer_pwnamallow(int, struct sshbuf *); 115int mm_answer_pwnamallow(int, struct sshbuf *);
116int mm_answer_auth2_read_banner(int, struct sshbuf *); 116int mm_answer_auth2_read_banner(int, struct sshbuf *);
117int mm_answer_authserv(int, struct sshbuf *); 117int mm_answer_authserv(int, struct sshbuf *);
118int mm_answer_authrole(int, struct sshbuf *);
118int mm_answer_authpassword(int, struct sshbuf *); 119int mm_answer_authpassword(int, struct sshbuf *);
119int mm_answer_bsdauthquery(int, struct sshbuf *); 120int mm_answer_bsdauthquery(int, struct sshbuf *);
120int mm_answer_bsdauthrespond(int, struct sshbuf *); 121int mm_answer_bsdauthrespond(int, struct sshbuf *);
@@ -191,6 +192,7 @@ struct mon_table mon_dispatch_proto20[] = {
191 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, 192 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
192 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 193 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
193 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, 194 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
195 {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole},
194 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, 196 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
195 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 197 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
196#ifdef USE_PAM 198#ifdef USE_PAM
@@ -813,6 +815,7 @@ mm_answer_pwnamallow(int sock, struct sshbuf *m)
813 815
814 /* Allow service/style information on the auth context */ 816 /* Allow service/style information on the auth context */
815 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); 817 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
818 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
816 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); 819 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
817 820
818#ifdef USE_PAM 821#ifdef USE_PAM
@@ -846,16 +849,42 @@ mm_answer_authserv(int sock, struct sshbuf *m)
846 monitor_permit_authentications(1); 849 monitor_permit_authentications(1);
847 850
848 if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 || 851 if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 ||
849 (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0) 852 (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0 ||
853 (r = sshbuf_get_cstring(m, &authctxt->role, NULL)) != 0)
850 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 854 fatal("%s: buffer error: %s", __func__, ssh_err(r));
851 debug3("%s: service=%s, style=%s", 855 debug3("%s: service=%s, style=%s, role=%s",
852 __func__, authctxt->service, authctxt->style); 856 __func__, authctxt->service, authctxt->style, authctxt->role);
853 857
854 if (strlen(authctxt->style) == 0) { 858 if (strlen(authctxt->style) == 0) {
855 free(authctxt->style); 859 free(authctxt->style);
856 authctxt->style = NULL; 860 authctxt->style = NULL;
857 } 861 }
858 862
863 if (strlen(authctxt->role) == 0) {
864 free(authctxt->role);
865 authctxt->role = NULL;
866 }
867
868 return (0);
869}
870
871int
872mm_answer_authrole(int sock, struct sshbuf *m)
873{
874 int r;
875
876 monitor_permit_authentications(1);
877
878 if ((r = sshbuf_get_cstring(m, &authctxt->role, NULL)) != 0)
879 fatal("%s: buffer error: %s", __func__, ssh_err(r));
880 debug3("%s: role=%s",
881 __func__, authctxt->role);
882
883 if (strlen(authctxt->role) == 0) {
884 free(authctxt->role);
885 authctxt->role = NULL;
886 }
887
859 return (0); 888 return (0);
860} 889}
861 890
@@ -1497,7 +1526,7 @@ mm_answer_pty(int sock, struct sshbuf *m)
1497 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 1526 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
1498 if (res == 0) 1527 if (res == 0)
1499 goto error; 1528 goto error;
1500 pty_setowner(authctxt->pw, s->tty); 1529 pty_setowner(authctxt->pw, s->tty, authctxt->role);
1501 1530
1502 if ((r = sshbuf_put_u32(m, 1)) != 0 || 1531 if ((r = sshbuf_put_u32(m, 1)) != 0 ||
1503 (r = sshbuf_put_cstring(m, s->tty)) != 0) 1532 (r = sshbuf_put_cstring(m, s->tty)) != 0)