diff options
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 75 |
1 files changed, 72 insertions, 3 deletions
@@ -98,6 +98,9 @@ | |||
98 | #include "jpake.h" | 98 | #include "jpake.h" |
99 | #include "roaming.h" | 99 | #include "roaming.h" |
100 | #include "authfd.h" | 100 | #include "authfd.h" |
101 | #ifdef USE_CONSOLEKIT | ||
102 | #include "consolekit.h" | ||
103 | #endif | ||
101 | 104 | ||
102 | #ifdef GSSAPI | 105 | #ifdef GSSAPI |
103 | static Gssctxt *gsscontext = NULL; | 106 | static Gssctxt *gsscontext = NULL; |
@@ -146,6 +149,7 @@ int mm_answer_sign(int, Buffer *); | |||
146 | int mm_answer_pwnamallow(int, Buffer *); | 149 | int mm_answer_pwnamallow(int, Buffer *); |
147 | int mm_answer_auth2_read_banner(int, Buffer *); | 150 | int mm_answer_auth2_read_banner(int, Buffer *); |
148 | int mm_answer_authserv(int, Buffer *); | 151 | int mm_answer_authserv(int, Buffer *); |
152 | int mm_answer_authrole(int, Buffer *); | ||
149 | int mm_answer_authpassword(int, Buffer *); | 153 | int mm_answer_authpassword(int, Buffer *); |
150 | int mm_answer_bsdauthquery(int, Buffer *); | 154 | int mm_answer_bsdauthquery(int, Buffer *); |
151 | int mm_answer_bsdauthrespond(int, Buffer *); | 155 | int mm_answer_bsdauthrespond(int, Buffer *); |
@@ -192,6 +196,10 @@ int mm_answer_audit_command(int, Buffer *); | |||
192 | 196 | ||
193 | static int monitor_read_log(struct monitor *); | 197 | static int monitor_read_log(struct monitor *); |
194 | 198 | ||
199 | #ifdef USE_CONSOLEKIT | ||
200 | int mm_answer_consolekit_register(int, Buffer *); | ||
201 | #endif | ||
202 | |||
195 | static Authctxt *authctxt; | 203 | static Authctxt *authctxt; |
196 | static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ | 204 | static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ |
197 | 205 | ||
@@ -227,6 +235,7 @@ struct mon_table mon_dispatch_proto20[] = { | |||
227 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, | 235 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, |
228 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, | 236 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, |
229 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, | 237 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, |
238 | {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole}, | ||
230 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, | 239 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, |
231 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | 240 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, |
232 | #ifdef USE_PAM | 241 | #ifdef USE_PAM |
@@ -283,6 +292,9 @@ struct mon_table mon_dispatch_postauth20[] = { | |||
283 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, | 292 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, |
284 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, | 293 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, |
285 | #endif | 294 | #endif |
295 | #ifdef USE_CONSOLEKIT | ||
296 | {MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register}, | ||
297 | #endif | ||
286 | {0, 0, NULL} | 298 | {0, 0, NULL} |
287 | }; | 299 | }; |
288 | 300 | ||
@@ -325,6 +337,9 @@ struct mon_table mon_dispatch_postauth15[] = { | |||
325 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, | 337 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, |
326 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, | 338 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, |
327 | #endif | 339 | #endif |
340 | #ifdef USE_CONSOLEKIT | ||
341 | {MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register}, | ||
342 | #endif | ||
328 | {0, 0, NULL} | 343 | {0, 0, NULL} |
329 | }; | 344 | }; |
330 | 345 | ||
@@ -512,6 +527,9 @@ monitor_child_postauth(struct monitor *pmonitor) | |||
512 | monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); | 527 | monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); |
513 | monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); | 528 | monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); |
514 | } | 529 | } |
530 | #ifdef USE_CONSOLEKIT | ||
531 | monitor_permit(mon_dispatch, MONITOR_REQ_CONSOLEKIT_REGISTER, 1); | ||
532 | #endif | ||
515 | 533 | ||
516 | for (;;) | 534 | for (;;) |
517 | monitor_read(pmonitor, mon_dispatch, NULL); | 535 | monitor_read(pmonitor, mon_dispatch, NULL); |
@@ -844,6 +862,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) | |||
844 | else { | 862 | else { |
845 | /* Allow service/style information on the auth context */ | 863 | /* Allow service/style information on the auth context */ |
846 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); | 864 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); |
865 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1); | ||
847 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); | 866 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); |
848 | } | 867 | } |
849 | #ifdef USE_PAM | 868 | #ifdef USE_PAM |
@@ -874,14 +893,37 @@ mm_answer_authserv(int sock, Buffer *m) | |||
874 | 893 | ||
875 | authctxt->service = buffer_get_string(m, NULL); | 894 | authctxt->service = buffer_get_string(m, NULL); |
876 | authctxt->style = buffer_get_string(m, NULL); | 895 | authctxt->style = buffer_get_string(m, NULL); |
877 | debug3("%s: service=%s, style=%s", | 896 | authctxt->role = buffer_get_string(m, NULL); |
878 | __func__, authctxt->service, authctxt->style); | 897 | debug3("%s: service=%s, style=%s, role=%s", |
898 | __func__, authctxt->service, authctxt->style, authctxt->role); | ||
879 | 899 | ||
880 | if (strlen(authctxt->style) == 0) { | 900 | if (strlen(authctxt->style) == 0) { |
881 | free(authctxt->style); | 901 | free(authctxt->style); |
882 | authctxt->style = NULL; | 902 | authctxt->style = NULL; |
883 | } | 903 | } |
884 | 904 | ||
905 | if (strlen(authctxt->role) == 0) { | ||
906 | free(authctxt->role); | ||
907 | authctxt->role = NULL; | ||
908 | } | ||
909 | |||
910 | return (0); | ||
911 | } | ||
912 | |||
913 | int | ||
914 | mm_answer_authrole(int sock, Buffer *m) | ||
915 | { | ||
916 | monitor_permit_authentications(1); | ||
917 | |||
918 | authctxt->role = buffer_get_string(m, NULL); | ||
919 | debug3("%s: role=%s", | ||
920 | __func__, authctxt->role); | ||
921 | |||
922 | if (strlen(authctxt->role) == 0) { | ||
923 | free(authctxt->role); | ||
924 | authctxt->role = NULL; | ||
925 | } | ||
926 | |||
885 | return (0); | 927 | return (0); |
886 | } | 928 | } |
887 | 929 | ||
@@ -1486,7 +1528,7 @@ mm_answer_pty(int sock, Buffer *m) | |||
1486 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); | 1528 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); |
1487 | if (res == 0) | 1529 | if (res == 0) |
1488 | goto error; | 1530 | goto error; |
1489 | pty_setowner(authctxt->pw, s->tty); | 1531 | pty_setowner(authctxt->pw, s->tty, authctxt->role); |
1490 | 1532 | ||
1491 | buffer_put_int(m, 1); | 1533 | buffer_put_int(m, 1); |
1492 | buffer_put_cstring(m, s->tty); | 1534 | buffer_put_cstring(m, s->tty); |
@@ -2466,3 +2508,30 @@ mm_answer_jpake_check_confirm(int sock, Buffer *m) | |||
2466 | } | 2508 | } |
2467 | 2509 | ||
2468 | #endif /* JPAKE */ | 2510 | #endif /* JPAKE */ |
2511 | |||
2512 | #ifdef USE_CONSOLEKIT | ||
2513 | int | ||
2514 | mm_answer_consolekit_register(int sock, Buffer *m) | ||
2515 | { | ||
2516 | Session *s; | ||
2517 | char *tty, *display; | ||
2518 | char *cookie = NULL; | ||
2519 | |||
2520 | debug3("%s entering", __func__); | ||
2521 | |||
2522 | tty = buffer_get_string(m, NULL); | ||
2523 | display = buffer_get_string(m, NULL); | ||
2524 | s = session_by_tty(tty); | ||
2525 | if (s != NULL) | ||
2526 | cookie = consolekit_register(s, display); | ||
2527 | buffer_clear(m); | ||
2528 | buffer_put_cstring(m, cookie != NULL ? cookie : ""); | ||
2529 | mm_request_send(sock, MONITOR_ANS_CONSOLEKIT_REGISTER, m); | ||
2530 | |||
2531 | free(cookie); | ||
2532 | free(display); | ||
2533 | free(tty); | ||
2534 | |||
2535 | return (0); | ||
2536 | } | ||
2537 | #endif /* USE_CONSOLEKIT */ | ||