summaryrefslogtreecommitdiff
path: root/monitor.c
diff options
context:
space:
mode:
Diffstat (limited to 'monitor.c')
-rw-r--r--monitor.c75
1 files changed, 72 insertions, 3 deletions
diff --git a/monitor.c b/monitor.c
index 9079c9762..9bc4f0b2e 100644
--- a/monitor.c
+++ b/monitor.c
@@ -98,6 +98,9 @@
98#include "jpake.h" 98#include "jpake.h"
99#include "roaming.h" 99#include "roaming.h"
100#include "authfd.h" 100#include "authfd.h"
101#ifdef USE_CONSOLEKIT
102#include "consolekit.h"
103#endif
101 104
102#ifdef GSSAPI 105#ifdef GSSAPI
103static Gssctxt *gsscontext = NULL; 106static Gssctxt *gsscontext = NULL;
@@ -146,6 +149,7 @@ int mm_answer_sign(int, Buffer *);
146int mm_answer_pwnamallow(int, Buffer *); 149int mm_answer_pwnamallow(int, Buffer *);
147int mm_answer_auth2_read_banner(int, Buffer *); 150int mm_answer_auth2_read_banner(int, Buffer *);
148int mm_answer_authserv(int, Buffer *); 151int mm_answer_authserv(int, Buffer *);
152int mm_answer_authrole(int, Buffer *);
149int mm_answer_authpassword(int, Buffer *); 153int mm_answer_authpassword(int, Buffer *);
150int mm_answer_bsdauthquery(int, Buffer *); 154int mm_answer_bsdauthquery(int, Buffer *);
151int mm_answer_bsdauthrespond(int, Buffer *); 155int mm_answer_bsdauthrespond(int, Buffer *);
@@ -192,6 +196,10 @@ int mm_answer_audit_command(int, Buffer *);
192 196
193static int monitor_read_log(struct monitor *); 197static int monitor_read_log(struct monitor *);
194 198
199#ifdef USE_CONSOLEKIT
200int mm_answer_consolekit_register(int, Buffer *);
201#endif
202
195static Authctxt *authctxt; 203static Authctxt *authctxt;
196static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ 204static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */
197 205
@@ -227,6 +235,7 @@ struct mon_table mon_dispatch_proto20[] = {
227 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, 235 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
228 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 236 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
229 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, 237 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
238 {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole},
230 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, 239 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
231 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 240 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
232#ifdef USE_PAM 241#ifdef USE_PAM
@@ -283,6 +292,9 @@ struct mon_table mon_dispatch_postauth20[] = {
283 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, 292 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
284 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, 293 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
285#endif 294#endif
295#ifdef USE_CONSOLEKIT
296 {MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register},
297#endif
286 {0, 0, NULL} 298 {0, 0, NULL}
287}; 299};
288 300
@@ -325,6 +337,9 @@ struct mon_table mon_dispatch_postauth15[] = {
325 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, 337 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
326 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, 338 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
327#endif 339#endif
340#ifdef USE_CONSOLEKIT
341 {MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register},
342#endif
328 {0, 0, NULL} 343 {0, 0, NULL}
329}; 344};
330 345
@@ -512,6 +527,9 @@ monitor_child_postauth(struct monitor *pmonitor)
512 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); 527 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
513 monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); 528 monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1);
514 } 529 }
530#ifdef USE_CONSOLEKIT
531 monitor_permit(mon_dispatch, MONITOR_REQ_CONSOLEKIT_REGISTER, 1);
532#endif
515 533
516 for (;;) 534 for (;;)
517 monitor_read(pmonitor, mon_dispatch, NULL); 535 monitor_read(pmonitor, mon_dispatch, NULL);
@@ -844,6 +862,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
844 else { 862 else {
845 /* Allow service/style information on the auth context */ 863 /* Allow service/style information on the auth context */
846 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); 864 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
865 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
847 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); 866 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
848 } 867 }
849#ifdef USE_PAM 868#ifdef USE_PAM
@@ -874,14 +893,37 @@ mm_answer_authserv(int sock, Buffer *m)
874 893
875 authctxt->service = buffer_get_string(m, NULL); 894 authctxt->service = buffer_get_string(m, NULL);
876 authctxt->style = buffer_get_string(m, NULL); 895 authctxt->style = buffer_get_string(m, NULL);
877 debug3("%s: service=%s, style=%s", 896 authctxt->role = buffer_get_string(m, NULL);
878 __func__, authctxt->service, authctxt->style); 897 debug3("%s: service=%s, style=%s, role=%s",
898 __func__, authctxt->service, authctxt->style, authctxt->role);
879 899
880 if (strlen(authctxt->style) == 0) { 900 if (strlen(authctxt->style) == 0) {
881 free(authctxt->style); 901 free(authctxt->style);
882 authctxt->style = NULL; 902 authctxt->style = NULL;
883 } 903 }
884 904
905 if (strlen(authctxt->role) == 0) {
906 free(authctxt->role);
907 authctxt->role = NULL;
908 }
909
910 return (0);
911}
912
913int
914mm_answer_authrole(int sock, Buffer *m)
915{
916 monitor_permit_authentications(1);
917
918 authctxt->role = buffer_get_string(m, NULL);
919 debug3("%s: role=%s",
920 __func__, authctxt->role);
921
922 if (strlen(authctxt->role) == 0) {
923 free(authctxt->role);
924 authctxt->role = NULL;
925 }
926
885 return (0); 927 return (0);
886} 928}
887 929
@@ -1486,7 +1528,7 @@ mm_answer_pty(int sock, Buffer *m)
1486 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 1528 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
1487 if (res == 0) 1529 if (res == 0)
1488 goto error; 1530 goto error;
1489 pty_setowner(authctxt->pw, s->tty); 1531 pty_setowner(authctxt->pw, s->tty, authctxt->role);
1490 1532
1491 buffer_put_int(m, 1); 1533 buffer_put_int(m, 1);
1492 buffer_put_cstring(m, s->tty); 1534 buffer_put_cstring(m, s->tty);
@@ -2466,3 +2508,30 @@ mm_answer_jpake_check_confirm(int sock, Buffer *m)
2466} 2508}
2467 2509
2468#endif /* JPAKE */ 2510#endif /* JPAKE */
2511
2512#ifdef USE_CONSOLEKIT
2513int
2514mm_answer_consolekit_register(int sock, Buffer *m)
2515{
2516 Session *s;
2517 char *tty, *display;
2518 char *cookie = NULL;
2519
2520 debug3("%s entering", __func__);
2521
2522 tty = buffer_get_string(m, NULL);
2523 display = buffer_get_string(m, NULL);
2524 s = session_by_tty(tty);
2525 if (s != NULL)
2526 cookie = consolekit_register(s, display);
2527 buffer_clear(m);
2528 buffer_put_cstring(m, cookie != NULL ? cookie : "");
2529 mm_request_send(sock, MONITOR_ANS_CONSOLEKIT_REGISTER, m);
2530
2531 free(cookie);
2532 free(display);
2533 free(tty);
2534
2535 return (0);
2536}
2537#endif /* USE_CONSOLEKIT */
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-18 23:50:10 +0000