summaryrefslogtreecommitdiff
path: root/monitor.c
diff options
context:
space:
mode:
Diffstat (limited to 'monitor.c')
-rw-r--r--monitor.c32
1 files changed, 29 insertions, 3 deletions
diff --git a/monitor.c b/monitor.c
index 2d46b7b79..985916b1e 100644
--- a/monitor.c
+++ b/monitor.c
@@ -145,6 +145,7 @@ int mm_answer_sign(int, Buffer *);
145int mm_answer_pwnamallow(int, Buffer *); 145int mm_answer_pwnamallow(int, Buffer *);
146int mm_answer_auth2_read_banner(int, Buffer *); 146int mm_answer_auth2_read_banner(int, Buffer *);
147int mm_answer_authserv(int, Buffer *); 147int mm_answer_authserv(int, Buffer *);
148int mm_answer_authrole(int, Buffer *);
148int mm_answer_authpassword(int, Buffer *); 149int mm_answer_authpassword(int, Buffer *);
149int mm_answer_bsdauthquery(int, Buffer *); 150int mm_answer_bsdauthquery(int, Buffer *);
150int mm_answer_bsdauthrespond(int, Buffer *); 151int mm_answer_bsdauthrespond(int, Buffer *);
@@ -225,6 +226,7 @@ struct mon_table mon_dispatch_proto20[] = {
225 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, 226 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
226 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 227 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
227 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, 228 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
229 {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole},
228 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, 230 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
229 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 231 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
230#ifdef USE_PAM 232#ifdef USE_PAM
@@ -810,6 +812,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
810 else { 812 else {
811 /* Allow service/style information on the auth context */ 813 /* Allow service/style information on the auth context */
812 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); 814 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
815 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
813 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); 816 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
814 } 817 }
815#ifdef USE_PAM 818#ifdef USE_PAM
@@ -842,14 +845,37 @@ mm_answer_authserv(int sock, Buffer *m)
842 845
843 authctxt->service = buffer_get_string(m, NULL); 846 authctxt->service = buffer_get_string(m, NULL);
844 authctxt->style = buffer_get_string(m, NULL); 847 authctxt->style = buffer_get_string(m, NULL);
845 debug3("%s: service=%s, style=%s", 848 authctxt->role = buffer_get_string(m, NULL);
846 __func__, authctxt->service, authctxt->style); 849 debug3("%s: service=%s, style=%s, role=%s",
850 __func__, authctxt->service, authctxt->style, authctxt->role);
847 851
848 if (strlen(authctxt->style) == 0) { 852 if (strlen(authctxt->style) == 0) {
849 xfree(authctxt->style); 853 xfree(authctxt->style);
850 authctxt->style = NULL; 854 authctxt->style = NULL;
851 } 855 }
852 856
857 if (strlen(authctxt->role) == 0) {
858 xfree(authctxt->role);
859 authctxt->role = NULL;
860 }
861
862 return (0);
863}
864
865int
866mm_answer_authrole(int sock, Buffer *m)
867{
868 monitor_permit_authentications(1);
869
870 authctxt->role = buffer_get_string(m, NULL);
871 debug3("%s: role=%s",
872 __func__, authctxt->role);
873
874 if (strlen(authctxt->role) == 0) {
875 xfree(authctxt->role);
876 authctxt->role = NULL;
877 }
878
853 return (0); 879 return (0);
854} 880}
855 881
@@ -1437,7 +1463,7 @@ mm_answer_pty(int sock, Buffer *m)
1437 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 1463 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
1438 if (res == 0) 1464 if (res == 0)
1439 goto error; 1465 goto error;
1440 pty_setowner(authctxt->pw, s->tty); 1466 pty_setowner(authctxt->pw, s->tty, authctxt->role);
1441 1467
1442 buffer_put_int(m, 1); 1468 buffer_put_int(m, 1);
1443 buffer_put_cstring(m, s->tty); 1469 buffer_put_cstring(m, s->tty);
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-28 17:23:51 +0000