summaryrefslogtreecommitdiff
path: root/monitor.c
diff options
context:
space:
mode:
Diffstat (limited to 'monitor.c')
-rw-r--r--monitor.c37
1 files changed, 33 insertions, 4 deletions
diff --git a/monitor.c b/monitor.c
index 11868952b..98362948f 100644
--- a/monitor.c
+++ b/monitor.c
@@ -118,6 +118,7 @@ int mm_answer_sign(struct ssh *, int, struct sshbuf *);
118int mm_answer_pwnamallow(struct ssh *, int, struct sshbuf *); 118int mm_answer_pwnamallow(struct ssh *, int, struct sshbuf *);
119int mm_answer_auth2_read_banner(struct ssh *, int, struct sshbuf *); 119int mm_answer_auth2_read_banner(struct ssh *, int, struct sshbuf *);
120int mm_answer_authserv(struct ssh *, int, struct sshbuf *); 120int mm_answer_authserv(struct ssh *, int, struct sshbuf *);
121int mm_answer_authrole(struct ssh *, int, struct sshbuf *);
121int mm_answer_authpassword(struct ssh *, int, struct sshbuf *); 122int mm_answer_authpassword(struct ssh *, int, struct sshbuf *);
122int mm_answer_bsdauthquery(struct ssh *, int, struct sshbuf *); 123int mm_answer_bsdauthquery(struct ssh *, int, struct sshbuf *);
123int mm_answer_bsdauthrespond(struct ssh *, int, struct sshbuf *); 124int mm_answer_bsdauthrespond(struct ssh *, int, struct sshbuf *);
@@ -198,6 +199,7 @@ struct mon_table mon_dispatch_proto20[] = {
198 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, 199 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
199 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 200 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
200 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, 201 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
202 {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole},
201 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, 203 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
202 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 204 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
203#ifdef USE_PAM 205#ifdef USE_PAM
@@ -820,6 +822,7 @@ mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m)
820 822
821 /* Allow service/style information on the auth context */ 823 /* Allow service/style information on the auth context */
822 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); 824 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
825 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
823 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); 826 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
824 827
825#ifdef USE_PAM 828#ifdef USE_PAM
@@ -853,16 +856,42 @@ mm_answer_authserv(struct ssh *ssh, int sock, struct sshbuf *m)
853 monitor_permit_authentications(1); 856 monitor_permit_authentications(1);
854 857
855 if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 || 858 if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 ||
856 (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0) 859 (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0 ||
860 (r = sshbuf_get_cstring(m, &authctxt->role, NULL)) != 0)
857 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 861 fatal("%s: buffer error: %s", __func__, ssh_err(r));
858 debug3("%s: service=%s, style=%s", 862 debug3("%s: service=%s, style=%s, role=%s",
859 __func__, authctxt->service, authctxt->style); 863 __func__, authctxt->service, authctxt->style, authctxt->role);
860 864
861 if (strlen(authctxt->style) == 0) { 865 if (strlen(authctxt->style) == 0) {
862 free(authctxt->style); 866 free(authctxt->style);
863 authctxt->style = NULL; 867 authctxt->style = NULL;
864 } 868 }
865 869
870 if (strlen(authctxt->role) == 0) {
871 free(authctxt->role);
872 authctxt->role = NULL;
873 }
874
875 return (0);
876}
877
878int
879mm_answer_authrole(struct ssh *ssh, int sock, struct sshbuf *m)
880{
881 int r;
882
883 monitor_permit_authentications(1);
884
885 if ((r = sshbuf_get_cstring(m, &authctxt->role, NULL)) != 0)
886 fatal("%s: buffer error: %s", __func__, ssh_err(r));
887 debug3("%s: role=%s",
888 __func__, authctxt->role);
889
890 if (strlen(authctxt->role) == 0) {
891 free(authctxt->role);
892 authctxt->role = NULL;
893 }
894
866 return (0); 895 return (0);
867} 896}
868 897
@@ -1566,7 +1595,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m)
1566 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 1595 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
1567 if (res == 0) 1596 if (res == 0)
1568 goto error; 1597 goto error;
1569 pty_setowner(authctxt->pw, s->tty); 1598 pty_setowner(authctxt->pw, s->tty, authctxt->role);
1570 1599
1571 if ((r = sshbuf_put_u32(m, 1)) != 0 || 1600 if ((r = sshbuf_put_u32(m, 1)) != 0 ||
1572 (r = sshbuf_put_cstring(m, s->tty)) != 0) 1601 (r = sshbuf_put_cstring(m, s->tty)) != 0)