diff options
Diffstat (limited to 'monitor.c')
| -rw-r--r-- | monitor.c | 37 |
1 files changed, 33 insertions, 4 deletions
| @@ -118,6 +118,7 @@ int mm_answer_sign(struct ssh *, int, struct sshbuf *); | |||
| 118 | int mm_answer_pwnamallow(struct ssh *, int, struct sshbuf *); | 118 | int mm_answer_pwnamallow(struct ssh *, int, struct sshbuf *); |
| 119 | int mm_answer_auth2_read_banner(struct ssh *, int, struct sshbuf *); | 119 | int mm_answer_auth2_read_banner(struct ssh *, int, struct sshbuf *); |
| 120 | int mm_answer_authserv(struct ssh *, int, struct sshbuf *); | 120 | int mm_answer_authserv(struct ssh *, int, struct sshbuf *); |
| 121 | int mm_answer_authrole(struct ssh *, int, struct sshbuf *); | ||
| 121 | int mm_answer_authpassword(struct ssh *, int, struct sshbuf *); | 122 | int mm_answer_authpassword(struct ssh *, int, struct sshbuf *); |
| 122 | int mm_answer_bsdauthquery(struct ssh *, int, struct sshbuf *); | 123 | int mm_answer_bsdauthquery(struct ssh *, int, struct sshbuf *); |
| 123 | int mm_answer_bsdauthrespond(struct ssh *, int, struct sshbuf *); | 124 | int mm_answer_bsdauthrespond(struct ssh *, int, struct sshbuf *); |
| @@ -198,6 +199,7 @@ struct mon_table mon_dispatch_proto20[] = { | |||
| 198 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, | 199 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, |
| 199 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, | 200 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, |
| 200 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, | 201 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, |
| 202 | {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole}, | ||
| 201 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, | 203 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, |
| 202 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | 204 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, |
| 203 | #ifdef USE_PAM | 205 | #ifdef USE_PAM |
| @@ -820,6 +822,7 @@ mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m) | |||
| 820 | 822 | ||
| 821 | /* Allow service/style information on the auth context */ | 823 | /* Allow service/style information on the auth context */ |
| 822 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); | 824 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); |
| 825 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1); | ||
| 823 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); | 826 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); |
| 824 | 827 | ||
| 825 | #ifdef USE_PAM | 828 | #ifdef USE_PAM |
| @@ -853,16 +856,42 @@ mm_answer_authserv(struct ssh *ssh, int sock, struct sshbuf *m) | |||
| 853 | monitor_permit_authentications(1); | 856 | monitor_permit_authentications(1); |
| 854 | 857 | ||
| 855 | if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 || | 858 | if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 || |
| 856 | (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0) | 859 | (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0 || |
| 860 | (r = sshbuf_get_cstring(m, &authctxt->role, NULL)) != 0) | ||
| 857 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 861 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 858 | debug3("%s: service=%s, style=%s", | 862 | debug3("%s: service=%s, style=%s, role=%s", |
| 859 | __func__, authctxt->service, authctxt->style); | 863 | __func__, authctxt->service, authctxt->style, authctxt->role); |
| 860 | 864 | ||
| 861 | if (strlen(authctxt->style) == 0) { | 865 | if (strlen(authctxt->style) == 0) { |
| 862 | free(authctxt->style); | 866 | free(authctxt->style); |
| 863 | authctxt->style = NULL; | 867 | authctxt->style = NULL; |
| 864 | } | 868 | } |
| 865 | 869 | ||
| 870 | if (strlen(authctxt->role) == 0) { | ||
| 871 | free(authctxt->role); | ||
| 872 | authctxt->role = NULL; | ||
| 873 | } | ||
| 874 | |||
| 875 | return (0); | ||
| 876 | } | ||
| 877 | |||
| 878 | int | ||
| 879 | mm_answer_authrole(struct ssh *ssh, int sock, struct sshbuf *m) | ||
| 880 | { | ||
| 881 | int r; | ||
| 882 | |||
| 883 | monitor_permit_authentications(1); | ||
| 884 | |||
| 885 | if ((r = sshbuf_get_cstring(m, &authctxt->role, NULL)) != 0) | ||
| 886 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
| 887 | debug3("%s: role=%s", | ||
| 888 | __func__, authctxt->role); | ||
| 889 | |||
| 890 | if (strlen(authctxt->role) == 0) { | ||
| 891 | free(authctxt->role); | ||
| 892 | authctxt->role = NULL; | ||
| 893 | } | ||
| 894 | |||
| 866 | return (0); | 895 | return (0); |
| 867 | } | 896 | } |
| 868 | 897 | ||
| @@ -1566,7 +1595,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m) | |||
| 1566 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); | 1595 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); |
| 1567 | if (res == 0) | 1596 | if (res == 0) |
| 1568 | goto error; | 1597 | goto error; |
| 1569 | pty_setowner(authctxt->pw, s->tty); | 1598 | pty_setowner(authctxt->pw, s->tty, authctxt->role); |
| 1570 | 1599 | ||
| 1571 | if ((r = sshbuf_put_u32(m, 1)) != 0 || | 1600 | if ((r = sshbuf_put_u32(m, 1)) != 0 || |
| 1572 | (r = sshbuf_put_cstring(m, s->tty)) != 0) | 1601 | (r = sshbuf_put_cstring(m, s->tty)) != 0) |