diff options
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 37 |
1 files changed, 33 insertions, 4 deletions
@@ -117,6 +117,7 @@ int mm_answer_sign(int, struct sshbuf *); | |||
117 | int mm_answer_pwnamallow(int, struct sshbuf *); | 117 | int mm_answer_pwnamallow(int, struct sshbuf *); |
118 | int mm_answer_auth2_read_banner(int, struct sshbuf *); | 118 | int mm_answer_auth2_read_banner(int, struct sshbuf *); |
119 | int mm_answer_authserv(int, struct sshbuf *); | 119 | int mm_answer_authserv(int, struct sshbuf *); |
120 | int mm_answer_authrole(int, struct sshbuf *); | ||
120 | int mm_answer_authpassword(int, struct sshbuf *); | 121 | int mm_answer_authpassword(int, struct sshbuf *); |
121 | int mm_answer_bsdauthquery(int, struct sshbuf *); | 122 | int mm_answer_bsdauthquery(int, struct sshbuf *); |
122 | int mm_answer_bsdauthrespond(int, struct sshbuf *); | 123 | int mm_answer_bsdauthrespond(int, struct sshbuf *); |
@@ -193,6 +194,7 @@ struct mon_table mon_dispatch_proto20[] = { | |||
193 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, | 194 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, |
194 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, | 195 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, |
195 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, | 196 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, |
197 | {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole}, | ||
196 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, | 198 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, |
197 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | 199 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, |
198 | #ifdef USE_PAM | 200 | #ifdef USE_PAM |
@@ -817,6 +819,7 @@ mm_answer_pwnamallow(int sock, struct sshbuf *m) | |||
817 | 819 | ||
818 | /* Allow service/style information on the auth context */ | 820 | /* Allow service/style information on the auth context */ |
819 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); | 821 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); |
822 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1); | ||
820 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); | 823 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); |
821 | 824 | ||
822 | #ifdef USE_PAM | 825 | #ifdef USE_PAM |
@@ -850,16 +853,42 @@ mm_answer_authserv(int sock, struct sshbuf *m) | |||
850 | monitor_permit_authentications(1); | 853 | monitor_permit_authentications(1); |
851 | 854 | ||
852 | if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 || | 855 | if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 || |
853 | (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0) | 856 | (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0 || |
857 | (r = sshbuf_get_cstring(m, &authctxt->role, NULL)) != 0) | ||
854 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 858 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
855 | debug3("%s: service=%s, style=%s", | 859 | debug3("%s: service=%s, style=%s, role=%s", |
856 | __func__, authctxt->service, authctxt->style); | 860 | __func__, authctxt->service, authctxt->style, authctxt->role); |
857 | 861 | ||
858 | if (strlen(authctxt->style) == 0) { | 862 | if (strlen(authctxt->style) == 0) { |
859 | free(authctxt->style); | 863 | free(authctxt->style); |
860 | authctxt->style = NULL; | 864 | authctxt->style = NULL; |
861 | } | 865 | } |
862 | 866 | ||
867 | if (strlen(authctxt->role) == 0) { | ||
868 | free(authctxt->role); | ||
869 | authctxt->role = NULL; | ||
870 | } | ||
871 | |||
872 | return (0); | ||
873 | } | ||
874 | |||
875 | int | ||
876 | mm_answer_authrole(int sock, struct sshbuf *m) | ||
877 | { | ||
878 | int r; | ||
879 | |||
880 | monitor_permit_authentications(1); | ||
881 | |||
882 | if ((r = sshbuf_get_cstring(m, &authctxt->role, NULL)) != 0) | ||
883 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
884 | debug3("%s: role=%s", | ||
885 | __func__, authctxt->role); | ||
886 | |||
887 | if (strlen(authctxt->role) == 0) { | ||
888 | free(authctxt->role); | ||
889 | authctxt->role = NULL; | ||
890 | } | ||
891 | |||
863 | return (0); | 892 | return (0); |
864 | } | 893 | } |
865 | 894 | ||
@@ -1501,7 +1530,7 @@ mm_answer_pty(int sock, struct sshbuf *m) | |||
1501 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); | 1530 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); |
1502 | if (res == 0) | 1531 | if (res == 0) |
1503 | goto error; | 1532 | goto error; |
1504 | pty_setowner(authctxt->pw, s->tty); | 1533 | pty_setowner(authctxt->pw, s->tty, authctxt->role); |
1505 | 1534 | ||
1506 | if ((r = sshbuf_put_u32(m, 1)) != 0 || | 1535 | if ((r = sshbuf_put_u32(m, 1)) != 0 || |
1507 | (r = sshbuf_put_cstring(m, s->tty)) != 0) | 1536 | (r = sshbuf_put_cstring(m, s->tty)) != 0) |