diff options
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 34 |
1 files changed, 29 insertions, 5 deletions
@@ -113,6 +113,10 @@ int mm_answer_rsa_response(int, Buffer *); | |||
113 | int mm_answer_sesskey(int, Buffer *); | 113 | int mm_answer_sesskey(int, Buffer *); |
114 | int mm_answer_sessid(int, Buffer *); | 114 | int mm_answer_sessid(int, Buffer *); |
115 | 115 | ||
116 | #ifdef USE_PAM | ||
117 | int mm_answer_pam_start(int, Buffer *); | ||
118 | #endif | ||
119 | |||
116 | static Authctxt *authctxt; | 120 | static Authctxt *authctxt; |
117 | static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ | 121 | static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ |
118 | 122 | ||
@@ -143,8 +147,9 @@ struct mon_table mon_dispatch_proto20[] = { | |||
143 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, | 147 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, |
144 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, | 148 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, |
145 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, | 149 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, |
146 | #if !defined(USE_PAM) | ||
147 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | 150 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, |
151 | #ifdef USE_PAM | ||
152 | {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, | ||
148 | #endif | 153 | #endif |
149 | #ifdef BSD_AUTH | 154 | #ifdef BSD_AUTH |
150 | {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, | 155 | {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, |
@@ -172,9 +177,7 @@ struct mon_table mon_dispatch_proto15[] = { | |||
172 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, | 177 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, |
173 | {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, | 178 | {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, |
174 | {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, | 179 | {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, |
175 | #if !defined(USE_PAM) | ||
176 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | 180 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, |
177 | #endif | ||
178 | {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH, mm_answer_rsa_keyallowed}, | 181 | {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH, mm_answer_rsa_keyallowed}, |
179 | {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, | 182 | {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, |
180 | {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, | 183 | {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, |
@@ -260,6 +263,10 @@ monitor_child_preauth(struct monitor *monitor) | |||
260 | if (authctxt->pw->pw_uid == 0 && | 263 | if (authctxt->pw->pw_uid == 0 && |
261 | !auth_root_allowed(auth_method)) | 264 | !auth_root_allowed(auth_method)) |
262 | authenticated = 0; | 265 | authenticated = 0; |
266 | #ifdef USE_PAM | ||
267 | if (!do_pam_account(authctxt->pw->pw_name, NULL)) | ||
268 | authenticated = 0; | ||
269 | #endif | ||
263 | } | 270 | } |
264 | 271 | ||
265 | if (ent->flags & MON_AUTHDECIDE) { | 272 | if (ent->flags & MON_AUTHDECIDE) { |
@@ -457,6 +464,9 @@ mm_answer_sign(int socket, Buffer *m) | |||
457 | /* Turn on permissions for getpwnam */ | 464 | /* Turn on permissions for getpwnam */ |
458 | monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); | 465 | monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); |
459 | 466 | ||
467 | #ifdef USE_PAM | ||
468 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); | ||
469 | #endif | ||
460 | return (0); | 470 | return (0); |
461 | } | 471 | } |
462 | 472 | ||
@@ -537,7 +547,6 @@ mm_answer_authserv(int socket, Buffer *m) | |||
537 | return (0); | 547 | return (0); |
538 | } | 548 | } |
539 | 549 | ||
540 | #if !defined(USE_PAM) | ||
541 | int | 550 | int |
542 | mm_answer_authpassword(int socket, Buffer *m) | 551 | mm_answer_authpassword(int socket, Buffer *m) |
543 | { | 552 | { |
@@ -566,7 +575,6 @@ mm_answer_authpassword(int socket, Buffer *m) | |||
566 | /* Causes monitor loop to terminate if authenticated */ | 575 | /* Causes monitor loop to terminate if authenticated */ |
567 | return (authenticated); | 576 | return (authenticated); |
568 | } | 577 | } |
569 | #endif | ||
570 | 578 | ||
571 | #ifdef BSD_AUTH | 579 | #ifdef BSD_AUTH |
572 | int | 580 | int |
@@ -673,6 +681,22 @@ mm_answer_skeyrespond(int socket, Buffer *m) | |||
673 | } | 681 | } |
674 | #endif | 682 | #endif |
675 | 683 | ||
684 | #ifdef USE_PAM | ||
685 | int | ||
686 | mm_answer_pam_start(int socket, Buffer *m) | ||
687 | { | ||
688 | char *user; | ||
689 | |||
690 | user = buffer_get_string(m, NULL); | ||
691 | |||
692 | start_pam(user); | ||
693 | |||
694 | xfree(user); | ||
695 | |||
696 | return (0); | ||
697 | } | ||
698 | #endif | ||
699 | |||
676 | static void | 700 | static void |
677 | mm_append_debug(Buffer *m) | 701 | mm_append_debug(Buffer *m) |
678 | { | 702 | { |