diff options
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 32 |
1 files changed, 29 insertions, 3 deletions
@@ -127,6 +127,7 @@ int mm_answer_sign(int, Buffer *); | |||
127 | int mm_answer_pwnamallow(int, Buffer *); | 127 | int mm_answer_pwnamallow(int, Buffer *); |
128 | int mm_answer_auth2_read_banner(int, Buffer *); | 128 | int mm_answer_auth2_read_banner(int, Buffer *); |
129 | int mm_answer_authserv(int, Buffer *); | 129 | int mm_answer_authserv(int, Buffer *); |
130 | int mm_answer_authrole(int, Buffer *); | ||
130 | int mm_answer_authpassword(int, Buffer *); | 131 | int mm_answer_authpassword(int, Buffer *); |
131 | int mm_answer_bsdauthquery(int, Buffer *); | 132 | int mm_answer_bsdauthquery(int, Buffer *); |
132 | int mm_answer_bsdauthrespond(int, Buffer *); | 133 | int mm_answer_bsdauthrespond(int, Buffer *); |
@@ -204,6 +205,7 @@ struct mon_table mon_dispatch_proto20[] = { | |||
204 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, | 205 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, |
205 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, | 206 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, |
206 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, | 207 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, |
208 | {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole}, | ||
207 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, | 209 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, |
208 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | 210 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, |
209 | #ifdef USE_PAM | 211 | #ifdef USE_PAM |
@@ -799,6 +801,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) | |||
799 | 801 | ||
800 | /* Allow service/style information on the auth context */ | 802 | /* Allow service/style information on the auth context */ |
801 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); | 803 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); |
804 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1); | ||
802 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); | 805 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); |
803 | 806 | ||
804 | #ifdef USE_PAM | 807 | #ifdef USE_PAM |
@@ -829,14 +832,37 @@ mm_answer_authserv(int sock, Buffer *m) | |||
829 | 832 | ||
830 | authctxt->service = buffer_get_string(m, NULL); | 833 | authctxt->service = buffer_get_string(m, NULL); |
831 | authctxt->style = buffer_get_string(m, NULL); | 834 | authctxt->style = buffer_get_string(m, NULL); |
832 | debug3("%s: service=%s, style=%s", | 835 | authctxt->role = buffer_get_string(m, NULL); |
833 | __func__, authctxt->service, authctxt->style); | 836 | debug3("%s: service=%s, style=%s, role=%s", |
837 | __func__, authctxt->service, authctxt->style, authctxt->role); | ||
834 | 838 | ||
835 | if (strlen(authctxt->style) == 0) { | 839 | if (strlen(authctxt->style) == 0) { |
836 | free(authctxt->style); | 840 | free(authctxt->style); |
837 | authctxt->style = NULL; | 841 | authctxt->style = NULL; |
838 | } | 842 | } |
839 | 843 | ||
844 | if (strlen(authctxt->role) == 0) { | ||
845 | free(authctxt->role); | ||
846 | authctxt->role = NULL; | ||
847 | } | ||
848 | |||
849 | return (0); | ||
850 | } | ||
851 | |||
852 | int | ||
853 | mm_answer_authrole(int sock, Buffer *m) | ||
854 | { | ||
855 | monitor_permit_authentications(1); | ||
856 | |||
857 | authctxt->role = buffer_get_string(m, NULL); | ||
858 | debug3("%s: role=%s", | ||
859 | __func__, authctxt->role); | ||
860 | |||
861 | if (strlen(authctxt->role) == 0) { | ||
862 | free(authctxt->role); | ||
863 | authctxt->role = NULL; | ||
864 | } | ||
865 | |||
840 | return (0); | 866 | return (0); |
841 | } | 867 | } |
842 | 868 | ||
@@ -1471,7 +1497,7 @@ mm_answer_pty(int sock, Buffer *m) | |||
1471 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); | 1497 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); |
1472 | if (res == 0) | 1498 | if (res == 0) |
1473 | goto error; | 1499 | goto error; |
1474 | pty_setowner(authctxt->pw, s->tty); | 1500 | pty_setowner(authctxt->pw, s->tty, authctxt->role); |
1475 | 1501 | ||
1476 | buffer_put_int(m, 1); | 1502 | buffer_put_int(m, 1); |
1477 | buffer_put_cstring(m, s->tty); | 1503 | buffer_put_cstring(m, s->tty); |