summaryrefslogtreecommitdiff
path: root/monitor.c
diff options
context:
space:
mode:
Diffstat (limited to 'monitor.c')
-rw-r--r--monitor.c32
1 files changed, 29 insertions, 3 deletions
diff --git a/monitor.c b/monitor.c
index 05bb48a8e..e91054e5f 100644
--- a/monitor.c
+++ b/monitor.c
@@ -128,6 +128,7 @@ int mm_answer_sign(int, Buffer *);
128int mm_answer_pwnamallow(int, Buffer *); 128int mm_answer_pwnamallow(int, Buffer *);
129int mm_answer_auth2_read_banner(int, Buffer *); 129int mm_answer_auth2_read_banner(int, Buffer *);
130int mm_answer_authserv(int, Buffer *); 130int mm_answer_authserv(int, Buffer *);
131int mm_answer_authrole(int, Buffer *);
131int mm_answer_authpassword(int, Buffer *); 132int mm_answer_authpassword(int, Buffer *);
132int mm_answer_bsdauthquery(int, Buffer *); 133int mm_answer_bsdauthquery(int, Buffer *);
133int mm_answer_bsdauthrespond(int, Buffer *); 134int mm_answer_bsdauthrespond(int, Buffer *);
@@ -209,6 +210,7 @@ struct mon_table mon_dispatch_proto20[] = {
209 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, 210 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
210 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 211 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
211 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, 212 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
213 {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole},
212 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, 214 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
213 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 215 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
214#ifdef USE_PAM 216#ifdef USE_PAM
@@ -880,6 +882,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
880 else { 882 else {
881 /* Allow service/style information on the auth context */ 883 /* Allow service/style information on the auth context */
882 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); 884 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
885 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
883 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); 886 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
884 } 887 }
885#ifdef USE_PAM 888#ifdef USE_PAM
@@ -910,14 +913,37 @@ mm_answer_authserv(int sock, Buffer *m)
910 913
911 authctxt->service = buffer_get_string(m, NULL); 914 authctxt->service = buffer_get_string(m, NULL);
912 authctxt->style = buffer_get_string(m, NULL); 915 authctxt->style = buffer_get_string(m, NULL);
913 debug3("%s: service=%s, style=%s", 916 authctxt->role = buffer_get_string(m, NULL);
914 __func__, authctxt->service, authctxt->style); 917 debug3("%s: service=%s, style=%s, role=%s",
918 __func__, authctxt->service, authctxt->style, authctxt->role);
915 919
916 if (strlen(authctxt->style) == 0) { 920 if (strlen(authctxt->style) == 0) {
917 free(authctxt->style); 921 free(authctxt->style);
918 authctxt->style = NULL; 922 authctxt->style = NULL;
919 } 923 }
920 924
925 if (strlen(authctxt->role) == 0) {
926 free(authctxt->role);
927 authctxt->role = NULL;
928 }
929
930 return (0);
931}
932
933int
934mm_answer_authrole(int sock, Buffer *m)
935{
936 monitor_permit_authentications(1);
937
938 authctxt->role = buffer_get_string(m, NULL);
939 debug3("%s: role=%s",
940 __func__, authctxt->role);
941
942 if (strlen(authctxt->role) == 0) {
943 free(authctxt->role);
944 authctxt->role = NULL;
945 }
946
921 return (0); 947 return (0);
922} 948}
923 949
@@ -1553,7 +1579,7 @@ mm_answer_pty(int sock, Buffer *m)
1553 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 1579 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
1554 if (res == 0) 1580 if (res == 0)
1555 goto error; 1581 goto error;
1556 pty_setowner(authctxt->pw, s->tty); 1582 pty_setowner(authctxt->pw, s->tty, authctxt->role);
1557 1583
1558 buffer_put_int(m, 1); 1584 buffer_put_int(m, 1);
1559 buffer_put_cstring(m, s->tty); 1585 buffer_put_cstring(m, s->tty);
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-08 23:37:41 +0000