summaryrefslogtreecommitdiff
path: root/monitor.c
diff options
context:
space:
mode:
Diffstat (limited to 'monitor.c')
-rw-r--r--monitor.c32
1 files changed, 29 insertions, 3 deletions
diff --git a/monitor.c b/monitor.c
index a777c4c03..88f472e68 100644
--- a/monitor.c
+++ b/monitor.c
@@ -146,6 +146,7 @@ int mm_answer_sign(int, Buffer *);
146int mm_answer_pwnamallow(int, Buffer *); 146int mm_answer_pwnamallow(int, Buffer *);
147int mm_answer_auth2_read_banner(int, Buffer *); 147int mm_answer_auth2_read_banner(int, Buffer *);
148int mm_answer_authserv(int, Buffer *); 148int mm_answer_authserv(int, Buffer *);
149int mm_answer_authrole(int, Buffer *);
149int mm_answer_authpassword(int, Buffer *); 150int mm_answer_authpassword(int, Buffer *);
150int mm_answer_bsdauthquery(int, Buffer *); 151int mm_answer_bsdauthquery(int, Buffer *);
151int mm_answer_bsdauthrespond(int, Buffer *); 152int mm_answer_bsdauthrespond(int, Buffer *);
@@ -227,6 +228,7 @@ struct mon_table mon_dispatch_proto20[] = {
227 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, 228 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
228 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 229 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
229 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, 230 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
231 {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole},
230 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, 232 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
231 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 233 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
232#ifdef USE_PAM 234#ifdef USE_PAM
@@ -844,6 +846,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
844 else { 846 else {
845 /* Allow service/style information on the auth context */ 847 /* Allow service/style information on the auth context */
846 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); 848 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
849 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
847 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); 850 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
848 } 851 }
849#ifdef USE_PAM 852#ifdef USE_PAM
@@ -874,14 +877,37 @@ mm_answer_authserv(int sock, Buffer *m)
874 877
875 authctxt->service = buffer_get_string(m, NULL); 878 authctxt->service = buffer_get_string(m, NULL);
876 authctxt->style = buffer_get_string(m, NULL); 879 authctxt->style = buffer_get_string(m, NULL);
877 debug3("%s: service=%s, style=%s", 880 authctxt->role = buffer_get_string(m, NULL);
878 __func__, authctxt->service, authctxt->style); 881 debug3("%s: service=%s, style=%s, role=%s",
882 __func__, authctxt->service, authctxt->style, authctxt->role);
879 883
880 if (strlen(authctxt->style) == 0) { 884 if (strlen(authctxt->style) == 0) {
881 free(authctxt->style); 885 free(authctxt->style);
882 authctxt->style = NULL; 886 authctxt->style = NULL;
883 } 887 }
884 888
889 if (strlen(authctxt->role) == 0) {
890 free(authctxt->role);
891 authctxt->role = NULL;
892 }
893
894 return (0);
895}
896
897int
898mm_answer_authrole(int sock, Buffer *m)
899{
900 monitor_permit_authentications(1);
901
902 authctxt->role = buffer_get_string(m, NULL);
903 debug3("%s: role=%s",
904 __func__, authctxt->role);
905
906 if (strlen(authctxt->role) == 0) {
907 free(authctxt->role);
908 authctxt->role = NULL;
909 }
910
885 return (0); 911 return (0);
886} 912}
887 913
@@ -1486,7 +1512,7 @@ mm_answer_pty(int sock, Buffer *m)
1486 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 1512 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
1487 if (res == 0) 1513 if (res == 0)
1488 goto error; 1514 goto error;
1489 pty_setowner(authctxt->pw, s->tty); 1515 pty_setowner(authctxt->pw, s->tty, authctxt->role);
1490 1516
1491 buffer_put_int(m, 1); 1517 buffer_put_int(m, 1);
1492 buffer_put_cstring(m, s->tty); 1518 buffer_put_cstring(m, s->tty);