summaryrefslogtreecommitdiff
path: root/monitor.c
diff options
context:
space:
mode:
Diffstat (limited to 'monitor.c')
-rw-r--r--monitor.c32
1 files changed, 29 insertions, 3 deletions
diff --git a/monitor.c b/monitor.c
index 6c8202325..5be3fbfdb 100644
--- a/monitor.c
+++ b/monitor.c
@@ -126,6 +126,7 @@ int mm_answer_sign(int, Buffer *);
126int mm_answer_pwnamallow(int, Buffer *); 126int mm_answer_pwnamallow(int, Buffer *);
127int mm_answer_auth2_read_banner(int, Buffer *); 127int mm_answer_auth2_read_banner(int, Buffer *);
128int mm_answer_authserv(int, Buffer *); 128int mm_answer_authserv(int, Buffer *);
129int mm_answer_authrole(int, Buffer *);
129int mm_answer_authpassword(int, Buffer *); 130int mm_answer_authpassword(int, Buffer *);
130int mm_answer_bsdauthquery(int, Buffer *); 131int mm_answer_bsdauthquery(int, Buffer *);
131int mm_answer_bsdauthrespond(int, Buffer *); 132int mm_answer_bsdauthrespond(int, Buffer *);
@@ -207,6 +208,7 @@ struct mon_table mon_dispatch_proto20[] = {
207 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, 208 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
208 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 209 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
209 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, 210 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
211 {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole},
210 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, 212 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
211 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 213 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
212#ifdef USE_PAM 214#ifdef USE_PAM
@@ -875,6 +877,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
875 else { 877 else {
876 /* Allow service/style information on the auth context */ 878 /* Allow service/style information on the auth context */
877 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); 879 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
880 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
878 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); 881 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
879 } 882 }
880#ifdef USE_PAM 883#ifdef USE_PAM
@@ -905,14 +908,37 @@ mm_answer_authserv(int sock, Buffer *m)
905 908
906 authctxt->service = buffer_get_string(m, NULL); 909 authctxt->service = buffer_get_string(m, NULL);
907 authctxt->style = buffer_get_string(m, NULL); 910 authctxt->style = buffer_get_string(m, NULL);
908 debug3("%s: service=%s, style=%s", 911 authctxt->role = buffer_get_string(m, NULL);
909 __func__, authctxt->service, authctxt->style); 912 debug3("%s: service=%s, style=%s, role=%s",
913 __func__, authctxt->service, authctxt->style, authctxt->role);
910 914
911 if (strlen(authctxt->style) == 0) { 915 if (strlen(authctxt->style) == 0) {
912 free(authctxt->style); 916 free(authctxt->style);
913 authctxt->style = NULL; 917 authctxt->style = NULL;
914 } 918 }
915 919
920 if (strlen(authctxt->role) == 0) {
921 free(authctxt->role);
922 authctxt->role = NULL;
923 }
924
925 return (0);
926}
927
928int
929mm_answer_authrole(int sock, Buffer *m)
930{
931 monitor_permit_authentications(1);
932
933 authctxt->role = buffer_get_string(m, NULL);
934 debug3("%s: role=%s",
935 __func__, authctxt->role);
936
937 if (strlen(authctxt->role) == 0) {
938 free(authctxt->role);
939 authctxt->role = NULL;
940 }
941
916 return (0); 942 return (0);
917} 943}
918 944
@@ -1541,7 +1567,7 @@ mm_answer_pty(int sock, Buffer *m)
1541 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 1567 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
1542 if (res == 0) 1568 if (res == 0)
1543 goto error; 1569 goto error;
1544 pty_setowner(authctxt->pw, s->tty); 1570 pty_setowner(authctxt->pw, s->tty, authctxt->role);
1545 1571
1546 buffer_put_int(m, 1); 1572 buffer_put_int(m, 1);
1547 buffer_put_cstring(m, s->tty); 1573 buffer_put_cstring(m, s->tty);
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-29 04:00:09 +0000