summaryrefslogtreecommitdiff
path: root/monitor.c
diff options
context:
space:
mode:
Diffstat (limited to 'monitor.c')
-rw-r--r--monitor.c32
1 files changed, 29 insertions, 3 deletions
diff --git a/monitor.c b/monitor.c
index 291881493..11eac63c2 100644
--- a/monitor.c
+++ b/monitor.c
@@ -145,6 +145,7 @@ int mm_answer_sign(int, Buffer *);
145int mm_answer_pwnamallow(int, Buffer *); 145int mm_answer_pwnamallow(int, Buffer *);
146int mm_answer_auth2_read_banner(int, Buffer *); 146int mm_answer_auth2_read_banner(int, Buffer *);
147int mm_answer_authserv(int, Buffer *); 147int mm_answer_authserv(int, Buffer *);
148int mm_answer_authrole(int, Buffer *);
148int mm_answer_authpassword(int, Buffer *); 149int mm_answer_authpassword(int, Buffer *);
149int mm_answer_bsdauthquery(int, Buffer *); 150int mm_answer_bsdauthquery(int, Buffer *);
150int mm_answer_bsdauthrespond(int, Buffer *); 151int mm_answer_bsdauthrespond(int, Buffer *);
@@ -221,6 +222,7 @@ struct mon_table mon_dispatch_proto20[] = {
221 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, 222 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
222 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 223 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
223 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, 224 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
225 {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole},
224 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, 226 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
225 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 227 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
226#ifdef USE_PAM 228#ifdef USE_PAM
@@ -822,6 +824,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
822 else { 824 else {
823 /* Allow service/style information on the auth context */ 825 /* Allow service/style information on the auth context */
824 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); 826 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
827 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
825 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); 828 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
826 } 829 }
827#ifdef USE_PAM 830#ifdef USE_PAM
@@ -852,14 +855,37 @@ mm_answer_authserv(int sock, Buffer *m)
852 855
853 authctxt->service = buffer_get_string(m, NULL); 856 authctxt->service = buffer_get_string(m, NULL);
854 authctxt->style = buffer_get_string(m, NULL); 857 authctxt->style = buffer_get_string(m, NULL);
855 debug3("%s: service=%s, style=%s", 858 authctxt->role = buffer_get_string(m, NULL);
856 __func__, authctxt->service, authctxt->style); 859 debug3("%s: service=%s, style=%s, role=%s",
860 __func__, authctxt->service, authctxt->style, authctxt->role);
857 861
858 if (strlen(authctxt->style) == 0) { 862 if (strlen(authctxt->style) == 0) {
859 free(authctxt->style); 863 free(authctxt->style);
860 authctxt->style = NULL; 864 authctxt->style = NULL;
861 } 865 }
862 866
867 if (strlen(authctxt->role) == 0) {
868 free(authctxt->role);
869 authctxt->role = NULL;
870 }
871
872 return (0);
873}
874
875int
876mm_answer_authrole(int sock, Buffer *m)
877{
878 monitor_permit_authentications(1);
879
880 authctxt->role = buffer_get_string(m, NULL);
881 debug3("%s: role=%s",
882 __func__, authctxt->role);
883
884 if (strlen(authctxt->role) == 0) {
885 free(authctxt->role);
886 authctxt->role = NULL;
887 }
888
863 return (0); 889 return (0);
864} 890}
865 891
@@ -1464,7 +1490,7 @@ mm_answer_pty(int sock, Buffer *m)
1464 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 1490 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
1465 if (res == 0) 1491 if (res == 0)
1466 goto error; 1492 goto error;
1467 pty_setowner(authctxt->pw, s->tty); 1493 pty_setowner(authctxt->pw, s->tty, authctxt->role);
1468 1494
1469 buffer_put_int(m, 1); 1495 buffer_put_int(m, 1);
1470 buffer_put_cstring(m, s->tty); 1496 buffer_put_cstring(m, s->tty);