summaryrefslogtreecommitdiff
path: root/monitor_wrap.c
diff options
context:
space:
mode:
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r--monitor_wrap.c44
1 files changed, 27 insertions, 17 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c
index cce318bc5..9666bda4b 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.c,v 1.98 2018/01/08 15:14:44 markus Exp $ */ 1/* $OpenBSD: monitor_wrap.c,v 1.99 2018/03/03 03:15:51 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -351,7 +351,7 @@ mm_inform_authserv(char *service, char *style)
351 351
352/* Do the password authentication */ 352/* Do the password authentication */
353int 353int
354mm_auth_password(Authctxt *authctxt, char *password) 354mm_auth_password(struct ssh *ssh, char *password)
355{ 355{
356 Buffer m; 356 Buffer m;
357 int authenticated = 0; 357 int authenticated = 0;
@@ -378,34 +378,38 @@ mm_auth_password(Authctxt *authctxt, char *password)
378} 378}
379 379
380int 380int
381mm_user_key_allowed(struct passwd *pw, struct sshkey *key, 381mm_user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
382 int pubkey_auth_attempt) 382 int pubkey_auth_attempt, struct sshauthopt **authoptp)
383{ 383{
384 return (mm_key_allowed(MM_USERKEY, NULL, NULL, key, 384 return (mm_key_allowed(MM_USERKEY, NULL, NULL, key,
385 pubkey_auth_attempt)); 385 pubkey_auth_attempt, authoptp));
386} 386}
387 387
388int 388int
389mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host, 389mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host,
390 struct sshkey *key) 390 struct sshkey *key)
391{ 391{
392 return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0)); 392 return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0, NULL));
393} 393}
394 394
395int 395int
396mm_key_allowed(enum mm_keytype type, const char *user, const char *host, 396mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
397 struct sshkey *key, int pubkey_auth_attempt) 397 struct sshkey *key, int pubkey_auth_attempt, struct sshauthopt **authoptp)
398{ 398{
399 Buffer m; 399 Buffer m;
400 u_char *blob; 400 u_char *blob;
401 u_int len; 401 u_int len;
402 int allowed = 0, have_forced = 0; 402 int r, allowed = 0;
403 struct sshauthopt *opts = NULL;
403 404
404 debug3("%s entering", __func__); 405 debug3("%s entering", __func__);
405 406
407 if (authoptp != NULL)
408 *authoptp = NULL;
409
406 /* Convert the key to a blob and the pass it over */ 410 /* Convert the key to a blob and the pass it over */
407 if (!key_to_blob(key, &blob, &len)) 411 if (!key_to_blob(key, &blob, &len))
408 return (0); 412 return 0;
409 413
410 buffer_init(&m); 414 buffer_init(&m);
411 buffer_put_int(&m, type); 415 buffer_put_int(&m, type);
@@ -418,18 +422,24 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
418 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); 422 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);
419 423
420 debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__); 424 debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__);
421 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m); 425 mm_request_receive_expect(pmonitor->m_recvfd,
426 MONITOR_ANS_KEYALLOWED, &m);
422 427
423 allowed = buffer_get_int(&m); 428 allowed = buffer_get_int(&m);
424 429 if (allowed && type == MM_USERKEY) {
425 /* fake forced command */ 430 if ((r = sshauthopt_deserialise(&m, &opts)) != 0)
426 auth_clear_options(); 431 fatal("%s: sshauthopt_deserialise: %s",
427 have_forced = buffer_get_int(&m); 432 __func__, ssh_err(r));
428 forced_command = have_forced ? xstrdup("true") : NULL; 433 }
429
430 buffer_free(&m); 434 buffer_free(&m);
431 435
432 return (allowed); 436 if (authoptp != NULL) {
437 *authoptp = opts;
438 opts = NULL;
439 }
440 sshauthopt_free(opts);
441
442 return allowed;
433} 443}
434 444
435/* 445/*