diff options
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r-- | monitor_wrap.c | 44 |
1 files changed, 27 insertions, 17 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c index cce318bc5..9666bda4b 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor_wrap.c,v 1.98 2018/01/08 15:14:44 markus Exp $ */ | 1 | /* $OpenBSD: monitor_wrap.c,v 1.99 2018/03/03 03:15:51 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -351,7 +351,7 @@ mm_inform_authserv(char *service, char *style) | |||
351 | 351 | ||
352 | /* Do the password authentication */ | 352 | /* Do the password authentication */ |
353 | int | 353 | int |
354 | mm_auth_password(Authctxt *authctxt, char *password) | 354 | mm_auth_password(struct ssh *ssh, char *password) |
355 | { | 355 | { |
356 | Buffer m; | 356 | Buffer m; |
357 | int authenticated = 0; | 357 | int authenticated = 0; |
@@ -378,34 +378,38 @@ mm_auth_password(Authctxt *authctxt, char *password) | |||
378 | } | 378 | } |
379 | 379 | ||
380 | int | 380 | int |
381 | mm_user_key_allowed(struct passwd *pw, struct sshkey *key, | 381 | mm_user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key, |
382 | int pubkey_auth_attempt) | 382 | int pubkey_auth_attempt, struct sshauthopt **authoptp) |
383 | { | 383 | { |
384 | return (mm_key_allowed(MM_USERKEY, NULL, NULL, key, | 384 | return (mm_key_allowed(MM_USERKEY, NULL, NULL, key, |
385 | pubkey_auth_attempt)); | 385 | pubkey_auth_attempt, authoptp)); |
386 | } | 386 | } |
387 | 387 | ||
388 | int | 388 | int |
389 | mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host, | 389 | mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host, |
390 | struct sshkey *key) | 390 | struct sshkey *key) |
391 | { | 391 | { |
392 | return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0)); | 392 | return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0, NULL)); |
393 | } | 393 | } |
394 | 394 | ||
395 | int | 395 | int |
396 | mm_key_allowed(enum mm_keytype type, const char *user, const char *host, | 396 | mm_key_allowed(enum mm_keytype type, const char *user, const char *host, |
397 | struct sshkey *key, int pubkey_auth_attempt) | 397 | struct sshkey *key, int pubkey_auth_attempt, struct sshauthopt **authoptp) |
398 | { | 398 | { |
399 | Buffer m; | 399 | Buffer m; |
400 | u_char *blob; | 400 | u_char *blob; |
401 | u_int len; | 401 | u_int len; |
402 | int allowed = 0, have_forced = 0; | 402 | int r, allowed = 0; |
403 | struct sshauthopt *opts = NULL; | ||
403 | 404 | ||
404 | debug3("%s entering", __func__); | 405 | debug3("%s entering", __func__); |
405 | 406 | ||
407 | if (authoptp != NULL) | ||
408 | *authoptp = NULL; | ||
409 | |||
406 | /* Convert the key to a blob and the pass it over */ | 410 | /* Convert the key to a blob and the pass it over */ |
407 | if (!key_to_blob(key, &blob, &len)) | 411 | if (!key_to_blob(key, &blob, &len)) |
408 | return (0); | 412 | return 0; |
409 | 413 | ||
410 | buffer_init(&m); | 414 | buffer_init(&m); |
411 | buffer_put_int(&m, type); | 415 | buffer_put_int(&m, type); |
@@ -418,18 +422,24 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host, | |||
418 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); | 422 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); |
419 | 423 | ||
420 | debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__); | 424 | debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__); |
421 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m); | 425 | mm_request_receive_expect(pmonitor->m_recvfd, |
426 | MONITOR_ANS_KEYALLOWED, &m); | ||
422 | 427 | ||
423 | allowed = buffer_get_int(&m); | 428 | allowed = buffer_get_int(&m); |
424 | 429 | if (allowed && type == MM_USERKEY) { | |
425 | /* fake forced command */ | 430 | if ((r = sshauthopt_deserialise(&m, &opts)) != 0) |
426 | auth_clear_options(); | 431 | fatal("%s: sshauthopt_deserialise: %s", |
427 | have_forced = buffer_get_int(&m); | 432 | __func__, ssh_err(r)); |
428 | forced_command = have_forced ? xstrdup("true") : NULL; | 433 | } |
429 | |||
430 | buffer_free(&m); | 434 | buffer_free(&m); |
431 | 435 | ||
432 | return (allowed); | 436 | if (authoptp != NULL) { |
437 | *authoptp = opts; | ||
438 | opts = NULL; | ||
439 | } | ||
440 | sshauthopt_free(opts); | ||
441 | |||
442 | return allowed; | ||
433 | } | 443 | } |
434 | 444 | ||
435 | /* | 445 | /* |