diff options
author | Damien Miller <djm@mindrot.org> | 2002-04-23 20:28:48 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2002-04-23 20:28:48 +1000 |
commit | 7941855f09b067b639d72757ee3b1d5be1925d50 (patch) | |
tree | 0e94366b3fdd991cae8de9d0ce04a4f374fa12cf /monitor.c | |
parent | 594a71b9b92af786d34d8d961162374e5e4af72f (diff) | |
download | openssh-git-7941855f09b067b639d72757ee3b1d5be1925d50.tar.gz |
- (djm) Make privsep work with PAM (still experimental)
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 34 |
1 files changed, 29 insertions, 5 deletions
@@ -113,6 +113,10 @@ int mm_answer_rsa_response(int, Buffer *); int mm_answer_sesskey(int, Buffer *); int mm_answer_sessid(int, Buffer *); +#ifdef USE_PAM +int mm_answer_pam_start(int, Buffer *); +#endif + static Authctxt *authctxt; static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ @@ -143,8 +147,9 @@ struct mon_table mon_dispatch_proto20[] = { {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, -#if !defined(USE_PAM) {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, +#ifdef USE_PAM + {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, #endif #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, @@ -172,9 +177,7 @@ struct mon_table mon_dispatch_proto15[] = { {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, -#if !defined(USE_PAM) {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, -#endif {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH, mm_answer_rsa_keyallowed}, {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, @@ -260,6 +263,10 @@ monitor_child_preauth(struct monitor *monitor) if (authctxt->pw->pw_uid == 0 && !auth_root_allowed(auth_method)) authenticated = 0; +#ifdef USE_PAM + if (!do_pam_account(authctxt->pw->pw_name, NULL)) + authenticated = 0; +#endif } if (ent->flags & MON_AUTHDECIDE) { @@ -457,6 +464,9 @@ mm_answer_sign(int socket, Buffer *m) /* Turn on permissions for getpwnam */ monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); +#ifdef USE_PAM + monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); +#endif return (0); } @@ -537,7 +547,6 @@ mm_answer_authserv(int socket, Buffer *m) return (0); } -#if !defined(USE_PAM) int mm_answer_authpassword(int socket, Buffer *m) { @@ -566,7 +575,6 @@ mm_answer_authpassword(int socket, Buffer *m) /* Causes monitor loop to terminate if authenticated */ return (authenticated); } -#endif #ifdef BSD_AUTH int @@ -673,6 +681,22 @@ mm_answer_skeyrespond(int socket, Buffer *m) } #endif +#ifdef USE_PAM +int +mm_answer_pam_start(int socket, Buffer *m) +{ + char *user; + + user = buffer_get_string(m, NULL); + + start_pam(user); + + xfree(user); + + return (0); +} +#endif + static void mm_append_debug(Buffer *m) { |