diff options
author | djm <djm> | 2002-04-23 10:28:48 +0000 |
---|---|---|
committer | djm <djm> | 2002-04-23 10:28:48 +0000 |
commit | f5e916da41041597b15816e44da245686dabfbd1 (patch) | |
tree | 46ac9c01d62d34b041b404ce4e53f8cd193cbdba /monitor.c | |
parent | 7a77c37f5d51c1c3315a2ad44ab963d0f97c222a (diff) | |
download | openssh-f5e916da41041597b15816e44da245686dabfbd1.tar.gz |
- (djm) Make privsep work with PAM (still experimental)
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 34 |
1 files changed, 29 insertions, 5 deletions
@@ -113,6 +113,10 @@ int mm_answer_rsa_response(int, Buffer *); int mm_answer_sesskey(int, Buffer *); int mm_answer_sessid(int, Buffer *); +#ifdef USE_PAM +int mm_answer_pam_start(int, Buffer *); +#endif + static Authctxt *authctxt; static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ @@ -143,8 +147,9 @@ struct mon_table mon_dispatch_proto20[] = { {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, -#if !defined(USE_PAM) {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, +#ifdef USE_PAM + {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, #endif #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, @@ -172,9 +177,7 @@ struct mon_table mon_dispatch_proto15[] = { {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, -#if !defined(USE_PAM) {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, -#endif {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH, mm_answer_rsa_keyallowed}, {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, @@ -260,6 +263,10 @@ monitor_child_preauth(struct monitor *monitor) if (authctxt->pw->pw_uid == 0 && !auth_root_allowed(auth_method)) authenticated = 0; +#ifdef USE_PAM + if (!do_pam_account(authctxt->pw->pw_name, NULL)) + authenticated = 0; +#endif } if (ent->flags & MON_AUTHDECIDE) { @@ -457,6 +464,9 @@ mm_answer_sign(int socket, Buffer *m) /* Turn on permissions for getpwnam */ monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); +#ifdef USE_PAM + monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); +#endif return (0); } @@ -537,7 +547,6 @@ mm_answer_authserv(int socket, Buffer *m) return (0); } -#if !defined(USE_PAM) int mm_answer_authpassword(int socket, Buffer *m) { @@ -566,7 +575,6 @@ mm_answer_authpassword(int socket, Buffer *m) /* Causes monitor loop to terminate if authenticated */ return (authenticated); } -#endif #ifdef BSD_AUTH int @@ -673,6 +681,22 @@ mm_answer_skeyrespond(int socket, Buffer *m) } #endif +#ifdef USE_PAM +int +mm_answer_pam_start(int socket, Buffer *m) +{ + char *user; + + user = buffer_get_string(m, NULL); + + start_pam(user); + + xfree(user); + + return (0); +} +#endif + static void mm_append_debug(Buffer *m) { |