-/* $OpenBSD: auth.h,v 1.101 2020/12/22 00:12:22 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.102 2021/12/19 22:12:07 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
struct Authmethod {
char *name;
- int (*userauth)(struct ssh *);
+ char *synonym;
+ int (*userauth)(struct ssh *, const char *);
int *enabled;
};
-/* $OpenBSD: auth2-gss.c,v 1.32 2021/01/27 10:15:08 djm Exp $ */
+/* $OpenBSD: auth2-gss.c,v 1.33 2021/12/19 22:12:07 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
* how to check local user kuserok and the like)
*/
static int
-userauth_gssapi(struct ssh *ssh)
+userauth_gssapi(struct ssh *ssh, const char *method)
{
Authctxt *authctxt = ssh->authctxt;
gss_OID_desc goid = {0, NULL};
Authmethod method_gssapi = {
"gssapi-with-mic",
+ NULL,
userauth_gssapi,
&options.gss_authentication
};
-/* $OpenBSD: auth2-hostbased.c,v 1.47 2021/07/23 03:37:52 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.48 2021/12/19 22:12:07 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
extern ServerOptions options;
static int
-userauth_hostbased(struct ssh *ssh)
+userauth_hostbased(struct ssh *ssh, const char *method)
{
Authctxt *authctxt = ssh->authctxt;
struct sshbuf *b;
(r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
(r = sshbuf_put_cstring(b, authctxt->user)) != 0 ||
(r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
- (r = sshbuf_put_cstring(b, "hostbased")) != 0 ||
+ (r = sshbuf_put_cstring(b, method)) != 0 ||
(r = sshbuf_put_string(b, pkalg, alen)) != 0 ||
(r = sshbuf_put_string(b, pkblob, blen)) != 0 ||
(r = sshbuf_put_cstring(b, chost)) != 0 ||
Authmethod method_hostbased = {
"hostbased",
+ NULL,
userauth_hostbased,
&options.hostbased_authentication
};
-/* $OpenBSD: auth2-kbdint.c,v 1.13 2021/07/02 05:11:20 dtucker Exp $ */
+/* $OpenBSD: auth2-kbdint.c,v 1.14 2021/12/19 22:12:07 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
extern ServerOptions options;
static int
-userauth_kbdint(struct ssh *ssh)
+userauth_kbdint(struct ssh *ssh, const char *method)
{
int r, authenticated = 0;
char *lang, *devs;
Authmethod method_kbdint = {
"keyboard-interactive",
+ NULL,
userauth_kbdint,
&options.kbd_interactive_authentication
};
-/* $OpenBSD: auth2-none.c,v 1.23 2020/10/18 11:32:01 djm Exp $ */
+/* $OpenBSD: auth2-none.c,v 1.24 2021/12/19 22:12:07 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
static int none_enabled = 1;
static int
-userauth_none(struct ssh *ssh)
+userauth_none(struct ssh *ssh, const char *method)
{
int r;
Authmethod method_none = {
"none",
+ NULL,
userauth_none,
&none_enabled
};
-/* $OpenBSD: auth2-passwd.c,v 1.19 2020/10/18 11:32:01 djm Exp $ */
+/* $OpenBSD: auth2-passwd.c,v 1.20 2021/12/19 22:12:07 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
extern ServerOptions options;
static int
-userauth_passwd(struct ssh *ssh)
+userauth_passwd(struct ssh *ssh, const char *method)
{
char *password;
int authenticated = 0, r;
Authmethod method_passwd = {
"password",
+ NULL,
userauth_passwd,
&options.password_authentication
};
-/* $OpenBSD: auth2-pubkey.c,v 1.110 2021/09/29 01:33:32 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.111 2021/12/19 22:12:07 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
}
static int
-userauth_pubkey(struct ssh *ssh)
+userauth_pubkey(struct ssh *ssh, const char *method)
{
Authctxt *authctxt = ssh->authctxt;
struct passwd *pw = authctxt->pw;
if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
(r = sshbuf_put_cstring(b, userstyle)) != 0 ||
(r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
- (r = sshbuf_put_cstring(b, "publickey")) != 0 ||
+ (r = sshbuf_put_cstring(b, method)) != 0 ||
(r = sshbuf_put_u8(b, have_sig)) != 0 ||
(r = sshbuf_put_cstring(b, pkalg)) != 0 ||
(r = sshbuf_put_string(b, pkblob, blen)) != 0)
Authmethod method_pubkey = {
"publickey",
+ NULL,
userauth_pubkey,
&options.pubkey_authentication
};
-/* $OpenBSD: auth2.c,v 1.161 2021/04/03 06:18:40 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.162 2021/12/19 22:12:07 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
m = authmethod_lookup(authctxt, method);
if (m != NULL && authctxt->failures < options.max_authtries) {
debug2("input_userauth_request: try method %s", method);
- authenticated = m->userauth(ssh);
+ authenticated = m->userauth(ssh, method);
}
if (!authctxt->authenticated)
ensure_minimum_time_since(tstart,
}
void
-userauth_finish(struct ssh *ssh, int authenticated, const char *method,
+userauth_finish(struct ssh *ssh, int authenticated, const char *packet_method,
const char *submethod)
{
Authctxt *authctxt = ssh->authctxt;
+ Authmethod *m = NULL;
+ const char *method = packet_method;
char *methods;
int r, partial = 0;
- if (!authctxt->valid && authenticated)
- fatal("INTERNAL ERROR: authenticated invalid user %s",
- authctxt->user);
- if (authenticated && authctxt->postponed)
- fatal("INTERNAL ERROR: authenticated and postponed");
+ if (authenticated) {
+ if (!authctxt->valid) {
+ fatal("INTERNAL ERROR: authenticated invalid user %s",
+ authctxt->user);
+ }
+ if (authctxt->postponed)
+ fatal("INTERNAL ERROR: authenticated and postponed");
+ if ((m = authmethod_lookup(authctxt, method)) == NULL)
+ fatal("INTERNAL ERROR: bad method %s", method);
+ method = m->name; /* prefer primary name to possible synonym */
+ }
/* Special handling for root */
if (authenticated && authctxt->pw->pw_uid == 0 &&
for (i = 0; authmethods[i] != NULL; i++)
if (authmethods[i]->enabled != NULL &&
*(authmethods[i]->enabled) != 0 &&
- strcmp(name, authmethods[i]->name) == 0 &&
+ (strcmp(name, authmethods[i]->name) == 0 ||
+ (authmethods[i]->synonym != NULL &&
+ strcmp(name, authmethods[i]->synonym) == 0)) &&
auth2_method_allowed(authctxt,
authmethods[i]->name, NULL))
return authmethods[i];
projects / openbsd / commitdiff