summaryrefslogtreecommitdiffstats
path: root/monitor_wrap.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2018-03-03 04:15:51 +0100
committerDamien Miller <djm@mindrot.org>2018-03-03 04:37:16 +0100
commit7c856857607112a3dfe6414696bf4c7ab7fb0cb3 (patch)
tree48c837fc9c9e11d64862d4f54c1a886b54d8721c /monitor_wrap.c
parentupstream: Introduce a new API for handling authorized_keys options. (diff)
downloadopenssh-7c856857607112a3dfe6414696bf4c7ab7fb0cb3.tar.xz
openssh-7c856857607112a3dfe6414696bf4c7ab7fb0cb3.zip
upstream: switch over to the new authorized_keys options API and
remove the legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@ OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r--monitor_wrap.c44
1 files changed, 27 insertions, 17 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c
index cce318bc5..9666bda4b 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.98 2018/01/08 15:14:44 markus Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.99 2018/03/03 03:15:51 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -351,7 +351,7 @@ mm_inform_authserv(char *service, char *style)
/* Do the password authentication */
int
-mm_auth_password(Authctxt *authctxt, char *password)
+mm_auth_password(struct ssh *ssh, char *password)
{
Buffer m;
int authenticated = 0;
@@ -378,34 +378,38 @@ mm_auth_password(Authctxt *authctxt, char *password)
}
int
-mm_user_key_allowed(struct passwd *pw, struct sshkey *key,
- int pubkey_auth_attempt)
+mm_user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
+ int pubkey_auth_attempt, struct sshauthopt **authoptp)
{
return (mm_key_allowed(MM_USERKEY, NULL, NULL, key,
- pubkey_auth_attempt));
+ pubkey_auth_attempt, authoptp));
}
int
mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host,
struct sshkey *key)
{
- return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0));
+ return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0, NULL));
}
int
mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
- struct sshkey *key, int pubkey_auth_attempt)
+ struct sshkey *key, int pubkey_auth_attempt, struct sshauthopt **authoptp)
{
Buffer m;
u_char *blob;
u_int len;
- int allowed = 0, have_forced = 0;
+ int r, allowed = 0;
+ struct sshauthopt *opts = NULL;
debug3("%s entering", __func__);
+ if (authoptp != NULL)
+ *authoptp = NULL;
+
/* Convert the key to a blob and the pass it over */
if (!key_to_blob(key, &blob, &len))
- return (0);
+ return 0;
buffer_init(&m);
buffer_put_int(&m, type);
@@ -418,18 +422,24 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);
debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd,
+ MONITOR_ANS_KEYALLOWED, &m);
allowed = buffer_get_int(&m);
-
- /* fake forced command */
- auth_clear_options();
- have_forced = buffer_get_int(&m);
- forced_command = have_forced ? xstrdup("true") : NULL;
-
+ if (allowed && type == MM_USERKEY) {
+ if ((r = sshauthopt_deserialise(&m, &opts)) != 0)
+ fatal("%s: sshauthopt_deserialise: %s",
+ __func__, ssh_err(r));
+ }
buffer_free(&m);
- return (allowed);
+ if (authoptp != NULL) {
+ *authoptp = opts;
+ opts = NULL;
+ }
+ sshauthopt_free(opts);
+
+ return allowed;
}
/*