summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--auth.h5
-rw-r--r--auth2-gss.c5
-rw-r--r--auth2-hostbased.c7
-rw-r--r--auth2-kbdint.c5
-rw-r--r--auth2-none.c5
-rw-r--r--auth2-passwd.c5
-rw-r--r--auth2-pubkey.c7
-rw-r--r--auth2.c28
8 files changed, 42 insertions, 25 deletions
diff --git a/auth.h b/auth.h
index 43c7d3d40..a65d8fd02 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.101 2020/12/22 00:12:22 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.102 2021/12/19 22:12:07 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -104,7 +104,8 @@ struct Authctxt {
struct Authmethod {
char *name;
- int (*userauth)(struct ssh *);
+ char *synonym;
+ int (*userauth)(struct ssh *, const char *);
int *enabled;
};
diff --git a/auth2-gss.c b/auth2-gss.c
index 60e36961c..2062609d9 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-gss.c,v 1.32 2021/01/27 10:15:08 djm Exp $ */
+/* $OpenBSD: auth2-gss.c,v 1.33 2021/12/19 22:12:07 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -60,7 +60,7 @@ static int input_gssapi_errtok(int, u_int32_t, struct ssh *);
* how to check local user kuserok and the like)
*/
static int
-userauth_gssapi(struct ssh *ssh)
+userauth_gssapi(struct ssh *ssh, const char *method)
{
Authctxt *authctxt = ssh->authctxt;
gss_OID_desc goid = {0, NULL};
@@ -329,6 +329,7 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
Authmethod method_gssapi = {
"gssapi-with-mic",
+ NULL,
userauth_gssapi,
&options.gss_authentication
};
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index 3a29126c3..10f9ea14f 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.47 2021/07/23 03:37:52 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.48 2021/12/19 22:12:07 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -57,7 +57,7 @@
extern ServerOptions options;
static int
-userauth_hostbased(struct ssh *ssh)
+userauth_hostbased(struct ssh *ssh, const char *method)
{
Authctxt *authctxt = ssh->authctxt;
struct sshbuf *b;
@@ -132,7 +132,7 @@ userauth_hostbased(struct ssh *ssh)
(r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
(r = sshbuf_put_cstring(b, authctxt->user)) != 0 ||
(r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
- (r = sshbuf_put_cstring(b, "hostbased")) != 0 ||
+ (r = sshbuf_put_cstring(b, method)) != 0 ||
(r = sshbuf_put_string(b, pkalg, alen)) != 0 ||
(r = sshbuf_put_string(b, pkblob, blen)) != 0 ||
(r = sshbuf_put_cstring(b, chost)) != 0 ||
@@ -255,6 +255,7 @@ hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
Authmethod method_hostbased = {
"hostbased",
+ NULL,
userauth_hostbased,
&options.hostbased_authentication
};
diff --git a/auth2-kbdint.c b/auth2-kbdint.c
index 037139d44..ae7eca3b8 100644
--- a/auth2-kbdint.c
+++ b/auth2-kbdint.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-kbdint.c,v 1.13 2021/07/02 05:11:20 dtucker Exp $ */
+/* $OpenBSD: auth2-kbdint.c,v 1.14 2021/12/19 22:12:07 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -44,7 +44,7 @@
extern ServerOptions options;
static int
-userauth_kbdint(struct ssh *ssh)
+userauth_kbdint(struct ssh *ssh, const char *method)
{
int r, authenticated = 0;
char *lang, *devs;
@@ -66,6 +66,7 @@ userauth_kbdint(struct ssh *ssh)
Authmethod method_kbdint = {
"keyboard-interactive",
+ NULL,
userauth_kbdint,
&options.kbd_interactive_authentication
};
diff --git a/auth2-none.c b/auth2-none.c
index 02d6e341c..d9f97223c 100644
--- a/auth2-none.c
+++ b/auth2-none.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-none.c,v 1.23 2020/10/18 11:32:01 djm Exp $ */
+/* $OpenBSD: auth2-none.c,v 1.24 2021/12/19 22:12:07 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -59,7 +59,7 @@ extern ServerOptions options;
static int none_enabled = 1;
static int
-userauth_none(struct ssh *ssh)
+userauth_none(struct ssh *ssh, const char *method)
{
int r;
@@ -73,6 +73,7 @@ userauth_none(struct ssh *ssh)
Authmethod method_none = {
"none",
+ NULL,
userauth_none,
&none_enabled
};
diff --git a/auth2-passwd.c b/auth2-passwd.c
index be4b8606a..f8a6dbc19 100644
--- a/auth2-passwd.c
+++ b/auth2-passwd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-passwd.c,v 1.19 2020/10/18 11:32:01 djm Exp $ */
+/* $OpenBSD: auth2-passwd.c,v 1.20 2021/12/19 22:12:07 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -49,7 +49,7 @@
extern ServerOptions options;
static int
-userauth_passwd(struct ssh *ssh)
+userauth_passwd(struct ssh *ssh, const char *method)
{
char *password;
int authenticated = 0, r;
@@ -72,6 +72,7 @@ userauth_passwd(struct ssh *ssh)
Authmethod method_passwd = {
"password",
+ NULL,
userauth_passwd,
&options.password_authentication
};
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 2adbf5902..ed3e74c3f 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.110 2021/09/29 01:33:32 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.111 2021/12/19 22:12:07 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -86,7 +86,7 @@ format_key(const struct sshkey *key)
}
static int
-userauth_pubkey(struct ssh *ssh)
+userauth_pubkey(struct ssh *ssh, const char *method)
{
Authctxt *authctxt = ssh->authctxt;
struct passwd *pw = authctxt->pw;
@@ -192,7 +192,7 @@ userauth_pubkey(struct ssh *ssh)
if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
(r = sshbuf_put_cstring(b, userstyle)) != 0 ||
(r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
- (r = sshbuf_put_cstring(b, "publickey")) != 0 ||
+ (r = sshbuf_put_cstring(b, method)) != 0 ||
(r = sshbuf_put_u8(b, have_sig)) != 0 ||
(r = sshbuf_put_cstring(b, pkalg)) != 0 ||
(r = sshbuf_put_string(b, pkblob, blen)) != 0)
@@ -1067,6 +1067,7 @@ user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
Authmethod method_pubkey = {
"publickey",
+ NULL,
userauth_pubkey,
&options.pubkey_authentication
};
diff --git a/auth2.c b/auth2.c
index 84d0ed16e..bcc61196f 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.161 2021/04/03 06:18:40 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.162 2021/12/19 22:12:07 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -331,7 +331,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
m = authmethod_lookup(authctxt, method);
if (m != NULL && authctxt->failures < options.max_authtries) {
debug2("input_userauth_request: try method %s", method);
- authenticated = m->userauth(ssh);
+ authenticated = m->userauth(ssh, method);
}
if (!authctxt->authenticated)
ensure_minimum_time_since(tstart,
@@ -346,18 +346,26 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
}
void
-userauth_finish(struct ssh *ssh, int authenticated, const char *method,
+userauth_finish(struct ssh *ssh, int authenticated, const char *packet_method,
const char *submethod)
{
Authctxt *authctxt = ssh->authctxt;
+ Authmethod *m = NULL;
+ const char *method = packet_method;
char *methods;
int r, partial = 0;
- if (!authctxt->valid && authenticated)
- fatal("INTERNAL ERROR: authenticated invalid user %s",
- authctxt->user);
- if (authenticated && authctxt->postponed)
- fatal("INTERNAL ERROR: authenticated and postponed");
+ if (authenticated) {
+ if (!authctxt->valid) {
+ fatal("INTERNAL ERROR: authenticated invalid user %s",
+ authctxt->user);
+ }
+ if (authctxt->postponed)
+ fatal("INTERNAL ERROR: authenticated and postponed");
+ if ((m = authmethod_lookup(authctxt, method)) == NULL)
+ fatal("INTERNAL ERROR: bad method %s", method);
+ method = m->name; /* prefer primary name to possible synonym */
+ }
/* Special handling for root */
if (authenticated && authctxt->pw->pw_uid == 0 &&
@@ -504,7 +512,9 @@ authmethod_lookup(Authctxt *authctxt, const char *name)
for (i = 0; authmethods[i] != NULL; i++)
if (authmethods[i]->enabled != NULL &&
*(authmethods[i]->enabled) != 0 &&
- strcmp(name, authmethods[i]->name) == 0 &&
+ (strcmp(name, authmethods[i]->name) == 0 ||
+ (authmethods[i]->synonym != NULL &&
+ strcmp(name, authmethods[i]->synonym) == 0)) &&
auth2_method_allowed(authctxt,
authmethods[i]->name, NULL))
return authmethods[i];