summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--auth.h10
-rw-r--r--auth2-chall.c31
-rw-r--r--auth2-gss.c43
-rw-r--r--auth2-hostbased.c6
-rw-r--r--auth2-kbdint.c6
-rw-r--r--auth2-none.c5
-rw-r--r--auth2-passwd.c5
-rw-r--r--auth2-pubkey.c6
-rw-r--r--auth2.c26
9 files changed, 70 insertions, 68 deletions
diff --git a/auth.h b/auth.h
index db80fd0c7..677935463 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.90 2017/05/30 08:52:19 markus Exp $ */
+/* $OpenBSD: auth.h,v 1.91 2017/05/30 14:29:59 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -91,7 +91,7 @@ struct Authctxt {
struct Authmethod {
char *name;
- int (*userauth)(Authctxt *authctxt);
+ int (*userauth)(struct ssh *);
int *enabled;
};
@@ -155,7 +155,7 @@ void auth_info(Authctxt *authctxt, const char *, ...)
__attribute__((__nonnull__ (2)));
void auth_log(Authctxt *, int, int, const char *, const char *);
void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn));
-void userauth_finish(Authctxt *, int, const char *, const char *);
+void userauth_finish(struct ssh *, int, const char *, const char *);
int auth_root_allowed(const char *);
void userauth_send_banner(const char *);
@@ -168,8 +168,8 @@ int auth2_method_allowed(Authctxt *, const char *, const char *);
void privsep_challenge_enable(void);
-int auth2_challenge(Authctxt *, char *);
-void auth2_challenge_stop(Authctxt *);
+int auth2_challenge(struct ssh *, char *);
+void auth2_challenge_stop(struct ssh *);
int bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **);
int bsdauth_respond(void *, u_int, char **);
int skey_query(void *, char **, char **, u_int *, char ***, u_int **);
diff --git a/auth2-chall.c b/auth2-chall.c
index 954eb4e18..11c8d31b3 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-chall.c,v 1.47 2017/05/30 14:23:52 markus Exp $ */
+/* $OpenBSD: auth2-chall.c,v 1.48 2017/05/30 14:29:59 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2001 Per Allansson. All rights reserved.
@@ -47,7 +47,7 @@
/* import */
extern ServerOptions options;
-static int auth2_challenge_start(Authctxt *);
+static int auth2_challenge_start(struct ssh *);
static int send_userauth_info_request(Authctxt *);
static int input_userauth_info_response(int, u_int32_t, struct ssh *);
@@ -195,8 +195,9 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt)
* wait for the response.
*/
int
-auth2_challenge(Authctxt *authctxt, char *devs)
+auth2_challenge(struct ssh *ssh, char *devs)
{
+ Authctxt *authctxt = ssh->authctxt;
debug("auth2_challenge: user=%s devs=%s",
authctxt->user ? authctxt->user : "<nouser>",
devs ? devs : "<no devs>");
@@ -205,15 +206,16 @@ auth2_challenge(Authctxt *authctxt, char *devs)
return 0;
if (authctxt->kbdintctxt == NULL)
authctxt->kbdintctxt = kbdint_alloc(devs);
- return auth2_challenge_start(authctxt);
+ return auth2_challenge_start(ssh);
}
/* unregister kbd-int callbacks and context */
void
-auth2_challenge_stop(Authctxt *authctxt)
+auth2_challenge_stop(struct ssh *ssh)
{
+ Authctxt *authctxt = ssh->authctxt;
/* unregister callback */
- dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
+ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
if (authctxt->kbdintctxt != NULL) {
kbdint_free(authctxt->kbdintctxt);
authctxt->kbdintctxt = NULL;
@@ -222,29 +224,30 @@ auth2_challenge_stop(Authctxt *authctxt)
/* side effect: sets authctxt->postponed if a reply was sent*/
static int
-auth2_challenge_start(Authctxt *authctxt)
+auth2_challenge_start(struct ssh *ssh)
{
+ Authctxt *authctxt = ssh->authctxt;
KbdintAuthctxt *kbdintctxt = authctxt->kbdintctxt;
debug2("auth2_challenge_start: devices %s",
kbdintctxt->devices ? kbdintctxt->devices : "<empty>");
if (kbdint_next_device(authctxt, kbdintctxt) == 0) {
- auth2_challenge_stop(authctxt);
+ auth2_challenge_stop(ssh);
return 0;
}
debug("auth2_challenge_start: trying authentication method '%s'",
kbdintctxt->device->name);
if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) {
- auth2_challenge_stop(authctxt);
+ auth2_challenge_stop(ssh);
return 0;
}
if (send_userauth_info_request(authctxt) == 0) {
- auth2_challenge_stop(authctxt);
+ auth2_challenge_stop(ssh);
return 0;
}
- dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
+ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_RESPONSE,
&input_userauth_info_response);
authctxt->postponed = 1;
@@ -340,14 +343,14 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh)
devicename = kbdintctxt->device->name;
if (!authctxt->postponed) {
if (authenticated) {
- auth2_challenge_stop(authctxt);
+ auth2_challenge_stop(ssh);
} else {
/* start next device */
/* may set authctxt->postponed */
- auth2_challenge_start(authctxt);
+ auth2_challenge_start(ssh);
}
}
- userauth_finish(authctxt, authenticated, "keyboard-interactive",
+ userauth_finish(ssh, authenticated, "keyboard-interactive",
devicename);
return 0;
}
diff --git a/auth2-gss.c b/auth2-gss.c
index a762747d6..680d5e712 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-gss.c,v 1.24 2017/05/30 14:23:52 markus Exp $ */
+/* $OpenBSD: auth2-gss.c,v 1.25 2017/05/30 14:29:59 markus Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -58,8 +58,9 @@ static int input_gssapi_errtok(int, u_int32_t, struct ssh *);
* how to check local user kuserok and the like)
*/
static int
-userauth_gssapi(Authctxt *authctxt)
+userauth_gssapi(struct ssh *ssh)
{
+ Authctxt *authctxt = ssh->authctxt;
gss_OID_desc goid = {0, NULL};
Gssctxt *ctxt = NULL;
int mechs;
@@ -119,8 +120,8 @@ userauth_gssapi(Authctxt *authctxt)
packet_send();
free(doid);
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
+ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
+ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
authctxt->postponed = 1;
return (0);
@@ -157,8 +158,8 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
packet_send();
}
authctxt->postponed = 0;
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
- userauth_finish(authctxt, 0, "gssapi-with-mic", NULL);
+ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+ userauth_finish(ssh, 0, "gssapi-with-mic", NULL);
} else {
if (send_tok.length != 0) {
packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
@@ -166,12 +167,12 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
packet_send();
}
if (maj_status == GSS_S_COMPLETE) {
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
if (flags & GSS_C_INTEG_FLAG)
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC,
+ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_MIC,
&input_gssapi_mic);
else
- dispatch_set(
+ ssh_dispatch_set(ssh,
SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,
&input_gssapi_exchange_complete);
}
@@ -207,8 +208,8 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
free(recv_tok.value);
/* We can't return anything to the client, even if we wanted to */
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
+ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
/* The client will have already moved on to the next auth */
@@ -241,11 +242,11 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh)
authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
authctxt->postponed = 0;
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
- userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL);
+ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
+ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
+ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
+ userauth_finish(ssh, authenticated, "gssapi-with-mic", NULL);
return 0;
}
@@ -282,11 +283,11 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
free(mic.value);
authctxt->postponed = 0;
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
- userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL);
+ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
+ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
+ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
+ userauth_finish(ssh, authenticated, "gssapi-with-mic", NULL);
return 0;
}
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index 728548396..63fe9ae65 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.29 2017/05/30 14:25:42 markus Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.30 2017/05/30 14:29:59 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -57,9 +57,9 @@ extern u_char *session_id2;
extern u_int session_id2_len;
static int
-userauth_hostbased(Authctxt *authctxt)
+userauth_hostbased(struct ssh *ssh)
{
- struct ssh *ssh = active_state; /* XXX */
+ Authctxt *authctxt = ssh->authctxt;
struct sshbuf *b;
struct sshkey *key = NULL;
char *pkalg, *cuser, *chost, *service;
diff --git a/auth2-kbdint.c b/auth2-kbdint.c
index bf75c6059..86aad8ddc 100644
--- a/auth2-kbdint.c
+++ b/auth2-kbdint.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-kbdint.c,v 1.7 2014/07/15 15:54:14 millert Exp $ */
+/* $OpenBSD: auth2-kbdint.c,v 1.8 2017/05/30 14:29:59 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -43,7 +43,7 @@
extern ServerOptions options;
static int
-userauth_kbdint(Authctxt *authctxt)
+userauth_kbdint(struct ssh *ssh)
{
int authenticated = 0;
char *lang, *devs;
@@ -55,7 +55,7 @@ userauth_kbdint(Authctxt *authctxt)
debug("keyboard-interactive devs %s", devs);
if (options.challenge_response_authentication)
- authenticated = auth2_challenge(authctxt, devs);
+ authenticated = auth2_challenge(ssh, devs);
free(devs);
free(lang);
diff --git a/auth2-none.c b/auth2-none.c
index da6e2dd12..35d25fa63 100644
--- a/auth2-none.c
+++ b/auth2-none.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-none.c,v 1.19 2017/05/30 14:27:22 markus Exp $ */
+/* $OpenBSD: auth2-none.c,v 1.20 2017/05/30 14:29:59 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -60,9 +60,8 @@ extern ServerOptions options;
static int none_enabled = 1;
static int
-userauth_none(Authctxt *authctxt)
+userauth_none(struct ssh *ssh)
{
- struct ssh *ssh = active_state; /* XXX */
int r;
none_enabled = 0;
diff --git a/auth2-passwd.c b/auth2-passwd.c
index d36b0cba3..5f7ba3244 100644
--- a/auth2-passwd.c
+++ b/auth2-passwd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-passwd.c,v 1.13 2017/05/30 14:26:49 markus Exp $ */
+/* $OpenBSD: auth2-passwd.c,v 1.14 2017/05/30 14:29:59 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -48,9 +48,8 @@
extern ServerOptions options;
static int
-userauth_passwd(Authctxt *authctxt)
+userauth_passwd(struct ssh *ssh)
{
- struct ssh *ssh = active_state; /* XXX */
char *password;
int authenticated = 0, r;
u_char change;
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index a4a091113..7a6280f8d 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.64 2017/05/30 14:10:53 markus Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.65 2017/05/30 14:29:59 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -75,9 +75,9 @@ extern u_char *session_id2;
extern u_int session_id2_len;
static int
-userauth_pubkey(Authctxt *authctxt)
+userauth_pubkey(struct ssh *ssh)
{
- struct ssh *ssh = active_state; /* XXX */
+ Authctxt *authctxt = ssh->authctxt;
struct sshbuf *b;
struct sshkey *key = NULL;
char *pkalg, *userstyle = NULL, *fp = NULL;
diff --git a/auth2.c b/auth2.c
index cfbf9d250..08ea2a802 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.139 2017/05/30 14:23:52 markus Exp $ */
+/* $OpenBSD: auth2.c,v 1.140 2017/05/30 14:29:59 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -170,9 +170,9 @@ do_authentication2(Authctxt *authctxt)
{
struct ssh *ssh = active_state; /* XXX */
ssh->authctxt = authctxt; /* XXX move to caller */
- dispatch_init(&dispatch_protocol_error);
- dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
- dispatch_run(DISPATCH_BLOCK, &authctxt->success, ssh);
+ ssh_dispatch_init(ssh, &dispatch_protocol_error);
+ ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_REQUEST, &input_service_request);
+ ssh_dispatch_run(ssh, DISPATCH_BLOCK, &authctxt->success, ssh);
ssh->authctxt = NULL;
}
@@ -193,7 +193,7 @@ input_service_request(int type, u_int32_t seq, struct ssh *ssh)
if (!authctxt->success) {
acceptit = 1;
/* now we can handle user-auth requests */
- dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request);
+ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request);
}
}
/* XXX all other service requests are denied */
@@ -269,12 +269,12 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
authctxt->user, authctxt->service, user, service);
}
/* reset state */
- auth2_challenge_stop(authctxt);
+ auth2_challenge_stop(ssh);
#ifdef GSSAPI
/* XXX move to auth2_gssapi_stop() */
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
+ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
#endif
authctxt->postponed = 0;
@@ -284,9 +284,9 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
m = authmethod_lookup(authctxt, method);
if (m != NULL && authctxt->failures < options.max_authtries) {
debug2("input_userauth_request: try method %s", method);
- authenticated = m->userauth(authctxt);
+ authenticated = m->userauth(ssh);
}
- userauth_finish(authctxt, authenticated, method, NULL);
+ userauth_finish(ssh, authenticated, method, NULL);
free(service);
free(user);
@@ -295,10 +295,10 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
}
void
-userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
+userauth_finish(struct ssh *ssh, int authenticated, const char *method,
const char *submethod)
{
- struct ssh *ssh = active_state; /* XXX */
+ Authctxt *authctxt = ssh->authctxt;
char *methods;
int partial = 0;
@@ -354,7 +354,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
if (authenticated == 1) {
/* turn off userauth */
- dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore);
+ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore);
packet_start(SSH2_MSG_USERAUTH_SUCCESS);
packet_send();
packet_write_wait();