[openssh-commits] [openssh] 02/02: upstream: split method list search functionality from
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Dec 27 10:40:31 AEDT 2021
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 6b977f8080a32c5b3cbb9edb634b9d5789fb79be
Author: djm at openbsd.org <djm at openbsd.org>
Date: Sun Dec 26 23:34:41 2021 +0000
upstream: split method list search functionality from
authmethod_lookup() into a separate authmethod_byname(), for cases where we
don't need to check whether a method is enabled, etc.
use this to fix the "none" authentication method regression reported
by Nam Nguyen via bugs@
ok deraadt@
OpenBSD-Commit-ID: 8cd188dc3a83aa8abe5b7693e762975cd8ea8a17
---
auth2.c | 51 +++++++++++++++++++++++++++++++++++----------------
1 file changed, 35 insertions(+), 16 deletions(-)
diff --git a/auth2.c b/auth2.c
index bcc61196..6ae27bd4 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.162 2021/12/19 22:12:07 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.163 2021/12/26 23:34:41 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -92,6 +92,7 @@ static int input_service_request(int, u_int32_t, struct ssh *);
static int input_userauth_request(int, u_int32_t, struct ssh *);
/* helper */
+static Authmethod *authmethod_byname(const char *);
static Authmethod *authmethod_lookup(Authctxt *, const char *);
static char *authmethods_get(Authctxt *authctxt);
@@ -362,9 +363,10 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *packet_method,
}
if (authctxt->postponed)
fatal("INTERNAL ERROR: authenticated and postponed");
- if ((m = authmethod_lookup(authctxt, method)) == NULL)
+ /* prefer primary authmethod name to possible synonym */
+ if ((m = authmethod_byname(method)) == NULL)
fatal("INTERNAL ERROR: bad method %s", method);
- method = m->name; /* prefer primary name to possible synonym */
+ method = m->name;
}
/* Special handling for root */
@@ -504,25 +506,42 @@ authmethods_get(Authctxt *authctxt)
}
static Authmethod *
-authmethod_lookup(Authctxt *authctxt, const char *name)
+authmethod_byname(const char *name)
{
int i;
- if (name != NULL)
- for (i = 0; authmethods[i] != NULL; i++)
- if (authmethods[i]->enabled != NULL &&
- *(authmethods[i]->enabled) != 0 &&
- (strcmp(name, authmethods[i]->name) == 0 ||
- (authmethods[i]->synonym != NULL &&
- strcmp(name, authmethods[i]->synonym) == 0)) &&
- auth2_method_allowed(authctxt,
- authmethods[i]->name, NULL))
- return authmethods[i];
- debug2("Unrecognized authentication method name: %s",
- name ? name : "NULL");
+ if (name == NULL)
+ fatal_f("NULL authentication method name");
+ for (i = 0; authmethods[i] != NULL; i++) {
+ if (strcmp(name, authmethods[i]->name) == 0 ||
+ (authmethods[i]->synonym != NULL &&
+ strcmp(name, authmethods[i]->synonym) == 0))
+ return authmethods[i];
+ }
+ debug_f("unrecognized authentication method name: %s", name);
return NULL;
}
+static Authmethod *
+authmethod_lookup(Authctxt *authctxt, const char *name)
+{
+ Authmethod *method;
+
+ if ((method = authmethod_byname(name)) == NULL)
+ return NULL;
+
+ if (method->enabled == NULL || *(method->enabled) == 0) {
+ debug3_f("method %s not enabled", name);
+ return NULL;
+ }
+ if (!auth2_method_allowed(authctxt, method->name, NULL)) {
+ debug3_f("method %s not allowed "
+ "by AuthenticationMethods", name);
+ return NULL;
+ }
+ return method;
+}
+
/*
* Check a comma-separated list of methods for validity. Is need_enable is
* non-zero, then also require that the methods are enabled.
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list