Getting the authctxt

Markus Friedl markus.friedl at informatik.uni-erlangen.de
Sat Nov 25 06:09:44 EST 2000 

On Fri, Nov 24, 2000 at 06:19:58PM +0100, Florian Weimer wrote:
> My port forwarding changes require an authorization (authentication)
> context in channel_connect_to().  I'd like to change the dispatch_*
> functions so that they accept an Authctxt * instead of a void * (this
> parameter is already used this way).

void * should be replaced by a more general Context structure.
this will be necessary for the implementation of rekeying in SSH2.

moreover, i'd like to add a more general 'policy API' to ssh,
see example below. this should include not only port, but also
agent and X11 forwarding.

> In addition, I'd have to pass
> the authctxt all the way down to channel_connect_to().  As a side
> effect, it's possible to get rid of the global variable x_authctxt
> (which seems to be sort of a hack), because it's easy to provide the
> authctxt information in all places where auth_get_user() is currently
> called.

yes, this would be nice. i think that the Authctxt will be
passed to.
	do_authenticated(Authctxt *a);
	do_authenticated2(Authctxt *a);
or something similar. more integration is definitly needed
(e.g. usage of Authctxt for ssh1, too).

> In addition, server_loop() would be changed to accept a struct passwd * 
> and build a fake authctxt for it, to be compatible with the v2 code
> path.
> 
> Thoughts?

-markus

#ifndef _POLICY_H
#define _POLICY_H

typedef struct {
    char *cipher_send;
    char *cipher_receive;
} transport_info_t;

int policy_login(const char *user, const char *version, const char *service,
		 const char *clienthost, const char *clientip,
		 const char *serverhost, const char *serverip,
		 transport_info_t *tinfo, char **allowed_auths,
		 struct passwd **pw);

void policy_init(const char *user, const char *version, const char *authmethod,
		const char *clienthost, const char *clientip,
		const char *serverhost, const char *serverip);

int policy_portforward_local(const char *dsthost, int dstport,
                             const char *originhost, int originport);

int policy_portforward_remote(const char *listenhost, int listenport);

int policy_portforward_x11(int single, const char *proto);

int policy_forward_agent(void);

int policy_cmd(const char *type, const char *arg1, const char *arg2);

#endif /* _POLICY_H */

More information about the openssh-unix-dev mailing list