input_userauth_request() vs. stateful authmethods

Markus Friedl Markus.Friedl at informatik.uni-erlangen.de
Mon Apr 9 21:08:28 EST 2001


please try the sources from the CVS, these should be fixed.

On Mon, Apr 09, 2001 at 07:58:11PM +0900, Tom Holroyd wrote:
> The way things are now, input_userauth_request() calls the authmethod,
> and then does a bunch of checks, like the special case for root.  If
> an authmethod requires a challenge-response conversation, these checks are
> skipped, unless they are duplicated by the authmethod.  For example, in
> auth2-chall.c, some of the code is duplicated (logging, sending the
> reply), but the root special case is skipped.
> 
> One way to fix this, and make life easier for authmethods that require
> some state to be hauled around, is to take all the post-authmethod stuff
> currently in input_userauth_request(), and put it after the call to
> dispatch_run() in do_authentication2().  That would simplify that code
> (it's currently mostly conditional on 'authenticated') and ensure that
> the root & other tests get done all the time.  (You might want to leave
> the auth_log() call in there, so debug sessions keep the "Postponed"
> entries.)
> 
> Dr. Tom Holroyd
> "I am, as I said, inspired by the biological phenomena in which
> chemical forces are used in repetitious fashion to produce all
> kinds of weird effects (one of which is the author)."
> 	-- Richard Feynman, _There's Plenty of Room at the Bottom_
> 
> 



More information about the openssh-unix-dev mailing list