input_userauth_request() vs. stateful authmethods
Markus Friedl
Markus.Friedl at informatik.uni-erlangen.de
Mon Apr 9 21:08:28 EST 2001
please try the sources from the CVS, these should be fixed.
On Mon, Apr 09, 2001 at 07:58:11PM +0900, Tom Holroyd wrote:
> The way things are now, input_userauth_request() calls the authmethod,
> and then does a bunch of checks, like the special case for root. If
> an authmethod requires a challenge-response conversation, these checks are
> skipped, unless they are duplicated by the authmethod. For example, in
> auth2-chall.c, some of the code is duplicated (logging, sending the
> reply), but the root special case is skipped.
>
> One way to fix this, and make life easier for authmethods that require
> some state to be hauled around, is to take all the post-authmethod stuff
> currently in input_userauth_request(), and put it after the call to
> dispatch_run() in do_authentication2(). That would simplify that code
> (it's currently mostly conditional on 'authenticated') and ensure that
> the root & other tests get done all the time. (You might want to leave
> the auth_log() call in there, so debug sessions keep the "Postponed"
> entries.)
>
> Dr. Tom Holroyd
> "I am, as I said, inspired by the biological phenomena in which
> chemical forces are used in repetitious fashion to produce all
> kinds of weird effects (one of which is the author)."
> -- Richard Feynman, _There's Plenty of Room at the Bottom_
>
>
More information about the openssh-unix-dev
mailing list