diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-02-11 09:44:42 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-02-11 20:48:16 +1100 |
commit | 5c68ea8da790d711e6dd5f4c30d089c54032c59a (patch) | |
tree | 954417129df7d64e39781ba826652b7988c1f48d | |
parent | a8c807f1956f81a92a758d3d0237d0ff06d0be5d (diff) |
upstream: cleanup GSSAPI authentication context after completion of the
authmethod. Move function-static GSSAPI state to the client Authctxt
structure. Make static a bunch of functions that aren't used outside this
file.
Based on patch from Markus Schmidt <markus@blueflash.cc>; ok markus@
OpenBSD-Commit-ID: 497fb792c0ddb4f1ba631b6eed526861f115dbe5
-rw-r--r-- | sshconnect2.c | 155 |
1 files changed, 88 insertions, 67 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 2aa7b9933..6d37e92f7 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.301 2019/01/21 10:38:54 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.302 2019/02/11 09:44:42 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -265,6 +265,11 @@ struct cauthctxt { | |||
265 | struct cauthmethod *method; | 265 | struct cauthmethod *method; |
266 | sig_atomic_t success; | 266 | sig_atomic_t success; |
267 | char *authlist; | 267 | char *authlist; |
268 | #ifdef GSSAPI | ||
269 | /* gssapi */ | ||
270 | gss_OID_set gss_supported_mechs; | ||
271 | u_int mech_tried; | ||
272 | #endif | ||
268 | /* pubkey */ | 273 | /* pubkey */ |
269 | struct idlist keys; | 274 | struct idlist keys; |
270 | int agent_fd; | 275 | int agent_fd; |
@@ -289,37 +294,36 @@ struct cauthmethod { | |||
289 | int *batch_flag; /* flag in option struct that disables method */ | 294 | int *batch_flag; /* flag in option struct that disables method */ |
290 | }; | 295 | }; |
291 | 296 | ||
292 | int input_userauth_service_accept(int, u_int32_t, struct ssh *); | 297 | static int input_userauth_service_accept(int, u_int32_t, struct ssh *); |
293 | int input_userauth_ext_info(int, u_int32_t, struct ssh *); | 298 | static int input_userauth_ext_info(int, u_int32_t, struct ssh *); |
294 | int input_userauth_success(int, u_int32_t, struct ssh *); | 299 | static int input_userauth_success(int, u_int32_t, struct ssh *); |
295 | int input_userauth_success_unexpected(int, u_int32_t, struct ssh *); | 300 | static int input_userauth_failure(int, u_int32_t, struct ssh *); |
296 | int input_userauth_failure(int, u_int32_t, struct ssh *); | 301 | static int input_userauth_banner(int, u_int32_t, struct ssh *); |
297 | int input_userauth_banner(int, u_int32_t, struct ssh *); | 302 | static int input_userauth_error(int, u_int32_t, struct ssh *); |
298 | int input_userauth_error(int, u_int32_t, struct ssh *); | 303 | static int input_userauth_info_req(int, u_int32_t, struct ssh *); |
299 | int input_userauth_info_req(int, u_int32_t, struct ssh *); | 304 | static int input_userauth_pk_ok(int, u_int32_t, struct ssh *); |
300 | int input_userauth_pk_ok(int, u_int32_t, struct ssh *); | 305 | static int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *); |
301 | int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *); | 306 | |
302 | 307 | static int userauth_none(struct ssh *); | |
303 | int userauth_none(struct ssh *); | 308 | static int userauth_pubkey(struct ssh *); |
304 | int userauth_pubkey(struct ssh *); | 309 | static void userauth_pubkey_cleanup(struct ssh *); |
305 | int userauth_passwd(struct ssh *); | 310 | static int userauth_passwd(struct ssh *); |
306 | int userauth_kbdint(struct ssh *); | 311 | static int userauth_kbdint(struct ssh *); |
307 | int userauth_hostbased(struct ssh *); | 312 | static int userauth_hostbased(struct ssh *); |
308 | 313 | ||
309 | #ifdef GSSAPI | 314 | #ifdef GSSAPI |
310 | int userauth_gssapi(struct ssh *); | 315 | static int userauth_gssapi(struct ssh *); |
311 | int input_gssapi_response(int type, u_int32_t, struct ssh *); | 316 | static void userauth_gssapi_cleanup(struct ssh *); |
312 | int input_gssapi_token(int type, u_int32_t, struct ssh *); | 317 | static int input_gssapi_response(int type, u_int32_t, struct ssh *); |
313 | int input_gssapi_hash(int type, u_int32_t, struct ssh *); | 318 | static int input_gssapi_token(int type, u_int32_t, struct ssh *); |
314 | int input_gssapi_error(int, u_int32_t, struct ssh *); | 319 | static int input_gssapi_error(int, u_int32_t, struct ssh *); |
315 | int input_gssapi_errtok(int, u_int32_t, struct ssh *); | 320 | static int input_gssapi_errtok(int, u_int32_t, struct ssh *); |
316 | #endif | 321 | #endif |
317 | 322 | ||
318 | void userauth(struct ssh *, char *); | 323 | void userauth(struct ssh *, char *); |
319 | 324 | ||
320 | static int sign_and_send_pubkey(struct ssh *ssh, Identity *); | 325 | static int sign_and_send_pubkey(struct ssh *ssh, Identity *); |
321 | static void pubkey_prepare(Authctxt *); | 326 | static void pubkey_prepare(Authctxt *); |
322 | static void pubkey_cleanup(Authctxt *); | ||
323 | static void pubkey_reset(Authctxt *); | 327 | static void pubkey_reset(Authctxt *); |
324 | static struct sshkey *load_identity_file(Identity *); | 328 | static struct sshkey *load_identity_file(Identity *); |
325 | 329 | ||
@@ -331,7 +335,7 @@ Authmethod authmethods[] = { | |||
331 | #ifdef GSSAPI | 335 | #ifdef GSSAPI |
332 | {"gssapi-with-mic", | 336 | {"gssapi-with-mic", |
333 | userauth_gssapi, | 337 | userauth_gssapi, |
334 | NULL, | 338 | userauth_gssapi_cleanup, |
335 | &options.gss_authentication, | 339 | &options.gss_authentication, |
336 | NULL}, | 340 | NULL}, |
337 | #endif | 341 | #endif |
@@ -342,7 +346,7 @@ Authmethod authmethods[] = { | |||
342 | NULL}, | 346 | NULL}, |
343 | {"publickey", | 347 | {"publickey", |
344 | userauth_pubkey, | 348 | userauth_pubkey, |
345 | NULL, | 349 | userauth_pubkey_cleanup, |
346 | &options.pubkey_authentication, | 350 | &options.pubkey_authentication, |
347 | NULL}, | 351 | NULL}, |
348 | {"keyboard-interactive", | 352 | {"keyboard-interactive", |
@@ -390,6 +394,10 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, | |||
390 | authctxt.info_req_seen = 0; | 394 | authctxt.info_req_seen = 0; |
391 | authctxt.attempt_kbdint = 0; | 395 | authctxt.attempt_kbdint = 0; |
392 | authctxt.attempt_passwd = 0; | 396 | authctxt.attempt_passwd = 0; |
397 | #if GSSAPI | ||
398 | authctxt.gss_supported_mechs = NULL; | ||
399 | authctxt.mech_tried = 0; | ||
400 | #endif | ||
393 | authctxt.agent_fd = -1; | 401 | authctxt.agent_fd = -1; |
394 | pubkey_prepare(&authctxt); | 402 | pubkey_prepare(&authctxt); |
395 | if (authctxt.method == NULL) { | 403 | if (authctxt.method == NULL) { |
@@ -409,7 +417,6 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, | |||
409 | ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */ | 417 | ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */ |
410 | ssh->authctxt = NULL; | 418 | ssh->authctxt = NULL; |
411 | 419 | ||
412 | pubkey_cleanup(&authctxt); | ||
413 | ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); | 420 | ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); |
414 | 421 | ||
415 | if (!authctxt.success) | 422 | if (!authctxt.success) |
@@ -418,7 +425,7 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, | |||
418 | } | 425 | } |
419 | 426 | ||
420 | /* ARGSUSED */ | 427 | /* ARGSUSED */ |
421 | int | 428 | static int |
422 | input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh) | 429 | input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh) |
423 | { | 430 | { |
424 | int r; | 431 | int r; |
@@ -450,7 +457,7 @@ input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh) | |||
450 | } | 457 | } |
451 | 458 | ||
452 | /* ARGSUSED */ | 459 | /* ARGSUSED */ |
453 | int | 460 | static int |
454 | input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh) | 461 | input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh) |
455 | { | 462 | { |
456 | return kex_input_ext_info(type, seqnr, ssh); | 463 | return kex_input_ext_info(type, seqnr, ssh); |
@@ -495,7 +502,7 @@ userauth(struct ssh *ssh, char *authlist) | |||
495 | } | 502 | } |
496 | 503 | ||
497 | /* ARGSUSED */ | 504 | /* ARGSUSED */ |
498 | int | 505 | static int |
499 | input_userauth_error(int type, u_int32_t seq, struct ssh *ssh) | 506 | input_userauth_error(int type, u_int32_t seq, struct ssh *ssh) |
500 | { | 507 | { |
501 | fatal("%s: bad message during authentication: type %d", __func__, type); | 508 | fatal("%s: bad message during authentication: type %d", __func__, type); |
@@ -503,7 +510,7 @@ input_userauth_error(int type, u_int32_t seq, struct ssh *ssh) | |||
503 | } | 510 | } |
504 | 511 | ||
505 | /* ARGSUSED */ | 512 | /* ARGSUSED */ |
506 | int | 513 | static int |
507 | input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh) | 514 | input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh) |
508 | { | 515 | { |
509 | char *msg = NULL; | 516 | char *msg = NULL; |
@@ -523,7 +530,7 @@ input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh) | |||
523 | } | 530 | } |
524 | 531 | ||
525 | /* ARGSUSED */ | 532 | /* ARGSUSED */ |
526 | int | 533 | static int |
527 | input_userauth_success(int type, u_int32_t seq, struct ssh *ssh) | 534 | input_userauth_success(int type, u_int32_t seq, struct ssh *ssh) |
528 | { | 535 | { |
529 | Authctxt *authctxt = ssh->authctxt; | 536 | Authctxt *authctxt = ssh->authctxt; |
@@ -540,7 +547,8 @@ input_userauth_success(int type, u_int32_t seq, struct ssh *ssh) | |||
540 | return 0; | 547 | return 0; |
541 | } | 548 | } |
542 | 549 | ||
543 | int | 550 | #if 0 |
551 | static int | ||
544 | input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh) | 552 | input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh) |
545 | { | 553 | { |
546 | Authctxt *authctxt = ssh->authctxt; | 554 | Authctxt *authctxt = ssh->authctxt; |
@@ -552,9 +560,10 @@ input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh) | |||
552 | authctxt->method->name); | 560 | authctxt->method->name); |
553 | return 0; | 561 | return 0; |
554 | } | 562 | } |
563 | #endif | ||
555 | 564 | ||
556 | /* ARGSUSED */ | 565 | /* ARGSUSED */ |
557 | int | 566 | static int |
558 | input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh) | 567 | input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh) |
559 | { | 568 | { |
560 | Authctxt *authctxt = ssh->authctxt; | 569 | Authctxt *authctxt = ssh->authctxt; |
@@ -609,7 +618,7 @@ format_identity(Identity *id) | |||
609 | } | 618 | } |
610 | 619 | ||
611 | /* ARGSUSED */ | 620 | /* ARGSUSED */ |
612 | int | 621 | static int |
613 | input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) | 622 | input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) |
614 | { | 623 | { |
615 | Authctxt *authctxt = ssh->authctxt; | 624 | Authctxt *authctxt = ssh->authctxt; |
@@ -680,35 +689,36 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) | |||
680 | } | 689 | } |
681 | 690 | ||
682 | #ifdef GSSAPI | 691 | #ifdef GSSAPI |
683 | int | 692 | static int |
684 | userauth_gssapi(struct ssh *ssh) | 693 | userauth_gssapi(struct ssh *ssh) |
685 | { | 694 | { |
686 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; | 695 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; |
687 | Gssctxt *gssctxt = NULL; | 696 | Gssctxt *gssctxt = NULL; |
688 | static gss_OID_set gss_supported = NULL; | ||
689 | static u_int mech = 0; | ||
690 | OM_uint32 min; | 697 | OM_uint32 min; |
691 | int r, ok = 0; | 698 | int r, ok = 0; |
699 | gss_OID mech = NULL; | ||
692 | 700 | ||
693 | /* Try one GSSAPI method at a time, rather than sending them all at | 701 | /* Try one GSSAPI method at a time, rather than sending them all at |
694 | * once. */ | 702 | * once. */ |
695 | 703 | ||
696 | if (gss_supported == NULL) | 704 | if (authctxt->gss_supported_mechs == NULL) |
697 | gss_indicate_mechs(&min, &gss_supported); | 705 | gss_indicate_mechs(&min, &authctxt->gss_supported_mechs); |
698 | 706 | ||
699 | /* Check to see if the mechanism is usable before we offer it */ | 707 | /* Check to see whether the mechanism is usable before we offer it */ |
700 | while (mech < gss_supported->count && !ok) { | 708 | while (authctxt->mech_tried < authctxt->gss_supported_mechs->count && |
709 | !ok) { | ||
710 | mech = &authctxt->gss_supported_mechs-> | ||
711 | elements[authctxt->mech_tried]; | ||
701 | /* My DER encoding requires length<128 */ | 712 | /* My DER encoding requires length<128 */ |
702 | if (gss_supported->elements[mech].length < 128 && | 713 | if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt, |
703 | ssh_gssapi_check_mechanism(&gssctxt, | 714 | mech, authctxt->host)) { |
704 | &gss_supported->elements[mech], authctxt->host)) { | ||
705 | ok = 1; /* Mechanism works */ | 715 | ok = 1; /* Mechanism works */ |
706 | } else { | 716 | } else { |
707 | mech++; | 717 | authctxt->mech_tried++; |
708 | } | 718 | } |
709 | } | 719 | } |
710 | 720 | ||
711 | if (!ok) | 721 | if (!ok || mech == NULL) |
712 | return 0; | 722 | return 0; |
713 | 723 | ||
714 | authctxt->methoddata=(void *)gssctxt; | 724 | authctxt->methoddata=(void *)gssctxt; |
@@ -718,14 +728,10 @@ userauth_gssapi(struct ssh *ssh) | |||
718 | (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 || | 728 | (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 || |
719 | (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 || | 729 | (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 || |
720 | (r = sshpkt_put_u32(ssh, 1)) != 0 || | 730 | (r = sshpkt_put_u32(ssh, 1)) != 0 || |
721 | (r = sshpkt_put_u32(ssh, | 731 | (r = sshpkt_put_u32(ssh, (mech->length) + 2)) != 0 || |
722 | (gss_supported->elements[mech].length) + 2)) != 0 || | ||
723 | (r = sshpkt_put_u8(ssh, SSH_GSS_OIDTYPE)) != 0 || | 732 | (r = sshpkt_put_u8(ssh, SSH_GSS_OIDTYPE)) != 0 || |
724 | (r = sshpkt_put_u8(ssh, | 733 | (r = sshpkt_put_u8(ssh, mech->length)) != 0 || |
725 | gss_supported->elements[mech].length)) != 0 || | 734 | (r = sshpkt_put(ssh, mech->elements, mech->length)) != 0 || |
726 | (r = sshpkt_put(ssh, | ||
727 | gss_supported->elements[mech].elements, | ||
728 | gss_supported->elements[mech].length)) != 0 || | ||
729 | (r = sshpkt_send(ssh)) != 0) | 735 | (r = sshpkt_send(ssh)) != 0) |
730 | fatal("%s: %s", __func__, ssh_err(r)); | 736 | fatal("%s: %s", __func__, ssh_err(r)); |
731 | 737 | ||
@@ -734,11 +740,24 @@ userauth_gssapi(struct ssh *ssh) | |||
734 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error); | 740 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error); |
735 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); | 741 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); |
736 | 742 | ||
737 | mech++; /* Move along to next candidate */ | 743 | authctxt->mech_tried++; /* Move along to next candidate */ |
738 | 744 | ||
739 | return 1; | 745 | return 1; |
740 | } | 746 | } |
741 | 747 | ||
748 | static void | ||
749 | userauth_gssapi_cleanup(struct ssh *ssh) | ||
750 | { | ||
751 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; | ||
752 | Gssctxt *gssctxt = (Gssctxt *)authctxt->methoddata; | ||
753 | |||
754 | ssh_gssapi_delete_ctx(&gssctxt); | ||
755 | authctxt->methoddata = NULL; | ||
756 | |||
757 | free(authctxt->gss_supported_mechs); | ||
758 | authctxt->gss_supported_mechs = NULL; | ||
759 | } | ||
760 | |||
742 | static OM_uint32 | 761 | static OM_uint32 |
743 | process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok) | 762 | process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok) |
744 | { | 763 | { |
@@ -806,7 +825,7 @@ process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok) | |||
806 | } | 825 | } |
807 | 826 | ||
808 | /* ARGSUSED */ | 827 | /* ARGSUSED */ |
809 | int | 828 | static int |
810 | input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh) | 829 | input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh) |
811 | { | 830 | { |
812 | Authctxt *authctxt = ssh->authctxt; | 831 | Authctxt *authctxt = ssh->authctxt; |
@@ -851,7 +870,7 @@ input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh) | |||
851 | } | 870 | } |
852 | 871 | ||
853 | /* ARGSUSED */ | 872 | /* ARGSUSED */ |
854 | int | 873 | static int |
855 | input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) | 874 | input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) |
856 | { | 875 | { |
857 | Authctxt *authctxt = ssh->authctxt; | 876 | Authctxt *authctxt = ssh->authctxt; |
@@ -884,7 +903,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) | |||
884 | } | 903 | } |
885 | 904 | ||
886 | /* ARGSUSED */ | 905 | /* ARGSUSED */ |
887 | int | 906 | static int |
888 | input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) | 907 | input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) |
889 | { | 908 | { |
890 | Authctxt *authctxt = ssh->authctxt; | 909 | Authctxt *authctxt = ssh->authctxt; |
@@ -919,7 +938,7 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) | |||
919 | } | 938 | } |
920 | 939 | ||
921 | /* ARGSUSED */ | 940 | /* ARGSUSED */ |
922 | int | 941 | static int |
923 | input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) | 942 | input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) |
924 | { | 943 | { |
925 | char *msg = NULL; | 944 | char *msg = NULL; |
@@ -940,7 +959,7 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) | |||
940 | } | 959 | } |
941 | #endif /* GSSAPI */ | 960 | #endif /* GSSAPI */ |
942 | 961 | ||
943 | int | 962 | static int |
944 | userauth_none(struct ssh *ssh) | 963 | userauth_none(struct ssh *ssh) |
945 | { | 964 | { |
946 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; | 965 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; |
@@ -956,7 +975,7 @@ userauth_none(struct ssh *ssh) | |||
956 | return 1; | 975 | return 1; |
957 | } | 976 | } |
958 | 977 | ||
959 | int | 978 | static int |
960 | userauth_passwd(struct ssh *ssh) | 979 | userauth_passwd(struct ssh *ssh) |
961 | { | 980 | { |
962 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; | 981 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; |
@@ -997,7 +1016,7 @@ userauth_passwd(struct ssh *ssh) | |||
997 | * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST | 1016 | * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST |
998 | */ | 1017 | */ |
999 | /* ARGSUSED */ | 1018 | /* ARGSUSED */ |
1000 | int | 1019 | static int |
1001 | input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh) | 1020 | input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh) |
1002 | { | 1021 | { |
1003 | Authctxt *authctxt = ssh->authctxt; | 1022 | Authctxt *authctxt = ssh->authctxt; |
@@ -1619,8 +1638,10 @@ pubkey_prepare(Authctxt *authctxt) | |||
1619 | } | 1638 | } |
1620 | 1639 | ||
1621 | static void | 1640 | static void |
1622 | pubkey_cleanup(Authctxt *authctxt) | 1641 | userauth_pubkey_cleanup(struct ssh *ssh) |
1623 | { | 1642 | { |
1643 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; | ||
1644 | |||
1624 | Identity *id; | 1645 | Identity *id; |
1625 | 1646 | ||
1626 | if (authctxt->agent_fd != -1) { | 1647 | if (authctxt->agent_fd != -1) { |
@@ -1659,7 +1680,7 @@ try_identity(Identity *id) | |||
1659 | return 1; | 1680 | return 1; |
1660 | } | 1681 | } |
1661 | 1682 | ||
1662 | int | 1683 | static int |
1663 | userauth_pubkey(struct ssh *ssh) | 1684 | userauth_pubkey(struct ssh *ssh) |
1664 | { | 1685 | { |
1665 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; | 1686 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; |
@@ -1707,7 +1728,7 @@ userauth_pubkey(struct ssh *ssh) | |||
1707 | /* | 1728 | /* |
1708 | * Send userauth request message specifying keyboard-interactive method. | 1729 | * Send userauth request message specifying keyboard-interactive method. |
1709 | */ | 1730 | */ |
1710 | int | 1731 | static int |
1711 | userauth_kbdint(struct ssh *ssh) | 1732 | userauth_kbdint(struct ssh *ssh) |
1712 | { | 1733 | { |
1713 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; | 1734 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; |
@@ -1740,7 +1761,7 @@ userauth_kbdint(struct ssh *ssh) | |||
1740 | /* | 1761 | /* |
1741 | * parse INFO_REQUEST, prompt user and send INFO_RESPONSE | 1762 | * parse INFO_REQUEST, prompt user and send INFO_RESPONSE |
1742 | */ | 1763 | */ |
1743 | int | 1764 | static int |
1744 | input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh) | 1765 | input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh) |
1745 | { | 1766 | { |
1746 | Authctxt *authctxt = ssh->authctxt; | 1767 | Authctxt *authctxt = ssh->authctxt; |
@@ -1920,7 +1941,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, | |||
1920 | return 0; | 1941 | return 0; |
1921 | } | 1942 | } |
1922 | 1943 | ||
1923 | int | 1944 | static int |
1924 | userauth_hostbased(struct ssh *ssh) | 1945 | userauth_hostbased(struct ssh *ssh) |
1925 | { | 1946 | { |
1926 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; | 1947 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; |