upstream: switch over to the new authorized_keys options API and

remove the legacy one.

Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file lines.

feedback and ok markus@

OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df

1 files changed, 10 insertions, 2 deletions

diff --git a/sshd.c b/sshd.c
index 0b9a7ec46..fd95b681b 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.505 2018/02/23 15:58:38 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.506 2018/03/03 03:15:51 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -119,6 +119,7 @@
 #endif
 #include "monitor_wrap.h"
 #include "ssh-sandbox.h"
+#include "auth-options.h"
 #include "version.h"
 #include "ssherr.h"
 
@@ -232,6 +233,9 @@ static int privsep_chroot = 1;
 /* global authentication context */
 Authctxt *the_authctxt = NULL;
 
+/* global key/cert auth options. XXX move to permanent ssh->authctxt? */
+struct sshauthopt *auth_opts = NULL;
+
 /* sshd_config buffer */
 Buffer cfg;
 
@@ -2066,6 +2070,10 @@ main(int ac, char **av)
         /* XXX global for cleanup, access from other modules */
         the_authctxt = authctxt;
 
+        /* Set default key authentication options */
+        if ((auth_opts = sshauthopt_new_with_keys_defaults()) == NULL)
+                fatal("allocation failed");
+
         /* prepare buffer to collect messages to display to user after login */
         buffer_init(&loginmsg);
         auth_debug_reset();
@@ -2122,7 +2130,7 @@ main(int ac, char **av)
 #ifdef USE_PAM
         if (options.use_pam) {
                 do_pam_setcred(1);
-                do_pam_session();
+                do_pam_session(ssh);
         }
 #endif