diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-03-03 03:15:51 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-03-03 14:37:16 +1100 |
commit | 7c856857607112a3dfe6414696bf4c7ab7fb0cb3 (patch) | |
tree | 48c837fc9c9e11d64862d4f54c1a886b54d8721c /sshd.c | |
parent | 90c4bec8b5f9ec4c003ae4abdf13fc7766f00c8b (diff) |
upstream: switch over to the new authorized_keys options API and
remove the legacy one.
Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file lines.
feedback and ok markus@
OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 12 |
1 files changed, 10 insertions, 2 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.505 2018/02/23 15:58:38 markus Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.506 2018/03/03 03:15:51 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -119,6 +119,7 @@ | |||
119 | #endif | 119 | #endif |
120 | #include "monitor_wrap.h" | 120 | #include "monitor_wrap.h" |
121 | #include "ssh-sandbox.h" | 121 | #include "ssh-sandbox.h" |
122 | #include "auth-options.h" | ||
122 | #include "version.h" | 123 | #include "version.h" |
123 | #include "ssherr.h" | 124 | #include "ssherr.h" |
124 | 125 | ||
@@ -232,6 +233,9 @@ static int privsep_chroot = 1; | |||
232 | /* global authentication context */ | 233 | /* global authentication context */ |
233 | Authctxt *the_authctxt = NULL; | 234 | Authctxt *the_authctxt = NULL; |
234 | 235 | ||
236 | /* global key/cert auth options. XXX move to permanent ssh->authctxt? */ | ||
237 | struct sshauthopt *auth_opts = NULL; | ||
238 | |||
235 | /* sshd_config buffer */ | 239 | /* sshd_config buffer */ |
236 | Buffer cfg; | 240 | Buffer cfg; |
237 | 241 | ||
@@ -2066,6 +2070,10 @@ main(int ac, char **av) | |||
2066 | /* XXX global for cleanup, access from other modules */ | 2070 | /* XXX global for cleanup, access from other modules */ |
2067 | the_authctxt = authctxt; | 2071 | the_authctxt = authctxt; |
2068 | 2072 | ||
2073 | /* Set default key authentication options */ | ||
2074 | if ((auth_opts = sshauthopt_new_with_keys_defaults()) == NULL) | ||
2075 | fatal("allocation failed"); | ||
2076 | |||
2069 | /* prepare buffer to collect messages to display to user after login */ | 2077 | /* prepare buffer to collect messages to display to user after login */ |
2070 | buffer_init(&loginmsg); | 2078 | buffer_init(&loginmsg); |
2071 | auth_debug_reset(); | 2079 | auth_debug_reset(); |
@@ -2122,7 +2130,7 @@ main(int ac, char **av) | |||
2122 | #ifdef USE_PAM | 2130 | #ifdef USE_PAM |
2123 | if (options.use_pam) { | 2131 | if (options.use_pam) { |
2124 | do_pam_setcred(1); | 2132 | do_pam_setcred(1); |
2125 | do_pam_session(); | 2133 | do_pam_session(ssh); |
2126 | } | 2134 | } |
2127 | #endif | 2135 | #endif |
2128 | 2136 | ||