/* Clear context and callbacks */ void auth2_jpake_stop(Authctxt *authctxt) { /* unregister callbacks */ dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1, NULL); dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2, NULL); dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM, NULL); if (authctxt->jpake_ctx != NULL) { jpake_free(authctxt->jpake_ctx); authctxt->jpake_ctx = NULL; } }
/* Clear context and callbacks */ void auth2_jpake_stop(struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; /* unregister callbacks */ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1, NULL); ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2, NULL); ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM, NULL); if (authctxt->jpake_ctx != NULL) { jpake_free(authctxt->jpake_ctx); authctxt->jpake_ctx = NULL; } }
void monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) { struct mon_table *ent; int authenticated = 0; debug3("preauth child monitor started"); authctxt = _authctxt; memset(authctxt, 0, sizeof(*authctxt)); if (compat20) { mon_dispatch = mon_dispatch_proto20; /* Permit requests for moduli and signatures */ monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); } else { mon_dispatch = mon_dispatch_proto15; monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); } /* The first few requests do not require asynchronous access */ while (!authenticated) { auth_method = "unknown"; authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); if (authenticated) { if (!(ent->flags & MON_AUTHDECIDE)) fatal("%s: unexpected authentication from %d", __func__, ent->type); if (authctxt->pw->pw_uid == 0 && !auth_root_allowed(auth_method)) authenticated = 0; } if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { auth_log(authctxt, authenticated, auth_method, compat20 ? " ssh2" : ""); if (!authenticated) authctxt->failures++; } #ifdef JPAKE /* Cleanup JPAKE context after authentication */ if (ent->flags & MON_AUTHDECIDE) { if (authctxt->jpake_ctx != NULL) { jpake_free(authctxt->jpake_ctx); authctxt->jpake_ctx = NULL; } } #endif } if (!authctxt->valid) fatal("%s: authenticated invalid user", __func__); if (strcmp(auth_method, "unknown") == 0) fatal("%s: authentication method name unknown", __func__); debug("%s: %s has been authenticated by privileged process", __func__, authctxt->user); mm_get_keystate(pmonitor); }