Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Ledest:erlang:24
erlang
4901-ssh-Option-to-skip-initial-authentication....
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 4901-ssh-Option-to-skip-initial-authentication.patch of Package erlang
From 8119b8c021c217b325d841b7ea0d8f156f389ce4 Mon Sep 17 00:00:00 2001 From: Hans Nilsson <hans@erlang.org> Date: Thu, 2 Jun 2022 18:52:13 +0200 Subject: [PATCH 1/3] ssh: Option to skip initial authentication --- lib/ssh/src/ssh_auth.erl | 20 +++++++++++++++----- lib/ssh/src/ssh_fsm_userauth_server.erl | 13 +++++++++---- lib/ssh/src/ssh_options.erl | 6 ++++++ 3 files changed, 30 insertions(+), 9 deletions(-) diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index abf9e0d18a..efd1bbbabd 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -272,11 +272,21 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, handle_userauth_request(#ssh_msg_userauth_request{user = User, service = "ssh-connection", method = "none"}, _, - #ssh{userauth_supported_methods = Methods} = Ssh) -> - {not_authorized, {User, undefined}, - {#ssh_msg_userauth_failure{authentications = Methods, - partial_success = false}, Ssh} - }; + #ssh{userauth_supported_methods = Methods, + opts = Opts} = Ssh) -> + case ?GET_OPT(no_auth_needed, Opts) of + false -> + %% The normal case + {not_authorized, {User, undefined}, + {#ssh_msg_userauth_failure{authentications = Methods, + partial_success = false}, Ssh} + }; + true -> + %% RFC 4252 5.2 + {authorized, User, + {#ssh_msg_userauth_success{}, Ssh} + } + end; handle_userauth_request(#ssh_msg_userauth_request{user = User, service = "ssh-connection", diff --git a/lib/ssh/src/ssh_fsm_userauth_server.erl b/lib/ssh/src/ssh_fsm_userauth_server.erl index 77657b4d82..0d12cb43ec 100644 --- a/lib/ssh/src/ssh_fsm_userauth_server.erl +++ b/lib/ssh/src/ssh_fsm_userauth_server.erl @@ -64,10 +64,15 @@ handle_event(internal, case {ServiceName, Ssh0#ssh.service, Method} of {"ssh-connection", "ssh-connection", "none"} -> %% Probably the very first userauth_request but we deny unauthorized login - {not_authorized, _, {Reply,Ssh}} = - ssh_auth:handle_userauth_request(Msg, Ssh0#ssh.session_id, Ssh0), - D = ssh_connection_handler:send_msg(Reply, D0#data{ssh_params = Ssh}), - {keep_state, D}; + %% However, we *may* accept unauthorized login if instructed so + case ssh_auth:handle_userauth_request(Msg, Ssh0#ssh.session_id, Ssh0) of + {not_authorized, _, {Reply,Ssh}} -> + D = ssh_connection_handler:send_msg(Reply, D0#data{ssh_params = Ssh}), + {keep_state, D}; + {authorized, User, {Reply, Ssh1}} -> + D = connected_state(Reply, Ssh1, User, Method, D0), + {next_state, {connected,server}, D, {change_callback_module,ssh_connection_handler}} + end; {"ssh-connection", "ssh-connection", Method} -> %% Userauth request with a method like "password" or so diff --git a/lib/ssh/src/ssh_options.erl b/lib/ssh/src/ssh_options.erl index 2ea1f8c8bb..817bf2e4e2 100644 --- a/lib/ssh/src/ssh_options.erl +++ b/lib/ssh/src/ssh_options.erl @@ -477,6 +477,12 @@ default(server) -> class => user_option }, + no_auth_needed => + #{default => false, + chk => fun(V) -> erlang:is_boolean(V) end, + class => user_option + }, + pk_check_user => #{default => false, chk => fun(V) -> erlang:is_boolean(V) end, -- 2.35.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor