File 4901-ssh-Option-to-skip-initial-authentication.... of Package erlang

Overview Repositories Revisions Requests Users Attributes Meta

File 4901-ssh-Option-to-skip-initial-authentication.patch of Package erlang

From 8119b8c021c217b325d841b7ea0d8f156f389ce4 Mon Sep 17 00:00:00 2001
From: Hans Nilsson <hans@erlang.org>
Date: Thu, 2 Jun 2022 18:52:13 +0200
Subject: [PATCH 1/3] ssh: Option to skip initial authentication

---
 lib/ssh/src/ssh_auth.erl                | 20 +++++++++++++++-----
 lib/ssh/src/ssh_fsm_userauth_server.erl | 13 +++++++++----
 lib/ssh/src/ssh_options.erl             |  6 ++++++
 3 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl
index abf9e0d18a..efd1bbbabd 100644
--- a/lib/ssh/src/ssh_auth.erl
+++ b/lib/ssh/src/ssh_auth.erl
@@ -272,11 +272,21 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User,
 handle_userauth_request(#ssh_msg_userauth_request{user = User,
 						  service = "ssh-connection",
 						  method = "none"}, _,
-			#ssh{userauth_supported_methods = Methods} = Ssh) ->
-    {not_authorized, {User, undefined},
-     {#ssh_msg_userauth_failure{authentications = Methods,
-                                partial_success = false}, Ssh}
-    };
+			#ssh{userauth_supported_methods = Methods,
+                             opts = Opts} = Ssh) ->
+    case ?GET_OPT(no_auth_needed, Opts) of
+        false ->
+            %% The normal case
+            {not_authorized, {User, undefined},
+             {#ssh_msg_userauth_failure{authentications = Methods,
+                                        partial_success = false}, Ssh}
+            };
+        true ->
+            %% RFC 4252  5.2
+	    {authorized, User,
+             {#ssh_msg_userauth_success{}, Ssh}
+            }
+    end;
 
 handle_userauth_request(#ssh_msg_userauth_request{user = User,
 						  service = "ssh-connection",
diff --git a/lib/ssh/src/ssh_fsm_userauth_server.erl b/lib/ssh/src/ssh_fsm_userauth_server.erl
index 77657b4d82..0d12cb43ec 100644
--- a/lib/ssh/src/ssh_fsm_userauth_server.erl
+++ b/lib/ssh/src/ssh_fsm_userauth_server.erl
@@ -64,10 +64,15 @@ handle_event(internal,
     case {ServiceName, Ssh0#ssh.service, Method} of
 	{"ssh-connection", "ssh-connection", "none"} ->
 	    %% Probably the very first userauth_request but we deny unauthorized login
-	    {not_authorized, _, {Reply,Ssh}} =
-		ssh_auth:handle_userauth_request(Msg, Ssh0#ssh.session_id, Ssh0),
-            D = ssh_connection_handler:send_msg(Reply, D0#data{ssh_params = Ssh}),
-	    {keep_state, D};
+            %% However, we *may* accept unauthorized login if instructed so
+            case ssh_auth:handle_userauth_request(Msg, Ssh0#ssh.session_id, Ssh0) of
+                {not_authorized, _, {Reply,Ssh}} ->
+                    D = ssh_connection_handler:send_msg(Reply, D0#data{ssh_params = Ssh}),
+                    {keep_state, D};
+                {authorized, User, {Reply, Ssh1}} ->
+                    D = connected_state(Reply, Ssh1, User, Method, D0),
+                    {next_state, {connected,server}, D, {change_callback_module,ssh_connection_handler}}
+            end;
 	
 	{"ssh-connection", "ssh-connection", Method} ->
 	    %% Userauth request with a method like "password" or so
diff --git a/lib/ssh/src/ssh_options.erl b/lib/ssh/src/ssh_options.erl
index 2ea1f8c8bb..817bf2e4e2 100644
--- a/lib/ssh/src/ssh_options.erl
+++ b/lib/ssh/src/ssh_options.erl
@@ -477,6 +477,12 @@ default(server) ->
             class => user_option
            },
 
+      no_auth_needed =>
+          #{default => false,
+            chk => fun(V) -> erlang:is_boolean(V) end,
+            class => user_option
+           },
+
       pk_check_user =>
           #{default => false,
             chk => fun(V) -> erlang:is_boolean(V) end,
-- 
2.35.3

Places

File 4901-ssh-Option-to-skip-initial-authentication.patch of Package erlang

Places