diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2024-05-17 00:30:25 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2024-05-17 00:30:25 +0000 |
| commit | 2c87a6032f7ec6066283b7550d947561a47cac6c (patch) | |
| tree | cf440344524115f50b312535e60a4f2bdfc52ac8 /usr.bin/ssh/auth2-hostbased.c | |
| parent | 047b0d2e6070784d0516688b40c02107e6eb1451 (diff) | |
Start the process of splitting sshd into separate binaries. This step
splits sshd into a listener and a session binary. More splits are
planned.
After this changes, the listener binary will validate the configuration,
load the hostkeys, listen on port 22 and manage MaxStartups only. All
session handling will be performed by a new sshd-session binary that the
listener fork+execs.
This reduces the listener process to the minimum necessary and sets us
up for future work on the sshd-session binary.
feedback/ok markus@ deraadt@
NB. if you're updating via source, please restart sshd after installing,
otherwise you run the risk of locking yourself out.
Diffstat (limited to 'usr.bin/ssh/auth2-hostbased.c')
| -rw-r--r-- | usr.bin/ssh/auth2-hostbased.c | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/usr.bin/ssh/auth2-hostbased.c b/usr.bin/ssh/auth2-hostbased.c index 644d7bea89d..e2214175246 100644 --- a/usr.bin/ssh/auth2-hostbased.c +++ b/usr.bin/ssh/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.52 2023/03/05 05:34:09 dtucker Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.53 2024/05/17 00:30:23 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -53,6 +53,7 @@ /* import */ extern ServerOptions options; +extern struct authmethod_cfg methodcfg_hostbased; static int userauth_hostbased(struct ssh *ssh, const char *method) @@ -144,10 +145,10 @@ userauth_hostbased(struct ssh *ssh, const char *method) /* test for allowed key and correct signature */ authenticated = 0; - if (PRIVSEP(hostbased_key_allowed(ssh, authctxt->pw, cuser, - chost, key)) && - PRIVSEP(sshkey_verify(key, sig, slen, - sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat, NULL)) == 0) + if (mm_hostbased_key_allowed(ssh, authctxt->pw, cuser, + chost, key) && + mm_sshkey_verify(key, sig, slen, + sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat, NULL) == 0) authenticated = 1; auth2_record_key(authctxt, authenticated, key); @@ -251,8 +252,6 @@ hostbased_key_allowed(struct ssh *ssh, struct passwd *pw, } Authmethod method_hostbased = { - "hostbased", - NULL, + &methodcfg_hostbased, userauth_hostbased, - &options.hostbased_authentication }; |