diff --git a/async/examples/con1.rs b/async/examples/con1.rs
index 264eb1d34bf1698c65cd67e20c2ebdd2942988e8..c973e24d62dda393378eaeb0371dfd60c260b45c 100644
--- a/async/examples/con1.rs
+++ b/async/examples/con1.rs
@@ -161,14 +161,14 @@ async fn run(args: &Args) -> Result<()> {
let ev = door.progress(|ev| {
trace!("progress event {ev:?}");
let e = match ev {
- Event::Authenticated => Some(Event::Authenticated),
+ Event::CliAuthed => Some(Event::CliAuthed),
_ => None,
};
Ok(e)
}).await.context("progress loop")?;
match ev {
- Some(Event::Authenticated) => {
+ Some(Event::CliAuthed) => {
let mut raw_pty_guard = None;
info!("Opening a new session channel");
let (cmd, pty) = if args.cmd.is_empty() {
diff --git a/sshproto/src/async_behaviour.rs b/sshproto/src/async_behaviour.rs
index 558b98fecf2b75a694f7acaada836668f9b153fa..a180584f176495d052193f0eb94e60bc25638378 100644
--- a/sshproto/src/async_behaviour.rs
+++ b/sshproto/src/async_behaviour.rs
@@ -101,4 +101,25 @@ pub trait AsyncCliBehaviour: Sync+Send {
#[async_trait]
pub trait AsyncServBehaviour: Sync+Send {
async fn hostkeys(&self) -> BhResult<&[&sign::SignKey]>;
+
+ // TODO: or return a slice of enums
+ async fn have_auth_password(&self, username: &str) -> bool;
+ async fn have_auth_pubkey(&self, username: &str) -> bool;
+
+
+ #[allow(unused)]
+ // TODO: change password
+ async fn auth_password(&self, username: &str, password: &str) -> bool {
+ false
+ }
+
+ /// Returns true if the pubkey can be used to log in.
+ /// TODO: allow returning pubkey restriction options
+ #[allow(unused)]
+ async fn auth_pubkey(&self, username: &str, pubkey: &sign::SignKey) -> bool {
+ false
+ }
+
+ /// Returns whether a session can be opened
+ async fn open_session(&self) -> bool;
}
diff --git a/sshproto/src/auth.rs b/sshproto/src/auth.rs
index b48a9076b309d476e5064bc85d4ca22a578f1b22..03e2dd91f2ddac5fe8537d670e1ee8811f621c94 100644
--- a/sshproto/src/auth.rs
+++ b/sshproto/src/auth.rs
@@ -31,3 +31,9 @@ pub(crate) struct AuthSigMsg<'a> {
pub u: packets::UserauthRequest<'a>,
}
+#[derive(Clone, Debug)]
+pub enum AuthType {
+ Password,
+ PubKey,
+}
+
diff --git a/sshproto/src/block_behaviour.rs b/sshproto/src/block_behaviour.rs
index b63ab13b0517455a007fbec66bdad156ffc75df6..945db7fe2fbf52ac42096264772b59d813ecd165 100644
--- a/sshproto/src/block_behaviour.rs
+++ b/sshproto/src/block_behaviour.rs
@@ -87,4 +87,10 @@ pub trait BlockCliBehaviour {
pub trait BlockServBehaviour {
fn hostkeys(&self) -> BhResult<&[&sign::SignKey]>;
+
+ // fn authmethods(&self) -> [AuthMethod];
+
+ fn auth_password(&self, user: &str, password: &str) -> bool;
+
+
}
diff --git a/sshproto/src/cliauth.rs b/sshproto/src/cliauth.rs
index 47900889dda36deb50e0ac45ef5bbcd800bbcdd4..2a05c393095b93a63616b463e415e92d52f62a71 100644
--- a/sshproto/src/cliauth.rs
+++ b/sshproto/src/cliauth.rs
@@ -20,6 +20,7 @@ use sign::{SignKey, OwnedSig};
use sshnames::*;
use sshwire::{BinString, Blob};
use kex::SessId;
+use auth::AuthType;
// pub for packets::ParseContext
pub enum Req {
@@ -27,12 +28,6 @@ pub enum Req {
PubKey { key: SignKey },
}
-#[derive(Clone, Debug)]
-pub enum AuthType {
- Password,
- PubKey,
-}
-
pub(crate) enum AuthState {
Unstarted,
MethodQuery,
diff --git a/sshproto/src/conn.rs b/sshproto/src/conn.rs
index cf9fa13b6104d81fa3c6607bff075a5ff720234b..c213fd66492822f98eacd3e52f852137b0286d76 100644
--- a/sshproto/src/conn.rs
+++ b/sshproto/src/conn.rs
@@ -95,12 +95,12 @@ enum ConnState {
#[derive(Debug)]
pub enum Event<'a> {
Channel(ChanEvent<'a>),
- Authenticated,
+ CliAuthed,
}
pub(crate) enum EventMaker {
Channel(ChanEventMaker),
- Authenticated,
+ CliAuthed,
}
impl<'a> Conn<'a> {
@@ -319,7 +319,7 @@ impl<'a> Conn<'a> {
if matches!(self.state, ConnState::PreAuth) {
self.state = ConnState::Authed;
cli.auth_success(&mut resp, &mut self.parse_ctx, &mut b.client()?).await?;
- event = Some(EventMaker::Authenticated);
+ event = Some(EventMaker::CliAuthed);
} else {
debug!("Received UserauthSuccess unrequested")
}
@@ -381,7 +381,7 @@ impl<'a> Conn<'a> {
let c = cev.make(p.trap()?);
c.map(|c| Event::Channel(c))
}
- EventMaker::Authenticated => Some(Event::Authenticated),
+ EventMaker::CliAuthed => Some(Event::CliAuthed),
};
Ok(r)
}
diff --git a/sshproto/src/packets.rs b/sshproto/src/packets.rs
index 586704dc052f840bfaa2d5cb0293141797c5d06c..ed4b73c4fa947f66bdcd514286498a55e9d9e6a7 100644
--- a/sshproto/src/packets.rs
+++ b/sshproto/src/packets.rs
@@ -139,8 +139,8 @@ impl<'de: 'a, 'a> SSHDecode<'de> for Userauth60<'a> {
fn dec<S>(s: &mut S) -> WireResult<Self>
where S: SSHSource<'de> {
match s.ctx().cli_auth_type {
- Some(cliauth::AuthType::Password) => Ok(Self::PwChangeReq(SSHDecode::dec(s)?)),
- Some(cliauth::AuthType::PubKey) => Ok(Self::PkOk(SSHDecode::dec(s)?)),
+ Some(auth::AuthType::Password) => Ok(Self::PwChangeReq(SSHDecode::dec(s)?)),
+ Some(auth::AuthType::PubKey) => Ok(Self::PkOk(SSHDecode::dec(s)?)),
_ => {
trace!("Wrong packet state for userauth60");
return Err(WireError::PacketWrong)
@@ -580,7 +580,7 @@ impl core::fmt::Display for Unknown<'_> {
/// Use this so the parser can select the correct enum variant to decode.
#[derive(Default, Clone, Debug)]
pub struct ParseContext {
- pub cli_auth_type: Option<cliauth::AuthType>,
+ pub cli_auth_type: Option<auth::AuthType>,
// Used by sign_encode()
pub method_pubkey_force_sig_bool: bool,
diff --git a/sshproto/src/sshwire.rs b/sshproto/src/sshwire.rs
index 1196d98333c6e5f549aee2f69e6e4c15255fd93b..e24e0cd83687eb3690632817eba1293007581ea5 100644
--- a/sshproto/src/sshwire.rs
+++ b/sshproto/src/sshwire.rs
@@ -606,7 +606,7 @@ pub(crate) mod tests {
}).into();
let mut pw = ResponseString::new();
pw.push_str("123").unwrap();
- ctx.cli_auth_type = Some(cliauth::AuthType::Password);
+ ctx.cli_auth_type = Some(auth::AuthType::Password);
test_roundtrip_context(&p, &ctx);
// PkOk is a more interesting case because the PubKey inside it is also
@@ -618,7 +618,7 @@ pub(crate) mod tests {
})),
}).into();
let s = sign::tests::make_ed25519_signkey();
- ctx.cli_auth_type = Some(cliauth::AuthType::PubKey);
+ ctx.cli_auth_type = Some(auth::AuthType::PubKey);
test_roundtrip_context(&p, &ctx);
}
}
diff --git a/sshproto/src/traffic.rs b/sshproto/src/traffic.rs
index 551e3bcf6b7e897879b3f292cf5bbf2803326527..31269034a7460be5f6a9ea387e719eacb8a07de9 100644
--- a/sshproto/src/traffic.rs
+++ b/sshproto/src/traffic.rs
@@ -21,10 +21,10 @@ pub(crate) struct Traffic<'a> {
/// Should be sized to fit the largest packet allowed for input, or
/// sequence of packets to be sent at once (see [`conn::MAX_RESPONSES`]).
/// Contains ciphertext or cleartext, encrypted/decrypted in-place.
- /// When reading only contains a single SSH packet at a time.
/// Writing may contain multiple SSH packets to write out, encrypted
/// in-place as they are written to `buf`.
tx_buf: &'a mut [u8],
+ /// Only contains a single SSH packet at a time.
rx_buf: &'a mut [u8],
tx_state: TxState,