From 01feb06a6a1723cfc43ccb36b9692083476e8c90 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sat, 30 Jul 2022 23:51:42 +0800
Subject: [PATCH] Some renaming of auth etc
---
async/examples/con1.rs | 4 ++--
sshproto/src/async_behaviour.rs | 21 +++++++++++++++++++++
sshproto/src/auth.rs | 6 ++++++
sshproto/src/block_behaviour.rs | 6 ++++++
sshproto/src/cliauth.rs | 7 +------
sshproto/src/conn.rs | 8 ++++----
sshproto/src/packets.rs | 6 +++---
sshproto/src/sshwire.rs | 4 ++--
sshproto/src/traffic.rs | 2 +-
9 files changed, 46 insertions(+), 18 deletions(-)
diff --git a/async/examples/con1.rs b/async/examples/con1.rs
index 264eb1d..c973e24 100644
--- a/async/examples/con1.rs
+++ b/async/examples/con1.rs
@@ -161,14 +161,14 @@ async fn run(args: &Args) -> Result<()> {
let ev = door.progress(|ev| {
trace!("progress event {ev:?}");
let e = match ev {
- Event::Authenticated => Some(Event::Authenticated),
+ Event::CliAuthed => Some(Event::CliAuthed),
_ => None,
};
Ok(e)
}).await.context("progress loop")?;
match ev {
- Some(Event::Authenticated) => {
+ Some(Event::CliAuthed) => {
let mut raw_pty_guard = None;
info!("Opening a new session channel");
let (cmd, pty) = if args.cmd.is_empty() {
diff --git a/sshproto/src/async_behaviour.rs b/sshproto/src/async_behaviour.rs
index 558b98f..a180584 100644
--- a/sshproto/src/async_behaviour.rs
+++ b/sshproto/src/async_behaviour.rs
@@ -101,4 +101,25 @@ pub trait AsyncCliBehaviour: Sync+Send {
#[async_trait]
pub trait AsyncServBehaviour: Sync+Send {
async fn hostkeys(&self) -> BhResult<&[&sign::SignKey]>;
+
+ // TODO: or return a slice of enums
+ async fn have_auth_password(&self, username: &str) -> bool;
+ async fn have_auth_pubkey(&self, username: &str) -> bool;
+
+
+ #[allow(unused)]
+ // TODO: change password
+ async fn auth_password(&self, username: &str, password: &str) -> bool {
+ false
+ }
+
+ /// Returns true if the pubkey can be used to log in.
+ /// TODO: allow returning pubkey restriction options
+ #[allow(unused)]
+ async fn auth_pubkey(&self, username: &str, pubkey: &sign::SignKey) -> bool {
+ false
+ }
+
+ /// Returns whether a session can be opened
+ async fn open_session(&self) -> bool;
}
diff --git a/sshproto/src/auth.rs b/sshproto/src/auth.rs
index b48a907..03e2dd9 100644
--- a/sshproto/src/auth.rs
+++ b/sshproto/src/auth.rs
@@ -31,3 +31,9 @@ pub(crate) struct AuthSigMsg<'a> {
pub u: packets::UserauthRequest<'a>,
}
+#[derive(Clone, Debug)]
+pub enum AuthType {
+ Password,
+ PubKey,
+}
+
diff --git a/sshproto/src/block_behaviour.rs b/sshproto/src/block_behaviour.rs
index b63ab13..945db7f 100644
--- a/sshproto/src/block_behaviour.rs
+++ b/sshproto/src/block_behaviour.rs
@@ -87,4 +87,10 @@ pub trait BlockCliBehaviour {
pub trait BlockServBehaviour {
fn hostkeys(&self) -> BhResult<&[&sign::SignKey]>;
+
+ // fn authmethods(&self) -> [AuthMethod];
+
+ fn auth_password(&self, user: &str, password: &str) -> bool;
+
+
}
diff --git a/sshproto/src/cliauth.rs b/sshproto/src/cliauth.rs
index 4790088..2a05c39 100644
--- a/sshproto/src/cliauth.rs
+++ b/sshproto/src/cliauth.rs
@@ -20,6 +20,7 @@ use sign::{SignKey, OwnedSig};
use sshnames::*;
use sshwire::{BinString, Blob};
use kex::SessId;
+use auth::AuthType;
// pub for packets::ParseContext
pub enum Req {
@@ -27,12 +28,6 @@ pub enum Req {
PubKey { key: SignKey },
}
-#[derive(Clone, Debug)]
-pub enum AuthType {
- Password,
- PubKey,
-}
-
pub(crate) enum AuthState {
Unstarted,
MethodQuery,
diff --git a/sshproto/src/conn.rs b/sshproto/src/conn.rs
index cf9fa13..c213fd6 100644
--- a/sshproto/src/conn.rs
+++ b/sshproto/src/conn.rs
@@ -95,12 +95,12 @@ enum ConnState {
#[derive(Debug)]
pub enum Event<'a> {
Channel(ChanEvent<'a>),
- Authenticated,
+ CliAuthed,
}
pub(crate) enum EventMaker {
Channel(ChanEventMaker),
- Authenticated,
+ CliAuthed,
}
impl<'a> Conn<'a> {
@@ -319,7 +319,7 @@ impl<'a> Conn<'a> {
if matches!(self.state, ConnState::PreAuth) {
self.state = ConnState::Authed;
cli.auth_success(&mut resp, &mut self.parse_ctx, &mut b.client()?).await?;
- event = Some(EventMaker::Authenticated);
+ event = Some(EventMaker::CliAuthed);
} else {
debug!("Received UserauthSuccess unrequested")
}
@@ -381,7 +381,7 @@ impl<'a> Conn<'a> {
let c = cev.make(p.trap()?);
c.map(|c| Event::Channel(c))
}
- EventMaker::Authenticated => Some(Event::Authenticated),
+ EventMaker::CliAuthed => Some(Event::CliAuthed),
};
Ok(r)
}
diff --git a/sshproto/src/packets.rs b/sshproto/src/packets.rs
index 586704d..ed4b73c 100644
--- a/sshproto/src/packets.rs
+++ b/sshproto/src/packets.rs
@@ -139,8 +139,8 @@ impl<'de: 'a, 'a> SSHDecode<'de> for Userauth60<'a> {
fn dec<S>(s: &mut S) -> WireResult<Self>
where S: SSHSource<'de> {
match s.ctx().cli_auth_type {
- Some(cliauth::AuthType::Password) => Ok(Self::PwChangeReq(SSHDecode::dec(s)?)),
- Some(cliauth::AuthType::PubKey) => Ok(Self::PkOk(SSHDecode::dec(s)?)),
+ Some(auth::AuthType::Password) => Ok(Self::PwChangeReq(SSHDecode::dec(s)?)),
+ Some(auth::AuthType::PubKey) => Ok(Self::PkOk(SSHDecode::dec(s)?)),
_ => {
trace!("Wrong packet state for userauth60");
return Err(WireError::PacketWrong)
@@ -580,7 +580,7 @@ impl core::fmt::Display for Unknown<'_> {
/// Use this so the parser can select the correct enum variant to decode.
#[derive(Default, Clone, Debug)]
pub struct ParseContext {
- pub cli_auth_type: Option<cliauth::AuthType>,
+ pub cli_auth_type: Option<auth::AuthType>,
// Used by sign_encode()
pub method_pubkey_force_sig_bool: bool,
diff --git a/sshproto/src/sshwire.rs b/sshproto/src/sshwire.rs
index 1196d98..e24e0cd 100644
--- a/sshproto/src/sshwire.rs
+++ b/sshproto/src/sshwire.rs
@@ -606,7 +606,7 @@ pub(crate) mod tests {
}).into();
let mut pw = ResponseString::new();
pw.push_str("123").unwrap();
- ctx.cli_auth_type = Some(cliauth::AuthType::Password);
+ ctx.cli_auth_type = Some(auth::AuthType::Password);
test_roundtrip_context(&p, &ctx);
// PkOk is a more interesting case because the PubKey inside it is also
@@ -618,7 +618,7 @@ pub(crate) mod tests {
})),
}).into();
let s = sign::tests::make_ed25519_signkey();
- ctx.cli_auth_type = Some(cliauth::AuthType::PubKey);
+ ctx.cli_auth_type = Some(auth::AuthType::PubKey);
test_roundtrip_context(&p, &ctx);
}
}
diff --git a/sshproto/src/traffic.rs b/sshproto/src/traffic.rs
index 551e3bc..3126903 100644
--- a/sshproto/src/traffic.rs
+++ b/sshproto/src/traffic.rs
@@ -21,10 +21,10 @@ pub(crate) struct Traffic<'a> {
/// Should be sized to fit the largest packet allowed for input, or
/// sequence of packets to be sent at once (see [`conn::MAX_RESPONSES`]).
/// Contains ciphertext or cleartext, encrypted/decrypted in-place.
- /// When reading only contains a single SSH packet at a time.
/// Writing may contain multiple SSH packets to write out, encrypted
/// in-place as they are written to `buf`.
tx_buf: &'a mut [u8],
+ /// Only contains a single SSH packet at a time.
rx_buf: &'a mut [u8],
tx_state: TxState,
--
GitLab