diff --git a/src/server_config.c b/src/server_config.c index f6165846..f15792a1 100644 --- a/src/server_config.c +++ b/src/server_config.c @@ -659,14 +659,14 @@ nc_server_config_del_local_address(struct nc_bind *bind) } static void -nc_server_config_del_auth_client_pam_name(struct nc_client_auth *auth_client) +nc_server_config_del_auth_client_pam_name(struct nc_auth_client *auth_client) { free(auth_client->pam_config_name); auth_client->pam_config_name = NULL; } static void -nc_server_config_del_auth_client_pam_dir(struct nc_client_auth *auth_client) +nc_server_config_del_auth_client_pam_dir(struct nc_auth_client *auth_client) { free(auth_client->pam_config_dir); auth_client->pam_config_dir = NULL; @@ -715,7 +715,7 @@ nc_server_config_del_auth_client_pubkey_pub_base64(struct nc_public_key *pubkey) } static void -nc_server_config_del_auth_client_password(struct nc_client_auth *auth_client) +nc_server_config_del_auth_client_password(struct nc_auth_client *auth_client) { free(auth_client->password); auth_client->password = NULL; @@ -779,7 +779,7 @@ nc_server_config_del_hostkey(struct nc_server_ssh_opts *opts, struct nc_hostkey } static void -nc_server_config_del_auth_client_pubkey(struct nc_client_auth *auth_client, struct nc_public_key *pubkey) +nc_server_config_del_auth_client_pubkey(struct nc_auth_client *auth_client, struct nc_public_key *pubkey) { nc_server_config_del_auth_client_pubkey_name(pubkey); nc_server_config_del_auth_client_pubkey_pub_base64(pubkey); @@ -794,7 +794,7 @@ nc_server_config_del_auth_client_pubkey(struct nc_client_auth *auth_client, stru } static void -nc_server_config_del_auth_client(struct nc_server_ssh_opts *opts, struct nc_client_auth *auth_client) +nc_server_config_del_auth_client(struct nc_server_ssh_opts *opts, struct nc_auth_client *auth_client) { uint16_t i, pubkey_count; @@ -2074,7 +2074,7 @@ nc_server_config_public_key_format(const struct lyd_node *node, NC_OPERATION op) } static int -nc_server_config_create_auth_key_public_key_list(const struct lyd_node *node, struct nc_client_auth *auth_client) +nc_server_config_create_auth_key_public_key_list(const struct lyd_node *node, struct nc_auth_client *auth_client) { assert(!strcmp(LYD_NAME(node), "public-key")); @@ -2131,7 +2131,7 @@ nc_server_config_public_key(const struct lyd_node *node, NC_OPERATION op) { int ret = 0; struct nc_hostkey *hostkey; - struct nc_client_auth *auth_client; + struct nc_auth_client *auth_client; struct nc_public_key *pubkey; struct nc_server_tls_opts *opts; struct nc_ch_client *ch_client; @@ -2140,6 +2140,7 @@ nc_server_config_public_key(const struct lyd_node *node, NC_OPERATION op) /* LOCK */ if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) { + /* to avoid unlock on fail */ return 1; } @@ -2443,7 +2444,7 @@ static int nc_server_config_user(const struct lyd_node *node, NC_OPERATION op) { int ret = 0; - struct nc_client_auth *auth_client; + struct nc_auth_client *auth_client; struct nc_server_ssh_opts *opts; struct nc_ch_client *ch_client; @@ -2451,6 +2452,7 @@ nc_server_config_user(const struct lyd_node *node, NC_OPERATION op) /* LOCK */ if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) { + /* to avoid unlock on fail */ return 1; } @@ -2544,7 +2546,7 @@ nc_server_config_auth_timeout(const struct lyd_node *node, NC_OPERATION op) } static int -nc_server_config_ssh_replace_truststore_reference(const struct lyd_node *node, struct nc_client_auth *client_auth) +nc_server_config_ssh_replace_truststore_reference(const struct lyd_node *node, struct nc_auth_client *client_auth) { uint16_t i; struct nc_truststore *ts = &server_opts.truststore; @@ -2603,13 +2605,14 @@ nc_server_config_truststore_reference(const struct lyd_node *node, NC_OPERATION { int ret = 0; struct nc_endpt *endpt; - struct nc_client_auth *auth_client; + struct nc_auth_client *auth_client; struct nc_ch_client *ch_client; assert(!strcmp(LYD_NAME(node), "truststore-reference")); /* LOCK */ if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) { + /* to avoid unlock on fail */ return 1; } @@ -2675,7 +2678,7 @@ nc_server_config_truststore_reference(const struct lyd_node *node, NC_OPERATION } static int -nc_server_config_replace_password(const struct lyd_node *node, struct nc_client_auth *auth_client) +nc_server_config_replace_password(const struct lyd_node *node, struct nc_auth_client *auth_client) { nc_server_config_del_auth_client_password(auth_client); @@ -2693,13 +2696,14 @@ static int nc_server_config_password(const struct lyd_node *node, NC_OPERATION op) { int ret = 0; - struct nc_client_auth *auth_client; + struct nc_auth_client *auth_client; struct nc_ch_client *ch_client; assert(!strcmp(LYD_NAME(node), "password")); /* LOCK */ if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) { + /* to avoid unlock on fail */ return 1; } @@ -2729,13 +2733,14 @@ static int nc_server_config_pam_name(const struct lyd_node *node, NC_OPERATION op) { int ret = 0; - struct nc_client_auth *auth_client; + struct nc_auth_client *auth_client; struct nc_ch_client *ch_client; assert(!strcmp(LYD_NAME(node), "pam-config-file-name")); /* LOCK */ if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) { + /* to avoid unlock on fail */ return 1; } @@ -2769,13 +2774,14 @@ static int nc_server_config_pam_dir(const struct lyd_node *node, NC_OPERATION op) { int ret = 0; - struct nc_client_auth *auth_client; + struct nc_auth_client *auth_client; struct nc_ch_client *ch_client; assert(!strcmp(LYD_NAME(node), "pam-config-file-dir")); /* LOCK */ if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) { + /* to avoid unlock on fail */ return 1; } @@ -2809,13 +2815,14 @@ static int nc_server_config_none(const struct lyd_node *node, NC_OPERATION op) { int ret = 0; - struct nc_client_auth *auth_client; + struct nc_auth_client *auth_client; struct nc_ch_client *ch_client; assert(!strcmp(LYD_NAME(node), "none")); /* LOCK */ if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) { + /* to avoid unlock on fail */ return 1; } diff --git a/src/session_p.h b/src/session_p.h index 34c98011..4a27a09b 100644 --- a/src/session_p.h +++ b/src/session_p.h @@ -160,10 +160,10 @@ struct nc_auth_state { /** * @brief A server's authorized client. */ -struct nc_client_auth { +struct nc_auth_client { char *username; /**< Arbitrary username. */ - NC_STORE_TYPE store; /**< Specifies how/where the client's public key is stored. */ + NC_STORE_TYPE store; /**< Specifies how/where the client's public key is stored. */ union { struct { struct nc_public_key *pubkeys; /**< The client's public keys. */ @@ -198,7 +198,7 @@ struct nc_server_ssh_opts { struct nc_hostkey *hostkeys; /**< Server's hostkeys. */ uint16_t hostkey_count; /**< Number of server's hostkeys. */ - struct nc_client_auth *auth_clients; /**< Server's authorized clients. */ + struct nc_auth_client *auth_clients; /**< Server's authorized clients. */ uint16_t client_count; /**< Number of server's authorized clients. */ struct nc_endpt *endpt_client_ref; /**< Reference to another endpoint (used for client authentication). */ diff --git a/src/session_server_ssh.c b/src/session_server_ssh.c index 6bd1bfaf..e6aed4eb 100644 --- a/src/session_server_ssh.c +++ b/src/session_server_ssh.c @@ -222,7 +222,7 @@ auth_password_compare_pwd(const char *pass_hash, const char *pass_clear) } static int -nc_sshcb_auth_password(struct nc_session *session, struct nc_client_auth *auth_client, ssh_message msg) +nc_sshcb_auth_password(struct nc_session *session, struct nc_auth_client *auth_client, ssh_message msg) { int auth_ret = 1; @@ -855,7 +855,7 @@ nc_server_ssh_create_ssh_pubkey(const char *base64, ssh_key *key) * @return Authorized key username, NULL if no match was found. */ static int -auth_pubkey_compare_key(ssh_key key, struct nc_client_auth *auth_client) +auth_pubkey_compare_key(ssh_key key, struct nc_auth_client *auth_client) { uint16_t i, pubkey_count; int ret = 0; @@ -902,7 +902,7 @@ auth_pubkey_compare_key(ssh_key key, struct nc_client_auth *auth_client) } static void -nc_sshcb_auth_none(struct nc_session *session, struct nc_client_auth *auth_client, ssh_message msg) +nc_sshcb_auth_none(struct nc_session *session, struct nc_auth_client *auth_client, ssh_message msg) { if (auth_client->supports_none && !auth_client->password && !auth_client->pubkey_count && !auth_client->pam_config_name) { /* only authenticate the client if he supports none and no other method */ @@ -915,7 +915,7 @@ nc_sshcb_auth_none(struct nc_session *session, struct nc_client_auth *auth_clien } static int -nc_sshcb_auth_pubkey(struct nc_session *session, struct nc_client_auth *auth_client, ssh_message msg) +nc_sshcb_auth_pubkey(struct nc_session *session, struct nc_auth_client *auth_client, ssh_message msg) { int signature_state, ret = 0; @@ -1040,7 +1040,7 @@ nc_session_ssh_msg(struct nc_session *session, struct nc_server_ssh_opts *opts, const char *str_type, *str_subtype = NULL, *username; int subtype, type, libssh_auth_methods = 0, ret = 0; uint16_t i; - struct nc_client_auth *auth_client = NULL; + struct nc_auth_client *auth_client = NULL; type = ssh_message_type(msg); subtype = ssh_message_subtype(msg);