session server UPDATE remove pubkey and pw cbs

CESNET · Nov 3, 2023 · f60c87e · f60c87e
1 parent 0b5b51a
commit f60c87e
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 85 deletions.
diff --git a/src/session_p.h b/src/session_p.h
@@ -429,14 +429,6 @@ struct nc_server_opts {
     uint16_t idle_timeout;
 
 #ifdef NC_ENABLED_SSH_TLS
-    int (*passwd_auth_clb)(const struct nc_session *session, const char *password, void *user_data);
-    void *passwd_auth_data;
-    void (*passwd_auth_data_free)(void *data);
-
-    int (*pubkey_auth_clb)(const struct nc_session *session, ssh_key key, void *user_data);
-    void *pubkey_auth_data;
-    void (*pubkey_auth_data_free)(void *data);
-
     int (*interactive_auth_clb)(const struct nc_session *session, ssh_session ssh_sess, ssh_message msg, void *user_data);
     void *interactive_auth_data;
     void (*interactive_auth_data_free)(void *data);

diff --git a/src/session_server.c b/src/session_server.c
@@ -893,18 +893,6 @@ nc_server_destroy(void)
     pthread_mutex_destroy(&server_opts.bind_lock);
 
 #ifdef NC_ENABLED_SSH_TLS
-    if (server_opts.passwd_auth_data && server_opts.passwd_auth_data_free) {
-        server_opts.passwd_auth_data_free(server_opts.passwd_auth_data);
-    }
-    server_opts.passwd_auth_data = NULL;
-    server_opts.passwd_auth_data_free = NULL;
-
-    if (server_opts.pubkey_auth_data && server_opts.pubkey_auth_data_free) {
-        server_opts.pubkey_auth_data_free(server_opts.pubkey_auth_data);
-    }
-    server_opts.pubkey_auth_data = NULL;
-    server_opts.pubkey_auth_data_free = NULL;
-
     if (server_opts.interactive_auth_data && server_opts.interactive_auth_data_free) {
         server_opts.interactive_auth_data_free(server_opts.interactive_auth_data);
     }

diff --git a/src/session_server.h b/src/session_server.h
@@ -454,17 +454,6 @@ NC_MSG_TYPE nc_ps_accept_ssh_channel(struct nc_pollsession *ps, struct nc_sessio
  * @{
  */
 
-/**
- * @brief Set the callback for SSH password authentication. If none is set, local system users are used.
- *
- * @param[in] passwd_auth_clb Callback that should authenticate the user. Username can be directly obtained from @p session.
- * Zero return indicates success, non-zero an error.
- * @param[in] user_data Optional arbitrary user data that will be passed to @p passwd_auth_clb.
- * @param[in] free_user_data Optional callback that will be called during cleanup to free any @p user_data.
- */
-void nc_server_ssh_set_passwd_auth_clb(int (*passwd_auth_clb)(const struct nc_session *session, const char *password,
-        void *user_data), void *user_data, void (*free_user_data)(void *user_data));
-
 /**
  * @brief Set the callback for SSH interactive authentication. If not set, local PAM-based authentication is used.
  *
@@ -476,17 +465,6 @@ void nc_server_ssh_set_passwd_auth_clb(int (*passwd_auth_clb)(const struct nc_se
 void nc_server_ssh_set_interactive_auth_clb(int (*interactive_auth_clb)(const struct nc_session *session,
         ssh_session ssh_sess, ssh_message msg, void *user_data), void *user_data, void (*free_user_data)(void *user_data));
 
-/**
- * @brief Set the callback for SSH public key authentication. If none is set, local system users are used.
- *
- * @param[in] pubkey_auth_clb Callback that should authenticate the user.
- * Zero return indicates success, non-zero an error.
- * @param[in] user_data Optional arbitrary user data that will be passed to @p pubkey_auth_clb.
- * @param[in] free_user_data Optional callback that will be called during cleanup to free any @p user_data.
- */
-void nc_server_ssh_set_pubkey_auth_clb(int (*pubkey_auth_clb)(const struct nc_session *session, ssh_key key,
-        void *user_data), void *user_data, void (*free_user_data)(void *user_data));
-
 /** @} Server SSH */
 
 /**

diff --git a/src/session_server_ssh.c b/src/session_server_ssh.c
@@ -175,33 +175,6 @@ nc_server_ssh_ts_ref_get_keys(const char *referenced_name, struct nc_public_key
     return 0;
 }
 
-API void
-nc_server_ssh_set_passwd_auth_clb(int (*passwd_auth_clb)(const struct nc_session *session, const char *password, void *user_data),
-        void *user_data, void (*free_user_data)(void *user_data))
-{
-    server_opts.passwd_auth_clb = passwd_auth_clb;
-    server_opts.passwd_auth_data = user_data;
-    server_opts.passwd_auth_data_free = free_user_data;
-}
-
-API void
-nc_server_ssh_set_interactive_auth_clb(int (*interactive_auth_clb)(const struct nc_session *session, ssh_session ssh_sess,
-        ssh_message msg, void *user_data), void *user_data, void (*free_user_data)(void *user_data))
-{
-    server_opts.interactive_auth_clb = interactive_auth_clb;
-    server_opts.interactive_auth_data = user_data;
-    server_opts.interactive_auth_data_free = free_user_data;
-}
-
-API void
-nc_server_ssh_set_pubkey_auth_clb(int (*pubkey_auth_clb)(const struct nc_session *session, ssh_key key, void *user_data),
-        void *user_data, void (*free_user_data)(void *user_data))
-{
-    server_opts.pubkey_auth_clb = pubkey_auth_clb;
-    server_opts.pubkey_auth_data = user_data;
-    server_opts.pubkey_auth_data_free = free_user_data;
-}
-
 /**
  * @brief Compare hashed password with a cleartext password for a match.
  *
@@ -246,11 +219,7 @@ nc_sshcb_auth_password(struct nc_session *session, struct nc_auth_client *auth_c
 {
     int auth_ret = 1;
 
-    if (server_opts.passwd_auth_clb) {
-        auth_ret = server_opts.passwd_auth_clb(session, ssh_message_auth_password(msg), server_opts.passwd_auth_data);
-    } else {
-        auth_ret = auth_password_compare_pwd(auth_client->password, ssh_message_auth_password(msg));
-    }
+    auth_ret = auth_password_compare_pwd(auth_client->password, ssh_message_auth_password(msg));
 
     if (auth_ret) {
         ++session->opts.server.ssh_auth_attempts;
@@ -704,17 +673,10 @@ nc_sshcb_auth_pubkey(struct nc_session *session, struct nc_auth_client *auth_cli
 {
     int signature_state, ret = 0;
 
-    if (server_opts.pubkey_auth_clb) {
-        if (server_opts.pubkey_auth_clb(session, ssh_message_auth_pubkey(msg), server_opts.pubkey_auth_data)) {
-            ret = 1;
-            goto fail;
-        }
-    } else {
-        if (auth_pubkey_compare_key(ssh_message_auth_pubkey(msg), auth_client)) {
-            VRB(session, "User \"%s\" tried to use an unknown (unauthorized) public key.", session->username);
-            ret = 1;
-            goto fail;
-        }
+    if (auth_pubkey_compare_key(ssh_message_auth_pubkey(msg), auth_client)) {
+        VRB(session, "User \"%s\" tried to use an unknown (unauthorized) public key.", session->username);
+        ret = 1;
+        goto fail;
     }
 
     signature_state = ssh_message_auth_publickey_state(msg);