diff options
| author | Hans Nilsson <[email protected]> | 2015-06-08 21:18:43 +0200 |
|---|---|---|
| committer | Hans Nilsson <[email protected]> | 2015-06-09 14:55:18 +0200 |
| commit | 1e3637220afb2269a829ea0a15b98b05f38344a8 (patch) | |
| tree | 9b8da8ef03d21003a487d5e0e1b2f4bbda68f63e /lib/ssh/src/ssh_connection_handler.erl | |
| parent | 07995bee41aeaace06e5a3e11912122e710552f5 (diff) | |
| download | otp-1e3637220afb2269a829ea0a15b98b05f38344a8.tar.gz otp-1e3637220afb2269a829ea0a15b98b05f38344a8.tar.bz2 otp-1e3637220afb2269a829ea0a15b98b05f38344a8.zip | |
ssh: make server check auth_methods when rec request
Diffstat (limited to 'lib/ssh/src/ssh_connection_handler.erl')
| -rw-r--r-- | lib/ssh/src/ssh_connection_handler.erl | 35 |
1 files changed, 22 insertions, 13 deletions
diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index ab1fc93a1b..9bd49c5c05 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -483,17 +483,22 @@ userauth(#ssh_msg_userauth_request{service = "ssh-connection", service = "ssh-connection", peer = {_, Address}} = Ssh0, opts = Opts, starter = Pid} = State) -> - case ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0) of - {authorized, User, {Reply, Ssh}} -> - send_msg(Reply, State), - Pid ! ssh_connected, - connected_fun(User, Address, Method, Opts), - {next_state, connected, - next_packet(State#state{auth_user = User, ssh_params = Ssh})}; - {not_authorized, {User, Reason}, {Reply, Ssh}} -> - retry_fun(User, Address, Reason, Opts), - send_msg(Reply, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} + case lists:member(Method, Ssh0#ssh.userauth_methods) of + true -> + case ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0) of + {authorized, User, {Reply, Ssh}} -> + send_msg(Reply, State), + Pid ! ssh_connected, + connected_fun(User, Address, Method, Opts), + {next_state, connected, + next_packet(State#state{auth_user = User, ssh_params = Ssh})}; + {not_authorized, {User, Reason}, {Reply, Ssh}} -> + retry_fun(User, Address, Reason, Opts), + send_msg(Reply, State), + {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} + end; + false -> + userauth(Msg#ssh_msg_userauth_request{method="none"}, State) end; userauth(#ssh_msg_userauth_info_request{} = Msg, @@ -1148,9 +1153,9 @@ init_ssh(client = Role, Vsn, Version, Options, Socket) -> }; init_ssh(server = Role, Vsn, Version, Options, Socket) -> - AuthMethods = proplists:get_value(auth_methods, Options, ?SUPPORTED_AUTH_METHODS), + AuthMethodsAsList = string:tokens(AuthMethods, ","), {ok, PeerAddr} = inet:peername(Socket), KeyCb = proplists:get_value(key_cb, Options, ssh_file), @@ -1159,8 +1164,12 @@ init_ssh(server = Role, Vsn, Version, Options, Socket) -> s_version = Version, key_cb = KeyCb, io_cb = proplists:get_value(io_cb, Options, ssh_io), - opts = Options, + opts = case lists:member("keyboard-interactive",AuthMethodsAsList) of + true -> [{max_kb_tries,3}|Options]; + false -> Options + end, userauth_supported_methods = AuthMethods, + userauth_methods = AuthMethodsAsList, peer = {undefined, PeerAddr}, available_host_keys = supported_host_keys(Role, KeyCb, Options) }. |