From efbae4afb84ef03364a1de349d98413211946ad4 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 9 May 2017 18:38:35 +0200 Subject: ssh: Option 'auth_methods' available not only in server but also in client --- lib/ssh/src/ssh_connection_handler.erl | 6 +----- lib/ssh/src/ssh_options.erl | 12 ++++++------ 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 342583306b..39bd54869f 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -434,11 +434,7 @@ init_ssh_record(Role, Socket, Opts) -> init_ssh_record(Role, _Socket, PeerAddr, Opts) -> KeyCb = ?GET_OPT(key_cb, Opts), - AuthMethods = - case Role of - server -> ?GET_OPT(auth_methods, Opts); - client -> undefined - end, + AuthMethods = ?GET_OPT(auth_methods, Opts), S0 = #ssh{role = Role, key_cb = KeyCb, opts = Opts, diff --git a/lib/ssh/src/ssh_options.erl b/lib/ssh/src/ssh_options.erl index 0886d5b34d..6bd6ab74c3 100644 --- a/lib/ssh/src/ssh_options.erl +++ b/lib/ssh/src/ssh_options.erl @@ -293,12 +293,6 @@ default(server) -> class => user_options }, - {auth_methods, def} => - #{default => ?SUPPORTED_AUTH_METHODS, - chk => fun check_string/1, - class => user_options - }, - {auth_method_kb_interactive_data, def} => #{default => undefined, % Default value can be constructed when User is known chk => fun({S1,S2,S3,B}) -> @@ -583,6 +577,12 @@ default(common) -> }, %%%%% Undocumented + {auth_methods, def} => + #{default => ?SUPPORTED_AUTH_METHODS, + chk => fun check_string/1, + class => user_options + }, + {transport, def} => #{default => ?DEFAULT_TRANSPORT, chk => fun({A,B,C}) -> -- cgit v1.2.3 From 6e9f9cbfc1f69735788651369bf6e288e23fbced Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 10 May 2017 12:39:02 +0200 Subject: ssh: Doc option 'auth_methods' for client --- lib/ssh/doc/src/ssh.xml | 13 +++++++++++++ lib/ssh/src/ssh_options.erl | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 84b7cdd7a1..c659e093b9 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -293,6 +293,15 @@ connection. For gen_tcp the time is in milli-seconds and the default value is infinity.

+ + + +

Comma-separated string that determines which + authentication methods that the client shall support and + in which order they are tried. Defaults to +

+ +

Provides a username. If this option is not given, ssh @@ -300,6 +309,7 @@ on UNIX, on Windows).

 +

Provides a password for password authentication. @@ -307,6 +317,7 @@ password, if the password authentication method is attempted.

 +

Module implementing the behaviour +

If true, the client does not print anything on authorization.

@@ -466,6 +478,7 @@ authentication methods that the server is to support and in what order they are tried. Defaults to

+

Note that the client is free to use any order and to exclude methods.

 diff --git a/lib/ssh/src/ssh_options.erl b/lib/ssh/src/ssh_options.erl index 6bd6ab74c3..f98422c324 100644 --- a/lib/ssh/src/ssh_options.erl +++ b/lib/ssh/src/ssh_options.erl @@ -576,13 +576,13 @@ default(common) -> class => user_options }, -%%%%% Undocumented {auth_methods, def} => #{default => ?SUPPORTED_AUTH_METHODS, chk => fun check_string/1, class => user_options }, +%%%%% Undocumented {transport, def} => #{default => ?DEFAULT_TRANSPORT, chk => fun({A,B,C}) -> -- cgit v1.2.3 From 242dddbc918c87571013e7e0acd29b4abbe12911 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 10 May 2017 11:42:09 +0200 Subject: ssh: Better error checking for option 'auth_methods' --- lib/ssh/src/ssh_options.erl | 11 ++++++++++- lib/ssh/test/ssh_basic_SUITE.erl | 7 ++----- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/lib/ssh/src/ssh_options.erl b/lib/ssh/src/ssh_options.erl index f98422c324..78f68dbcb1 100644 --- a/lib/ssh/src/ssh_options.erl +++ b/lib/ssh/src/ssh_options.erl @@ -578,7 +578,16 @@ default(common) -> {auth_methods, def} => #{default => ?SUPPORTED_AUTH_METHODS, - chk => fun check_string/1, + chk => fun(As) -> + try + Sup = string:tokens(?SUPPORTED_AUTH_METHODS, ","), + New = string:tokens(As, ","), + [] == [X || X <- New, + not lists:member(X,Sup)] + catch + _:_ -> false + end + end, class => user_options }, diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index b80c3ed5e2..1e591bc295 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -1173,13 +1173,10 @@ login_bad_pwd_no_retry3(Config) -> login_bad_pwd_no_retry(Config, "password,publickey,keyboard-interactive"). login_bad_pwd_no_retry4(Config) -> - login_bad_pwd_no_retry(Config, "password,other,keyboard-interactive"). + login_bad_pwd_no_retry(Config, "password,keyboard-interactive"). login_bad_pwd_no_retry5(Config) -> - login_bad_pwd_no_retry(Config, "password,other,keyboard-interactive,password,password"). - - - + login_bad_pwd_no_retry(Config, "password,keyboard-interactive,password,password"). login_bad_pwd_no_retry(Config, AuthMethods) -> -- cgit v1.2.3