Hi everyone,
I address this message especially to Niels in the hope that he will able to
respond. I plan to work a bit on user authentication, more exactly I would
like to add publickey authentication.
The current scheme is a simple userauth class, which gets the whole
SSH_MSG_USERAUTH_REQUEST packet, and must return the result immediately. The
problem with this approach is that some methods need additional packets to
be sent, so the decision cannot be made immediately.
I propose the following changes:
the AUTHENTICATE method would get two additional parameters:
* connection, so the authentication mechanism could send packets to the
client. (in publickey, at least the message SSH_MSG_USERAUTH_PK_OK would
be required)
* command_continuation: where the authentication result should be returned
I would add a new command_continuation class to server_userauth.c, which
would do everything which is done immediately after AUTHENTICATE() now.
AUTHENTICATE would then return to this command_continuation, which would do
its job, and return to the original command_continuation passed to
do_userauth().
What do you think?
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
url: http://www.balabit.hu/pgpkey.txt
