Update interactive callback.
diff --git a/src/session_p.h b/src/session_p.h
index fdfbd7c..18b8a90 100644
--- a/src/session_p.h
+++ b/src/session_p.h
@@ -174,7 +174,7 @@
void *pubkey_auth_data;
void (*pubkey_auth_data_free)(void *data);
- int (*interactive_auth_clb)(const struct nc_session *session, const char* password,void *user_data);
+ int (*interactive_auth_clb)(const struct nc_session *session, ssh_message msg, void *user_data);
void *interactive_auth_data;
void (*interactive_auth_data_free)(void *data);
#endif
diff --git a/src/session_server.h b/src/session_server.h
index 08ddbba..cebf973 100644
--- a/src/session_server.h
+++ b/src/session_server.h
@@ -521,7 +521,7 @@
* @param[in] user_data Optional arbitrary user data that will be passed to \p passwd_auth_clb.
* @param[in] free_user_data Optional callback that will be called during cleanup to free any \p user_data.
*/
-void ncserver_ssh_set_interactive_auth_clb(int (*interactive_auth_clb)(const struct nc_session *session, const char *password,
+void ncserver_ssh_set_interactive_auth_clb(int (*interactive_auth_clb)(const struct ssh_message msg, const char *password,
void *user_data),
void *user_data, void (*free_user_data)(void *user_data));
diff --git a/src/session_server_ssh.c b/src/session_server_ssh.c
index 4bcc99e..5c27780 100644
--- a/src/session_server_ssh.c
+++ b/src/session_server_ssh.c
@@ -142,6 +142,25 @@
server_opts.passwd_auth_data_free = free_user_data;
}
+API void
+nc_server_ssh_set_interactive_auth_clb(int (*interactive_auth_clb)(const struct nc_session *session, ssh_message msg, void *user_data),
+ void *user_data, void (*free_user_data)(void *user_data))
+{
+ server_opts.interactive_auth_clb = interactive_auth_clb;
+ server_opts.interactive_auth_data = user_data;
+ server_opts.interactive_auth_data_free = free_user_data;
+}
+
+API void
+nc_server_ssh_set_pubkey_auth_clb(int (*pubkey_auth_clb)(const struct nc_session *session, ssh_key key, void *user_data),
+ void *user_data, void (*free_user_data)(void *user_data))
+{
+ server_opts.pubkey_auth_clb = pubkey_auth_clb;
+ server_opts.pubkey_auth_data = user_data;
+ server_opts.pubkey_auth_data_free = free_user_data;
+}
+
+
API int
nc_server_ssh_ch_client_add_hostkey(const char *client_name, const char *name, int16_t idx)
{
@@ -822,41 +841,37 @@
{
int auth_ret = 1;
char *pass_hash;
- // Print message for interactive SSH
- if (!ssh_message_auth_kbdint_is_response(msg)) {
- const char *prompts[] = {"Password: "};
- char echo[] = {0};
- ssh_message_auth_interactive_request(msg, "Interactive SSH Authentication", "Type your password:", 1, prompts, echo);
+ if (server_opts.interactive_auth_clb) {
+ auth_ret = server_opts.interactive_auth_clb(session, msg, server_opts.interactive_auth_clb);
} else {
- if (ssh_userauth_kbdint_getnanswers(session->ti.libssh.session) != 1) {// failed session
- ssh_message_reply_default(msg);
- return;
- }
- // Check the authentication type
- if (server_opts.interactive_auth_clb)
- {
- auth_ret = server_opts.interactive_auth_clb(session, ssh_message_auth_password(msg), server_opts.interactive_auth_clb);
- }
- else {
+ if (!ssh_message_auth_kbdint_is_response(msg)) {
+ const char *prompts[] = {"Password: "};
+ char echo[] = {0};
+
+ ssh_message_auth_interactive_request(msg, "Interactive SSH Authentication", "Type your password:", 1, prompts, echo);
+ } else {
+ if (ssh_userauth_kbdint_getnanswers(session->ti.libssh.session) != 1) {// failed session
+ ssh_message_reply_default(msg);
+ return;
+ }
pass_hash = auth_password_get_pwd_hash(session->username);// get hashed password
if (pass_hash) {
auth_ret = auth_password_compare_pwd(pass_hash, ssh_userauth_kbdint_getanswer(session->ti.libssh.session, 0));
free(pass_hash);// free hashed password
}
}
- // Authenticate message based on outcome
- if (!auth_ret)
- {
- session->flags |= NC_SESSION_SSH_AUTHENTICATED;
- VRB("User \"%s\" authenticated.", session->username);
- ssh_message_auth_reply_success(msg, 0);
- }
- else {
- ++session->opts.server.ssh_auth_attempts;
- VRB("Failed user \"%s\" authentication attempt (#%d).", session->username, session->opts.server.ssh_auth_attempts);
- ssh_message_reply_default(msg);
- }
+ }
+
+ /* Authenticate message based on outcome */
+ if (!auth_ret) {
+ session->flags |= NC_SESSION_SSH_AUTHENTICATED;
+ VRB("User \"%s\" authenticated.", session->username);
+ ssh_message_auth_reply_success(msg, 0);
+ } else {
+ ++session->opts.server.ssh_auth_attempts;
+ VRB("Failed user \"%s\" authentication attempt (#%d).", session->username, session->opts.server.ssh_auth_attempts);
+ ssh_message_reply_default(msg);
}
}