commit 5858e6d8bfe0b5114279acdf4f03437cf4c72509
author roman <xjanot04@fit.vutbr.cz> Thu May 23 09:18:22 2024 +0200
committer Michal Vasko <mvasko@cesnet.cz> Thu May 23 15:07:33 2024 +0200
tree ef5fdf6473a9c62a6f38f4c7841355ec2c98d527
parent 4a1dcdfd43fe5b0686c25a3b868b2281281c27b9

session server ssh REFACTOR change local to system

src/session_server_ssh.c

diff --git a/src/session_server_ssh.c b/src/session_server_ssh.c
index 20b34b4..503b49e 100644
--- a/src/session_server_ssh.c
+++ b/src/session_server_ssh.c
@@ -569,7 +569,7 @@
 
     pwd = nc_server_ssh_getpwnam(username, &pwd_buf, &buf, &buf_size);
     if (!pwd) {
-        VRB(NULL, "User \"%s\" not found locally.", username);
+        VRB(NULL, "User \"%s\" not found in the system.", username);
         goto error;
     }
 
@@ -906,7 +906,7 @@
 #elif defined (HAVE_SHADOW)
 
 /**
- * @brief Authenticate using locally stored credentials.
+ * @brief Authenticate using credentials stored in the system.
  *
  * @param[in] session Session to authenticate on.
  * @param[in] username Username of the client to authenticate.
@@ -920,13 +920,12 @@
     int ret = 0, n_answers;
     const char *name = "Keyboard-Interactive Authentication";
     const char *instruction = "Please enter your authentication token";
-    char *prompt = NULL, *local_pw = NULL, *received_pw = NULL;
+    char *prompt = NULL, *pw = NULL, *received_pw = NULL;
     char echo[] = {0};
 
-    /* try to get the client's locally stored pw hash */
-    local_pw = nc_server_ssh_get_pwd_hash(username);
-    if (!local_pw) {
-        ERR(session, "Unable to get %s's credentials.", username);
+    /* try to get the client's pw hash from the system */
+    pw = nc_server_ssh_get_pwd_hash(username);
+    if (!pw) {
         ret = 1;
         goto cleanup;
     }
@@ -957,10 +956,10 @@
     NC_CHECK_ERRMEM_GOTO(!received_pw, ret = 1, cleanup);
 
     /* cmp the passwords */
-    ret = nc_server_ssh_compare_password(local_pw, received_pw);
+    ret = nc_server_ssh_compare_password(pw, received_pw);
 
 cleanup:
-    free(local_pw);
+    free(pw);
     free(received_pw);
     free(prompt);
     return ret;
@@ -1178,7 +1177,7 @@
         return 0;
     }
 
-    /* reply and return -1 so that this does not get counted as an usuccessful authentication attempt */
+    /* reply and return -1 so that this does not get counted as an unsuccessful authentication attempt */
     ssh_message_reply_default(msg);
     return -1;
 }
@@ -1312,7 +1311,7 @@
         /* authenticate using PAM */
         rc = nc_server_ssh_auth_kbdint_pam(session, session->username, msg);
 #elif defined (HAVE_SHADOW)
-        /* authenticate using locally configured users */
+        /* authenticate using the system */
         rc = nc_server_ssh_auth_kbdint_system(session, session->username, msg);
 #else
         ERR(NULL, "Keyboard-interactive method not supported.");
@@ -1716,8 +1715,10 @@
         /* check if local-users-supported feature is enabled */
         rc = lys_feature_value(mod, "local-users-supported");
         if (!rc) {
+            /* using users from the YANG data */
             local_users_supported = 1;
         } else if (rc == LY_ENOT) {
+            /* using users from the system */
             local_users_supported = 0;
         } else {
             ERRINT;