session server UPDATE remove pubkey and pw cbs
diff --git a/src/session_p.h b/src/session_p.h
index cebf3a7..d96acc3 100644
--- a/src/session_p.h
+++ b/src/session_p.h
@@ -429,14 +429,6 @@
uint16_t idle_timeout;
#ifdef NC_ENABLED_SSH_TLS
- int (*passwd_auth_clb)(const struct nc_session *session, const char *password, void *user_data);
- void *passwd_auth_data;
- void (*passwd_auth_data_free)(void *data);
-
- int (*pubkey_auth_clb)(const struct nc_session *session, ssh_key key, void *user_data);
- void *pubkey_auth_data;
- void (*pubkey_auth_data_free)(void *data);
-
int (*interactive_auth_clb)(const struct nc_session *session, ssh_session ssh_sess, ssh_message msg, void *user_data);
void *interactive_auth_data;
void (*interactive_auth_data_free)(void *data);
diff --git a/src/session_server.c b/src/session_server.c
index 564cb63..1ded506 100644
--- a/src/session_server.c
+++ b/src/session_server.c
@@ -893,18 +893,6 @@
pthread_mutex_destroy(&server_opts.bind_lock);
#ifdef NC_ENABLED_SSH_TLS
- if (server_opts.passwd_auth_data && server_opts.passwd_auth_data_free) {
- server_opts.passwd_auth_data_free(server_opts.passwd_auth_data);
- }
- server_opts.passwd_auth_data = NULL;
- server_opts.passwd_auth_data_free = NULL;
-
- if (server_opts.pubkey_auth_data && server_opts.pubkey_auth_data_free) {
- server_opts.pubkey_auth_data_free(server_opts.pubkey_auth_data);
- }
- server_opts.pubkey_auth_data = NULL;
- server_opts.pubkey_auth_data_free = NULL;
-
if (server_opts.interactive_auth_data && server_opts.interactive_auth_data_free) {
server_opts.interactive_auth_data_free(server_opts.interactive_auth_data);
}
diff --git a/src/session_server.h b/src/session_server.h
index d9486f0..a011530 100644
--- a/src/session_server.h
+++ b/src/session_server.h
@@ -455,17 +455,6 @@
*/
/**
- * @brief Set the callback for SSH password authentication. If none is set, local system users are used.
- *
- * @param[in] passwd_auth_clb Callback that should authenticate the user. Username can be directly obtained from @p session.
- * Zero return indicates success, non-zero an error.
- * @param[in] user_data Optional arbitrary user data that will be passed to @p passwd_auth_clb.
- * @param[in] free_user_data Optional callback that will be called during cleanup to free any @p user_data.
- */
-void nc_server_ssh_set_passwd_auth_clb(int (*passwd_auth_clb)(const struct nc_session *session, const char *password,
- void *user_data), void *user_data, void (*free_user_data)(void *user_data));
-
-/**
* @brief Set the callback for SSH interactive authentication. If not set, local PAM-based authentication is used.
*
* @param[in] interactive_auth_clb Callback that should authenticate the user.
@@ -476,17 +465,6 @@
void nc_server_ssh_set_interactive_auth_clb(int (*interactive_auth_clb)(const struct nc_session *session,
ssh_session ssh_sess, ssh_message msg, void *user_data), void *user_data, void (*free_user_data)(void *user_data));
-/**
- * @brief Set the callback for SSH public key authentication. If none is set, local system users are used.
- *
- * @param[in] pubkey_auth_clb Callback that should authenticate the user.
- * Zero return indicates success, non-zero an error.
- * @param[in] user_data Optional arbitrary user data that will be passed to @p pubkey_auth_clb.
- * @param[in] free_user_data Optional callback that will be called during cleanup to free any @p user_data.
- */
-void nc_server_ssh_set_pubkey_auth_clb(int (*pubkey_auth_clb)(const struct nc_session *session, ssh_key key,
- void *user_data), void *user_data, void (*free_user_data)(void *user_data));
-
/** @} Server SSH */
/**
diff --git a/src/session_server_ssh.c b/src/session_server_ssh.c
index f46d968..f8b2f10 100644
--- a/src/session_server_ssh.c
+++ b/src/session_server_ssh.c
@@ -175,33 +175,6 @@
return 0;
}
-API void
-nc_server_ssh_set_passwd_auth_clb(int (*passwd_auth_clb)(const struct nc_session *session, const char *password, void *user_data),
- void *user_data, void (*free_user_data)(void *user_data))
-{
- server_opts.passwd_auth_clb = passwd_auth_clb;
- server_opts.passwd_auth_data = user_data;
- server_opts.passwd_auth_data_free = free_user_data;
-}
-
-API void
-nc_server_ssh_set_interactive_auth_clb(int (*interactive_auth_clb)(const struct nc_session *session, ssh_session ssh_sess,
- ssh_message msg, void *user_data), void *user_data, void (*free_user_data)(void *user_data))
-{
- server_opts.interactive_auth_clb = interactive_auth_clb;
- server_opts.interactive_auth_data = user_data;
- server_opts.interactive_auth_data_free = free_user_data;
-}
-
-API void
-nc_server_ssh_set_pubkey_auth_clb(int (*pubkey_auth_clb)(const struct nc_session *session, ssh_key key, void *user_data),
- void *user_data, void (*free_user_data)(void *user_data))
-{
- server_opts.pubkey_auth_clb = pubkey_auth_clb;
- server_opts.pubkey_auth_data = user_data;
- server_opts.pubkey_auth_data_free = free_user_data;
-}
-
/**
* @brief Compare hashed password with a cleartext password for a match.
*
@@ -246,11 +219,7 @@
{
int auth_ret = 1;
- if (server_opts.passwd_auth_clb) {
- auth_ret = server_opts.passwd_auth_clb(session, ssh_message_auth_password(msg), server_opts.passwd_auth_data);
- } else {
- auth_ret = auth_password_compare_pwd(auth_client->password, ssh_message_auth_password(msg));
- }
+ auth_ret = auth_password_compare_pwd(auth_client->password, ssh_message_auth_password(msg));
if (auth_ret) {
++session->opts.server.ssh_auth_attempts;
@@ -704,17 +673,10 @@
{
int signature_state, ret = 0;
- if (server_opts.pubkey_auth_clb) {
- if (server_opts.pubkey_auth_clb(session, ssh_message_auth_pubkey(msg), server_opts.pubkey_auth_data)) {
- ret = 1;
- goto fail;
- }
- } else {
- if (auth_pubkey_compare_key(ssh_message_auth_pubkey(msg), auth_client)) {
- VRB(session, "User \"%s\" tried to use an unknown (unauthorized) public key.", session->username);
- ret = 1;
- goto fail;
- }
+ if (auth_pubkey_compare_key(ssh_message_auth_pubkey(msg), auth_client)) {
+ VRB(session, "User \"%s\" tried to use an unknown (unauthorized) public key.", session->username);
+ ret = 1;
+ goto fail;
}
signature_state = ssh_message_auth_publickey_state(msg);