===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/auth2.c,v
retrieving revision 1.168
retrieving revision 1.169
diff -u -r1.168 -r1.169
--- src/usr.bin/ssh/auth2.c	2023/12/18 14:45:49	1.168
+++ src/usr.bin/ssh/auth2.c	2024/05/17 00:30:23	1.169
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.168 2023/12/18 14:45:49 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.169 2024/05/17 00:30:23 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -141,7 +141,7 @@
 	if (options.banner == NULL)
 		return;
 
-	if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
+	if ((banner = mm_auth2_read_banner()) == NULL)
 		goto done;
 
 	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_BANNER)) != 0 ||
@@ -281,7 +281,7 @@
 		auth_maxtries_exceeded(ssh);
 	if (authctxt->attempt++ == 0) {
 		/* setup auth context */
-		authctxt->pw = PRIVSEP(getpwnamallow(ssh, user));
+		authctxt->pw = mm_getpwnamallow(ssh, user);
 		if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
 			authctxt->valid = 1;
 			debug2_f("setting up authctxt for %s", user);
@@ -292,13 +292,11 @@
 		}
 		ssh_packet_set_log_preamble(ssh, "%suser %s",
 		    authctxt->valid ? "authenticating " : "invalid ", user);
-		setproctitle("%s%s", authctxt->valid ? user : "unknown",
-		    use_privsep ? " [net]" : "");
+		setproctitle("%s [net]", authctxt->valid ? user : "unknown");
 		authctxt->user = xstrdup(user);
 		authctxt->service = xstrdup(service);
 		authctxt->style = style ? xstrdup(style) : NULL;
-		if (use_privsep)
-			mm_inform_authserv(service, style);
+		mm_inform_authserv(service, style);
 		userauth_banner(ssh);
 		if ((r = kex_server_update_ext_info(ssh)) != 0)
 			fatal_fr(r, "kex_server_update_ext_info failed");
@@ -362,7 +360,7 @@
 		/* prefer primary authmethod name to possible synonym */
 		if ((m = authmethod_byname(method)) == NULL)
 			fatal("INTERNAL ERROR: bad method %s", method);
-		method = m->name;
+		method = m->cfg->name;
 	}
 
 	/* Special handling for root */
@@ -453,16 +451,16 @@
 	if ((b = sshbuf_new()) == NULL)
 		fatal_f("sshbuf_new failed");
 	for (i = 0; authmethods[i] != NULL; i++) {
-		if (strcmp(authmethods[i]->name, "none") == 0)
+		if (strcmp(authmethods[i]->cfg->name, "none") == 0)
 			continue;
-		if (authmethods[i]->enabled == NULL ||
-		    *(authmethods[i]->enabled) == 0)
+		if (authmethods[i]->cfg->enabled == NULL ||
+		    *(authmethods[i]->cfg->enabled) == 0)
 			continue;
-		if (!auth2_method_allowed(authctxt, authmethods[i]->name,
+		if (!auth2_method_allowed(authctxt, authmethods[i]->cfg->name,
 		    NULL))
 			continue;
 		if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) ? "," : "",
-		    authmethods[i]->name)) != 0)
+		    authmethods[i]->cfg->name)) != 0)
 			fatal_fr(r, "buffer error");
 	}
 	if ((list = sshbuf_dup_string(b)) == NULL)
@@ -479,9 +477,9 @@
 	if (name == NULL)
 		fatal_f("NULL authentication method name");
 	for (i = 0; authmethods[i] != NULL; i++) {
-		if (strcmp(name, authmethods[i]->name) == 0 ||
-		    (authmethods[i]->synonym != NULL &&
-		    strcmp(name, authmethods[i]->synonym) == 0))
+		if (strcmp(name, authmethods[i]->cfg->name) == 0 ||
+		    (authmethods[i]->cfg->synonym != NULL &&
+		    strcmp(name, authmethods[i]->cfg->synonym) == 0))
 			return authmethods[i];
 	}
 	debug_f("unrecognized authentication method name: %s", name);
@@ -496,63 +494,16 @@
 	if ((method = authmethod_byname(name)) == NULL)
 		return NULL;
 
-	if (method->enabled == NULL || *(method->enabled) == 0) {
+	if (method->cfg->enabled == NULL || *(method->cfg->enabled) == 0) {
 		debug3_f("method %s not enabled", name);
 		return NULL;
 	}
-	if (!auth2_method_allowed(authctxt, method->name, NULL)) {
+	if (!auth2_method_allowed(authctxt, method->cfg->name, NULL)) {
 		debug3_f("method %s not allowed "
 		    "by AuthenticationMethods", name);
 		return NULL;
 	}
 	return method;
-}
-
-/*
- * Check a comma-separated list of methods for validity. Is need_enable is
- * non-zero, then also require that the methods are enabled.
- * Returns 0 on success or -1 if the methods list is invalid.
- */
-int
-auth2_methods_valid(const char *_methods, int need_enable)
-{
-	char *methods, *omethods, *method, *p;
-	u_int i, found;
-	int ret = -1;
-
-	if (*_methods == '\0') {
-		error("empty authentication method list");
-		return -1;
-	}
-	omethods = methods = xstrdup(_methods);
-	while ((method = strsep(&methods, ",")) != NULL) {
-		for (found = i = 0; !found && authmethods[i] != NULL; i++) {
-			if ((p = strchr(method, ':')) != NULL)
-				*p = '\0';
-			if (strcmp(method, authmethods[i]->name) != 0)
-				continue;
-			if (need_enable) {
-				if (authmethods[i]->enabled == NULL ||
-				    *(authmethods[i]->enabled) == 0) {
-					error("Disabled method \"%s\" in "
-					    "AuthenticationMethods list \"%s\"",
-					    method, _methods);
-					goto out;
-				}
-			}
-			found = 1;
-			break;
-		}
-		if (!found) {
-			error("Unknown authentication method \"%s\" in list",
-			    method);
-			goto out;
-		}
-	}
-	ret = 0;
- out:
-	free(omethods);
-	return ret;
 }
 
 /*