Remove the old in_commasep_string system.

It's just silly to have _two_ systems for traversing a string of comma-separated protocol ids. I think the new get_commasep_word technique for looping over the elements of a string is simpler and more general than the old membership-testing approach, and also it's necessary for the modern KEX untangling system (which has to be able to loop over one string, even if it used a membership test to check things in the other). So this commit rewrites the two remaining uses of in_commasep_string to use get_commasep_word instead, and deletes the former.
2025-07-18 11:31:00 -05:00 · 2018-12-06 18:35:27 +00:00
parent c99d37a7fe
commit 2cdff46d98
4 changed files with 36 additions and 65 deletions
--- a/ssh2userauth.c
+++ b/ssh2userauth.c
@ -575,26 +575,36 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
                /*
                 * Scan it for method identifiers we know about.
                 */
-                s->can_pubkey =
-                    in_commasep_string("publickey", methods.ptr, methods.len);
-                s->can_passwd =
-                    in_commasep_string("password", methods.ptr, methods.len);
-                s->can_keyb_inter =
-                    s->try_ki_auth &&
-                    in_commasep_string("keyboard-interactive",
-                                       methods.ptr, methods.len);
+                bool srv_pubkey = false, srv_passwd = false;
+                bool srv_keyb_inter = false, srv_gssapi = false;
+                bool srv_gssapi_keyex_auth = false;
+
+                for (ptrlen method; get_commasep_word(&methods, &method) ;) {
+                    if (ptrlen_eq_string(method, "publickey"))
+                        srv_pubkey = true;
+                    else if (ptrlen_eq_string(method, "password"))
+                        srv_passwd = true;
+                    else if (ptrlen_eq_string(method, "keyboard-interactive"))
+                        srv_keyb_inter = true;
+                    else if (ptrlen_eq_string(method, "gssapi-with-mic"))
+                        srv_gssapi = true;
+                    else if (ptrlen_eq_string(method, "gssapi-keyex"))
+                        srv_gssapi_keyex_auth = true;
+                }
+
+                /*
+                 * And combine those flags with our own configuration
+                 * and context to set the main can_foo variables.
+                 */
+                s->can_pubkey = srv_pubkey;
+                s->can_passwd = srv_passwd;
+                s->can_keyb_inter = s->try_ki_auth && srv_keyb_inter;
 #ifndef NO_GSSAPI
-                s->can_gssapi =
-                    s->try_gssapi_auth &&
-                    in_commasep_string("gssapi-with-mic",
-                                       methods.ptr, methods.len) &&
+                s->can_gssapi = s->try_gssapi_auth && srv_gssapi &&
                    s->shgss->libs->nlibraries > 0;
-                s->can_gssapi_keyex_auth =
-                    s->try_gssapi_kex_auth &&
-                    in_commasep_string("gssapi-keyex",
-                                       methods.ptr, methods.len) &&
-                    s->shgss->libs->nlibraries > 0 &&
-                    s->shgss->ctx;
+                s->can_gssapi_keyex_auth = s->try_gssapi_kex_auth &&
+                    srv_gssapi_keyex_auth &&
+                    s->shgss->libs->nlibraries > 0 && s->shgss->ctx;
 #endif
            }