summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2015-07-18 07:57:14 +0000
committerColin Watson <cjwatson@debian.org>2015-11-24 20:45:17 +0000
commit0bcdac377a097516ed875bfa000598d6cca86c13 (patch)
treec87de4279c6a59b90ffd6ef3a4487a250eec8c9f
parentfddd7fcb2ccb2cfdd88328d1149c0c31fcf21447 (diff)
only query each keyboard-interactive device once per authentication request regardless of how many times it is listed
ok markus@ Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=5b64f85bb811246c59ebab70aed331f26ba37b18 Forwarded: not-needed Last-Update: 2015-08-19 Patch-Name: backport-kbdint-duplicates.patch
-rw-r--r--auth2-chall.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/auth2-chall.c b/auth2-chall.c
index ddabe1a90..4aff09d80 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-chall.c,v 1.42 2015/01/19 20:07:45 markus Exp $ */ 1/* $OpenBSD: auth2-chall.c,v 1.43 2015/07/18 07:57:14 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2001 Per Allansson. All rights reserved. 4 * Copyright (c) 2001 Per Allansson. All rights reserved.
@@ -83,6 +83,7 @@ struct KbdintAuthctxt
83 void *ctxt; 83 void *ctxt;
84 KbdintDevice *device; 84 KbdintDevice *device;
85 u_int nreq; 85 u_int nreq;
86 u_int devices_done;
86}; 87};
87 88
88#ifdef USE_PAM 89#ifdef USE_PAM
@@ -169,11 +170,15 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt)
169 if (len == 0) 170 if (len == 0)
170 break; 171 break;
171 for (i = 0; devices[i]; i++) { 172 for (i = 0; devices[i]; i++) {
172 if (!auth2_method_allowed(authctxt, 173 if ((kbdintctxt->devices_done & (1 << i)) != 0 ||
174 !auth2_method_allowed(authctxt,
173 "keyboard-interactive", devices[i]->name)) 175 "keyboard-interactive", devices[i]->name))
174 continue; 176 continue;
175 if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0) 177 if (strncmp(kbdintctxt->devices, devices[i]->name,
178 len) == 0) {
176 kbdintctxt->device = devices[i]; 179 kbdintctxt->device = devices[i];
180 kbdintctxt->devices_done |= 1 << i;
181 }
177 } 182 }
178 t = kbdintctxt->devices; 183 t = kbdintctxt->devices;
179 kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL; 184 kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;