summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2007-03-01 21:31:28 +1100
committerDarren Tucker <dtucker@zip.com.au>2007-03-01 21:31:28 +1100
commit1d75f22c5d99ce1a4c7a87c7ae042a33fbeefefb (patch)
treec2ba2b55799904f6954f858b0838d069677bf5af
parentcf0d2db2fa94c9e496c3fdd6bdf85e12d021cd50 (diff)
- dtucker@cvs.openbsd.org 2007/03/01 10:28:02
[auth2.c sshd_config.5 servconf.c] Remove ChallengeResponseAuthentication support inside a Match block as its interaction with KbdInteractive makes it difficult to support. Also, relocate the CR/kbdint option special-case code into servconf. "please commit" djm@, ok markus@ for the relocation.
-rw-r--r--ChangeLog11
-rw-r--r--auth2.c6
-rw-r--r--servconf.c9
-rw-r--r--sshd_config.55
4 files changed, 19 insertions, 12 deletions
diff --git a/ChangeLog b/ChangeLog
index 79658c520..feee3ff98 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
120070301
2 - (dtucker) OpenBSD CVS Sync
3 - dtucker@cvs.openbsd.org 2007/03/01 10:28:02
4 [auth2.c sshd_config.5 servconf.c]
5 Remove ChallengeResponseAuthentication support inside a Match
6 block as its interaction with KbdInteractive makes it difficult to
7 support. Also, relocate the CR/kbdint option special-case code into
8 servconf. "please commit" djm@, ok markus@ for the relocation.
9
120070228 1020070228
2 - (dtucker) OpenBSD CVS Sync 11 - (dtucker) OpenBSD CVS Sync
3 - dtucker@cvs.openbsd.org 2007/02/28 00:55:30 12 - dtucker@cvs.openbsd.org 2007/02/28 00:55:30
@@ -2773,4 +2782,4 @@
2773 OpenServer 6 and add osr5bigcrypt support so when someone migrates 2782 OpenServer 6 and add osr5bigcrypt support so when someone migrates
2774 passwords between UnixWare and OpenServer they will still work. OK dtucker@ 2783 passwords between UnixWare and OpenServer they will still work. OK dtucker@
2775 2784
2776$Id: ChangeLog,v 1.4624 2007/02/28 10:19:58 dtucker Exp $ 2785$Id: ChangeLog,v 1.4625 2007/03/01 10:31:28 dtucker Exp $
diff --git a/auth2.c b/auth2.c
index 2d880b57c..b1a4e3635 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2.c,v 1.113 2006/08/03 03:34:41 deraadt Exp $ */ 1/* $OpenBSD: auth2.c,v 1.114 2007/03/01 10:28:02 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -96,10 +96,6 @@ int user_key_allowed(struct passwd *, Key *);
96void 96void
97do_authentication2(Authctxt *authctxt) 97do_authentication2(Authctxt *authctxt)
98{ 98{
99 /* challenge-response is implemented via keyboard interactive */
100 if (options.challenge_response_authentication)
101 options.kbd_interactive_authentication = 1;
102
103 dispatch_init(&dispatch_protocol_error); 99 dispatch_init(&dispatch_protocol_error);
104 dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request); 100 dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
105 dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt); 101 dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
diff --git a/servconf.c b/servconf.c
index c6a8043de..1e3c213a5 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: servconf.c,v 1.169 2007/02/22 12:58:40 dtucker Exp $ */ 1/* $OpenBSD: servconf.c,v 1.170 2007/03/01 10:28:02 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved 4 * All rights reserved
@@ -357,7 +357,7 @@ static struct {
357#endif 357#endif
358 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 358 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
359 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 359 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
360 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_ALL }, 360 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
361 { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ 361 { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
362 { "checkmail", sDeprecated, SSHCFG_GLOBAL }, 362 { "checkmail", sDeprecated, SSHCFG_GLOBAL },
363 { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, 363 { "listenaddress", sListenAddress, SSHCFG_GLOBAL },
@@ -1350,7 +1350,6 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
1350 M_CP_INTOPT(kerberos_authentication); 1350 M_CP_INTOPT(kerberos_authentication);
1351 M_CP_INTOPT(hostbased_authentication); 1351 M_CP_INTOPT(hostbased_authentication);
1352 M_CP_INTOPT(kbd_interactive_authentication); 1352 M_CP_INTOPT(kbd_interactive_authentication);
1353 M_CP_INTOPT(challenge_response_authentication);
1354 1353
1355 M_CP_INTOPT(allow_tcp_forwarding); 1354 M_CP_INTOPT(allow_tcp_forwarding);
1356 M_CP_INTOPT(gateway_ports); 1355 M_CP_INTOPT(gateway_ports);
@@ -1388,4 +1387,8 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
1388 if (bad_options > 0) 1387 if (bad_options > 0)
1389 fatal("%s: terminating, %d bad configuration options", 1388 fatal("%s: terminating, %d bad configuration options",
1390 filename, bad_options); 1389 filename, bad_options);
1390
1391 /* challenge-response is implemented via keyboard interactive */
1392 if (options->challenge_response_authentication == 1)
1393 options->kbd_interactive_authentication = 1;
1391} 1394}
diff --git a/sshd_config.5 b/sshd_config.5
index 54231d562..bcd0435e8 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd_config.5,v 1.72 2007/02/19 10:45:58 dtucker Exp $ 37.\" $OpenBSD: sshd_config.5,v 1.73 2007/03/01 10:28:02 dtucker Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD_CONFIG 5 39.Dt SSHD_CONFIG 5
40.Os 40.Os
@@ -513,12 +513,11 @@ keyword.
513Available keywords are 513Available keywords are
514.Cm AllowTcpForwarding , 514.Cm AllowTcpForwarding ,
515.Cm Banner , 515.Cm Banner ,
516.Cm ChallengeResponseAuthentication ,
517.Cm ForceCommand , 516.Cm ForceCommand ,
518.Cm GatewayPorts , 517.Cm GatewayPorts ,
519.Cm GSSApiAuthentication , 518.Cm GSSApiAuthentication ,
520.Cm KerberosAuthentication , 519.Cm KerberosAuthentication ,
521.Cm KeyboardInteractiveAuthentication , 520.Cm KbdInteractiveAuthentication ,
522.Cm PasswordAuthentication , 521.Cm PasswordAuthentication ,
523.Cm PermitOpen , 522.Cm PermitOpen ,
524.Cm RhostsRSAAuthentication , 523.Cm RhostsRSAAuthentication ,