diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2007-03-01 21:31:28 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2007-03-01 21:31:28 +1100 |
| commit | 1d75f22c5d99ce1a4c7a87c7ae042a33fbeefefb (patch) | |
| tree | c2ba2b55799904f6954f858b0838d069677bf5af | |
| parent | cf0d2db2fa94c9e496c3fdd6bdf85e12d021cd50 (diff) | |
- dtucker@cvs.openbsd.org 2007/03/01 10:28:02
[auth2.c sshd_config.5 servconf.c]
Remove ChallengeResponseAuthentication support inside a Match
block as its interaction with KbdInteractive makes it difficult to
support. Also, relocate the CR/kbdint option special-case code into
servconf. "please commit" djm@, ok markus@ for the relocation.
| -rw-r--r-- | ChangeLog | 11 | ||||
| -rw-r--r-- | auth2.c | 6 | ||||
| -rw-r--r-- | servconf.c | 9 | ||||
| -rw-r--r-- | sshd_config.5 | 5 |
4 files changed, 19 insertions, 12 deletions
| @@ -1,3 +1,12 @@ | |||
| 1 | 20070301 | ||
| 2 | - (dtucker) OpenBSD CVS Sync | ||
| 3 | - dtucker@cvs.openbsd.org 2007/03/01 10:28:02 | ||
| 4 | [auth2.c sshd_config.5 servconf.c] | ||
| 5 | Remove ChallengeResponseAuthentication support inside a Match | ||
| 6 | block as its interaction with KbdInteractive makes it difficult to | ||
| 7 | support. Also, relocate the CR/kbdint option special-case code into | ||
| 8 | servconf. "please commit" djm@, ok markus@ for the relocation. | ||
| 9 | |||
| 1 | 20070228 | 10 | 20070228 |
| 2 | - (dtucker) OpenBSD CVS Sync | 11 | - (dtucker) OpenBSD CVS Sync |
| 3 | - dtucker@cvs.openbsd.org 2007/02/28 00:55:30 | 12 | - dtucker@cvs.openbsd.org 2007/02/28 00:55:30 |
| @@ -2773,4 +2782,4 @@ | |||
| 2773 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 2782 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
| 2774 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 2783 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
| 2775 | 2784 | ||
| 2776 | $Id: ChangeLog,v 1.4624 2007/02/28 10:19:58 dtucker Exp $ | 2785 | $Id: ChangeLog,v 1.4625 2007/03/01 10:31:28 dtucker Exp $ |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth2.c,v 1.113 2006/08/03 03:34:41 deraadt Exp $ */ | 1 | /* $OpenBSD: auth2.c,v 1.114 2007/03/01 10:28:02 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -96,10 +96,6 @@ int user_key_allowed(struct passwd *, Key *); | |||
| 96 | void | 96 | void |
| 97 | do_authentication2(Authctxt *authctxt) | 97 | do_authentication2(Authctxt *authctxt) |
| 98 | { | 98 | { |
| 99 | /* challenge-response is implemented via keyboard interactive */ | ||
| 100 | if (options.challenge_response_authentication) | ||
| 101 | options.kbd_interactive_authentication = 1; | ||
| 102 | |||
| 103 | dispatch_init(&dispatch_protocol_error); | 99 | dispatch_init(&dispatch_protocol_error); |
| 104 | dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request); | 100 | dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request); |
| 105 | dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt); | 101 | dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt); |
diff --git a/servconf.c b/servconf.c index c6a8043de..1e3c213a5 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: servconf.c,v 1.169 2007/02/22 12:58:40 dtucker Exp $ */ | 1 | /* $OpenBSD: servconf.c,v 1.170 2007/03/01 10:28:02 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 4 | * All rights reserved | 4 | * All rights reserved |
| @@ -357,7 +357,7 @@ static struct { | |||
| 357 | #endif | 357 | #endif |
| 358 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 358 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
| 359 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 359 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
| 360 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_ALL }, | 360 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
| 361 | { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ | 361 | { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ |
| 362 | { "checkmail", sDeprecated, SSHCFG_GLOBAL }, | 362 | { "checkmail", sDeprecated, SSHCFG_GLOBAL }, |
| 363 | { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, | 363 | { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, |
| @@ -1350,7 +1350,6 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
| 1350 | M_CP_INTOPT(kerberos_authentication); | 1350 | M_CP_INTOPT(kerberos_authentication); |
| 1351 | M_CP_INTOPT(hostbased_authentication); | 1351 | M_CP_INTOPT(hostbased_authentication); |
| 1352 | M_CP_INTOPT(kbd_interactive_authentication); | 1352 | M_CP_INTOPT(kbd_interactive_authentication); |
| 1353 | M_CP_INTOPT(challenge_response_authentication); | ||
| 1354 | 1353 | ||
| 1355 | M_CP_INTOPT(allow_tcp_forwarding); | 1354 | M_CP_INTOPT(allow_tcp_forwarding); |
| 1356 | M_CP_INTOPT(gateway_ports); | 1355 | M_CP_INTOPT(gateway_ports); |
| @@ -1388,4 +1387,8 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, | |||
| 1388 | if (bad_options > 0) | 1387 | if (bad_options > 0) |
| 1389 | fatal("%s: terminating, %d bad configuration options", | 1388 | fatal("%s: terminating, %d bad configuration options", |
| 1390 | filename, bad_options); | 1389 | filename, bad_options); |
| 1390 | |||
| 1391 | /* challenge-response is implemented via keyboard interactive */ | ||
| 1392 | if (options->challenge_response_authentication == 1) | ||
| 1393 | options->kbd_interactive_authentication = 1; | ||
| 1391 | } | 1394 | } |
diff --git a/sshd_config.5 b/sshd_config.5 index 54231d562..bcd0435e8 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -34,7 +34,7 @@ | |||
| 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 36 | .\" | 36 | .\" |
| 37 | .\" $OpenBSD: sshd_config.5,v 1.72 2007/02/19 10:45:58 dtucker Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.73 2007/03/01 10:28:02 dtucker Exp $ |
| 38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
| 39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
| 40 | .Os | 40 | .Os |
| @@ -513,12 +513,11 @@ keyword. | |||
| 513 | Available keywords are | 513 | Available keywords are |
| 514 | .Cm AllowTcpForwarding , | 514 | .Cm AllowTcpForwarding , |
| 515 | .Cm Banner , | 515 | .Cm Banner , |
| 516 | .Cm ChallengeResponseAuthentication , | ||
| 517 | .Cm ForceCommand , | 516 | .Cm ForceCommand , |
| 518 | .Cm GatewayPorts , | 517 | .Cm GatewayPorts , |
| 519 | .Cm GSSApiAuthentication , | 518 | .Cm GSSApiAuthentication , |
| 520 | .Cm KerberosAuthentication , | 519 | .Cm KerberosAuthentication , |
| 521 | .Cm KeyboardInteractiveAuthentication , | 520 | .Cm KbdInteractiveAuthentication , |
| 522 | .Cm PasswordAuthentication , | 521 | .Cm PasswordAuthentication , |
| 523 | .Cm PermitOpen , | 522 | .Cm PermitOpen , |
| 524 | .Cm RhostsRSAAuthentication , | 523 | .Cm RhostsRSAAuthentication , |