diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-09-12 18:29:00 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-09-12 18:29:00 +0000 |
commit | 7d199962015ad042208beb54cf4a8fb72053f468 (patch) | |
tree | 09c89d97fae22eb9fbbc40f97370031c53effb8d | |
parent | 520b55c8c410061c9a16417a6ec879967b1ea95a (diff) |
- markus@cvs.openbsd.org 2001/08/31 11:46:39
[sshconnect2.c]
disable kbd-interactive if we don't get
SSH2_MSG_USERAUTH_INFO_REQUEST messages
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | sshconnect2.c | 14 |
2 files changed, 18 insertions, 2 deletions
@@ -73,6 +73,10 @@ | |||
73 | - markus@cvs.openbsd.org 2001/08/30 22:22:32 | 73 | - markus@cvs.openbsd.org 2001/08/30 22:22:32 |
74 | [ssh-keyscan.c] | 74 | [ssh-keyscan.c] |
75 | do not pass pointers to longjmp; fix from wayne@blorf.net | 75 | do not pass pointers to longjmp; fix from wayne@blorf.net |
76 | - markus@cvs.openbsd.org 2001/08/31 11:46:39 | ||
77 | [sshconnect2.c] | ||
78 | disable kbd-interactive if we don't get | ||
79 | SSH2_MSG_USERAUTH_INFO_REQUEST messages | ||
76 | 80 | ||
77 | 20010815 | 81 | 20010815 |
78 | - (bal) Fixed stray code in readconf.c that went in by mistake. | 82 | - (bal) Fixed stray code in readconf.c that went in by mistake. |
@@ -6396,4 +6400,4 @@ | |||
6396 | - Wrote replacements for strlcpy and mkdtemp | 6400 | - Wrote replacements for strlcpy and mkdtemp |
6397 | - Released 1.0pre1 | 6401 | - Released 1.0pre1 |
6398 | 6402 | ||
6399 | $Id: ChangeLog,v 1.1506 2001/09/12 18:05:05 mouring Exp $ | 6403 | $Id: ChangeLog,v 1.1507 2001/09/12 18:29:00 mouring Exp $ |
diff --git a/sshconnect2.c b/sshconnect2.c index a86d0036b..a7beb3600 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: sshconnect2.c,v 1.81 2001/07/23 09:06:28 markus Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.82 2001/08/31 11:46:39 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
29 | #include <openssl/md5.h> | 29 | #include <openssl/md5.h> |
@@ -164,6 +164,8 @@ struct Authctxt { | |||
164 | /* hostbased */ | 164 | /* hostbased */ |
165 | Key **keys; | 165 | Key **keys; |
166 | int nkeys; | 166 | int nkeys; |
167 | /* kbd-interactive */ | ||
168 | int info_req_seen; | ||
167 | }; | 169 | }; |
168 | struct Authmethod { | 170 | struct Authmethod { |
169 | char *name; /* string to compare against server's list */ | 171 | char *name; /* string to compare against server's list */ |
@@ -252,6 +254,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, | |||
252 | options.preferred_authentications = authmethods_get(); | 254 | options.preferred_authentications = authmethods_get(); |
253 | 255 | ||
254 | /* setup authentication context */ | 256 | /* setup authentication context */ |
257 | memset(&authctxt, 0, sizeof(authctxt)); | ||
255 | authctxt.agent = ssh_get_authentication_connection(); | 258 | authctxt.agent = ssh_get_authentication_connection(); |
256 | authctxt.server_user = server_user; | 259 | authctxt.server_user = server_user; |
257 | authctxt.local_user = local_user; | 260 | authctxt.local_user = local_user; |
@@ -262,6 +265,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, | |||
262 | authctxt.authlist = NULL; | 265 | authctxt.authlist = NULL; |
263 | authctxt.keys = keys; | 266 | authctxt.keys = keys; |
264 | authctxt.nkeys = nkeys; | 267 | authctxt.nkeys = nkeys; |
268 | authctxt.info_req_seen = 0; | ||
265 | if (authctxt.method == NULL) | 269 | if (authctxt.method == NULL) |
266 | fatal("ssh_userauth2: internal error: cannot send userauth none request"); | 270 | fatal("ssh_userauth2: internal error: cannot send userauth none request"); |
267 | 271 | ||
@@ -739,6 +743,12 @@ userauth_kbdint(Authctxt *authctxt) | |||
739 | 743 | ||
740 | if (attempt++ >= options.number_of_password_prompts) | 744 | if (attempt++ >= options.number_of_password_prompts) |
741 | return 0; | 745 | return 0; |
746 | /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */ | ||
747 | if (attempt > 1 && !authctxt->info_req_seen) { | ||
748 | debug3("userauth_kbdint: disable: no info_req_seen"); | ||
749 | dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL); | ||
750 | return 0; | ||
751 | } | ||
742 | 752 | ||
743 | debug2("userauth_kbdint"); | 753 | debug2("userauth_kbdint"); |
744 | packet_start(SSH2_MSG_USERAUTH_REQUEST); | 754 | packet_start(SSH2_MSG_USERAUTH_REQUEST); |
@@ -770,6 +780,8 @@ input_userauth_info_req(int type, int plen, void *ctxt) | |||
770 | if (authctxt == NULL) | 780 | if (authctxt == NULL) |
771 | fatal("input_userauth_info_req: no authentication context"); | 781 | fatal("input_userauth_info_req: no authentication context"); |
772 | 782 | ||
783 | authctxt->info_req_seen = 1; | ||
784 | |||
773 | name = packet_get_string(NULL); | 785 | name = packet_get_string(NULL); |
774 | inst = packet_get_string(NULL); | 786 | inst = packet_get_string(NULL); |
775 | lang = packet_get_string(NULL); | 787 | lang = packet_get_string(NULL); |