- markus@cvs.openbsd.org 2001/08/31 11:46:39

[sshconnect2.c] disable kbd-interactive if we don't get SSH2_MSG_USERAUTH_INFO_REQUEST messages
author: Ben Lindstrom <mouring@eviladmin.org> 2001-09-12 18:29:00 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2001-09-12 18:29:00 +0000
commit: 7d199962015ad042208beb54cf4a8fb72053f468 (patch)
tree: 09c89d97fae22eb9fbbc40f97370031c53effb8d
parent: 520b55c8c410061c9a16417a6ec879967b1ea95a (diff)
2 files changed, 18 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index 40f69e845..8b9aa4dc8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -73,6 +73,10 @@
   - markus@cvs.openbsd.org 2001/08/30 22:22:32
     [ssh-keyscan.c]
     do not pass pointers to longjmp; fix from wayne@blorf.net
+   - markus@cvs.openbsd.org 2001/08/31 11:46:39
+     [sshconnect2.c]
+     disable kbd-interactive if we don't get 
+     SSH2_MSG_USERAUTH_INFO_REQUEST messages
 20010815
 - (bal) Fixed stray code in readconf.c that went in by mistake.
@@ -6396,4 +6400,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.1506 2001/09/12 18:05:05 mouring Exp $
+$Id: ChangeLog,v 1.1507 2001/09/12 18:29:00 mouring Exp $
diff --git a/sshconnect2.c b/sshconnect2.c
index a86d0036b..a7beb3600 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.81 2001/07/23 09:06:28 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.82 2001/08/31 11:46:39 markus Exp $");
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -164,6 +164,8 @@ struct Authctxt {
        /* hostbased */
        Key **keys;
        int nkeys;
+        /* kbd-interactive */
+        int info_req_seen;
 };
 struct Authmethod {
        char    *name;          /* string to compare against server's list */
@@ -252,6 +254,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
                options.preferred_authentications = authmethods_get();
        /* setup authentication context */
+        memset(&authctxt, 0, sizeof(authctxt));
        authctxt.agent = ssh_get_authentication_connection();
        authctxt.server_user = server_user;
        authctxt.local_user = local_user;
@@ -262,6 +265,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
        authctxt.authlist = NULL;
        authctxt.keys = keys;
        authctxt.nkeys = nkeys;
+        authctxt.info_req_seen = 0;
        if (authctxt.method == NULL)
                fatal("ssh_userauth2: internal error: cannot send userauth none request");
@@ -739,6 +743,12 @@ userauth_kbdint(Authctxt *authctxt)
        if (attempt++ >= options.number_of_password_prompts)
                return 0;
+        /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
+        if (attempt > 1 && !authctxt->info_req_seen) {
+                debug3("userauth_kbdint: disable: no info_req_seen");
+                dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
+                return 0;
+        }
        debug2("userauth_kbdint");
        packet_start(SSH2_MSG_USERAUTH_REQUEST);
@@ -770,6 +780,8 @@ input_userauth_info_req(int type, int plen, void *ctxt)
        if (authctxt == NULL)
                fatal("input_userauth_info_req: no authentication context");
+        authctxt->info_req_seen = 1;
        name = packet_get_string(NULL);
        inst = packet_get_string(NULL);
        lang = packet_get_string(NULL);
author	Ben Lindstrom <mouring@eviladmin.org>	2001-09-12 18:29:00 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2001-09-12 18:29:00 +0000
commit	7d199962015ad042208beb54cf4a8fb72053f468 (patch)
tree	09c89d97fae22eb9fbbc40f97370031c53effb8d
parent	520b55c8c410061c9a16417a6ec879967b1ea95a (diff)