- dtucker@cvs.openbsd.org 2007/03/09 05:20:06

[servconf.c sshd.c] Move C/R -> kbdint special case to after the defaults have been loaded, which makes ChallengeResponse default to yes again. This was broken by the Match changes and not fixed properly subsequently. Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
author: Darren Tucker <dtucker@zip.com.au> 2007-03-21 20:38:53 +1100
committer: Darren Tucker <dtucker@zip.com.au> 2007-03-21 20:38:53 +1100
commit: 97b1bb568c534ce6cc664f2f91be5aa1b76ce4a4 (patch)
tree: 38d8793fe8cc3c97b8c5caac018aed95e8edfa85
parent: 5548e8cf2ea9be7c45cb6d1ee4b91e2c673123d3 (diff)
3 files changed, 16 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index 27aa603b9..977c8a29e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+20070321
+ - (dtucker) OpenBSD CVS Sync
+   - dtucker@cvs.openbsd.org 2007/03/09 05:20:06
+     [servconf.c sshd.c]
+     Move C/R -> kbdint special case to after the defaults have been
+     loaded, which makes ChallengeResponse default to yes again.  This
+     was broken by the Match changes and not fixed properly subsequently.
+     Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
 20070313
 - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include
   string.h to prevent warnings, from vapier at gentoo.org.
@@ -2826,4 +2835,4 @@
   OpenServer 6 and add osr5bigcrypt support so when someone migrates
   passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.4640 2007/03/13 10:00:45 dtucker Exp $
+$Id: ChangeLog,v 1.4641 2007/03/21 09:38:53 dtucker Exp $
diff --git a/servconf.c b/servconf.c
index 1e3c213a5..d98650251 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.170 2007/03/01 10:28:02 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.171 2007/03/09 05:20:06 dtucker Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -1387,8 +1387,4 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
        if (bad_options > 0)
                fatal("%s: terminating, %d bad configuration options",
                    filename, bad_options);
-        /* challenge-response is implemented via keyboard interactive */
-        if (options->challenge_response_authentication == 1)
-                options->kbd_interactive_authentication = 1;
 }
diff --git a/sshd.c b/sshd.c
index 0a76f2d3a..7135c4dd3 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.349 2007/02/21 11:00:05 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.350 2007/03/09 05:20:06 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1421,6 +1421,10 @@ main(int ac, char **av)
        /* Fill in default values for those options not explicitly set. */
        fill_default_server_options(&options);
+        /* challenge-response is implemented via keyboard interactive */
+        if (options.challenge_response_authentication)
+                options.kbd_interactive_authentication = 1;
        /* set default channel AF */
        channel_set_af(options.address_family);
author	Darren Tucker <dtucker@zip.com.au>	2007-03-21 20:38:53 +1100
committer	Darren Tucker <dtucker@zip.com.au>	2007-03-21 20:38:53 +1100
commit	97b1bb568c534ce6cc664f2f91be5aa1b76ce4a4 (patch)
tree	38d8793fe8cc3c97b8c5caac018aed95e8edfa85
parent	5548e8cf2ea9be7c45cb6d1ee4b91e2c673123d3 (diff)