diff options
| author | Damien Miller <djm@mindrot.org> | 2003-11-17 21:09:50 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2003-11-17 21:09:50 +1100 |
| commit | 3e8f41e6ac9b4c39c667067e4bad8160095743f9 (patch) | |
| tree | 7d12865457a4d9c65b33d5dbae89d2570c9e8d4e /auth-chall.c | |
| parent | 203c40b513853503417f030cd6557c6991431a97 (diff) | |
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2003/11/03 09:03:37
[auth-chall.c]
make this a little more idiot-proof; ok markus@
(includes portable-specific changes)
Diffstat (limited to 'auth-chall.c')
| -rw-r--r-- | auth-chall.c | 44 |
1 files changed, 23 insertions, 21 deletions
diff --git a/auth-chall.c b/auth-chall.c index 00d6e0ec5..dd55d6eb0 100644 --- a/auth-chall.c +++ b/auth-chall.c | |||
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: auth-chall.c,v 1.8 2001/05/18 14:13:28 markus Exp $"); | 26 | RCSID("$OpenBSD: auth-chall.c,v 1.9 2003/11/03 09:03:37 djm Exp $"); |
| 27 | 27 | ||
| 28 | #include "auth.h" | 28 | #include "auth.h" |
| 29 | #include "log.h" | 29 | #include "log.h" |
| @@ -67,36 +67,38 @@ get_challenge(Authctxt *authctxt) | |||
| 67 | int | 67 | int |
| 68 | verify_response(Authctxt *authctxt, const char *response) | 68 | verify_response(Authctxt *authctxt, const char *response) |
| 69 | { | 69 | { |
| 70 | char *resp[1]; | 70 | char *resp[1], *name, *info, **prompts; |
| 71 | int res; | 71 | u_int i, numprompts, *echo_on; |
| 72 | int authenticated = 0; | ||
| 72 | 73 | ||
| 73 | if (device == NULL) | 74 | if (device == NULL) |
| 74 | return 0; | 75 | return 0; |
| 75 | if (authctxt->kbdintctxt == NULL) | 76 | if (authctxt->kbdintctxt == NULL) |
| 76 | return 0; | 77 | return 0; |
| 77 | resp[0] = (char *)response; | 78 | resp[0] = (char *)response; |
| 78 | res = device->respond(authctxt->kbdintctxt, 1, resp); | 79 | switch (device->respond(authctxt->kbdintctxt, 1, resp)) { |
| 79 | if (res == 1) { | 80 | case 0: /* Success */ |
| 80 | /* postponed - send a null query just in case */ | 81 | authenticated = 1; |
| 81 | char *name, *info, **prompts; | 82 | break; |
| 82 | u_int i, numprompts, *echo_on; | 83 | case 1: /* Postponed - retry with empty query for PAM */ |
| 84 | if ((device->query(authctxt->kbdintctxt, &name, &info, | ||
| 85 | &numprompts, &prompts, &echo_on)) != 0) | ||
| 86 | break; | ||
| 87 | if (numprompts == 0 && | ||
| 88 | device->respond(authctxt->kbdintctxt, 0, resp) == 0) | ||
| 89 | authenticated = 1; | ||
| 83 | 90 | ||
| 84 | res = device->query(authctxt->kbdintctxt, &name, &info, | 91 | for (i = 0; i < numprompts; i++) |
| 85 | &numprompts, &prompts, &echo_on); | 92 | xfree(prompts[i]); |
| 86 | if (res == 0) { | 93 | xfree(prompts); |
| 87 | for (i = 0; i < numprompts; i++) | 94 | xfree(name); |
| 88 | xfree(prompts[i]); | 95 | xfree(echo_on); |
| 89 | xfree(prompts); | 96 | xfree(info); |
| 90 | xfree(name); | 97 | break; |
| 91 | xfree(echo_on); | ||
| 92 | xfree(info); | ||
| 93 | } | ||
| 94 | /* if we received more prompts, we're screwed */ | ||
| 95 | res = (res == 0 && numprompts == 0) ? 0 : -1; | ||
| 96 | } | 98 | } |
| 97 | device->free_ctx(authctxt->kbdintctxt); | 99 | device->free_ctx(authctxt->kbdintctxt); |
| 98 | authctxt->kbdintctxt = NULL; | 100 | authctxt->kbdintctxt = NULL; |
| 99 | return res ? 0 : 1; | 101 | return authenticated; |
| 100 | } | 102 | } |
| 101 | void | 103 | void |
| 102 | abandon_challenge_response(Authctxt *authctxt) | 104 | abandon_challenge_response(Authctxt *authctxt) |