diff options
| author | Damien Miller <djm@mindrot.org> | 2012-12-03 09:53:20 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2012-12-03 09:53:20 +1100 |
| commit | 15b05cfa17592da7470d7bd4b2de063188697471 (patch) | |
| tree | 50686085795dc25237f6aabe4c2a5963f38a6e06 /auth2-chall.c | |
| parent | aa5b3f831417bac9538d2b6f21d55fef278e8926 (diff) | |
- djm@cvs.openbsd.org 2012/12/02 20:34:10
[auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
[monitor.c monitor.h]
Fixes logging of partial authentication when privsep is enabled
Previously, we recorded "Failed xxx" since we reset authenticated before
calling auth_log() in auth2.c. This adds an explcit "Partial" state.
Add a "submethod" to auth_log() to report which submethod is used
for keyboard-interactive.
Fix multiple authentication when one of the methods is
keyboard-interactive.
ok markus@
Diffstat (limited to 'auth2-chall.c')
| -rw-r--r-- | auth2-chall.c | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/auth2-chall.c b/auth2-chall.c index e6dbffe22..8fdb33498 100644 --- a/auth2-chall.c +++ b/auth2-chall.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth2-chall.c,v 1.34 2008/12/09 04:32:22 djm Exp $ */ | 1 | /* $OpenBSD: auth2-chall.c,v 1.35 2012/12/02 20:34:09 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
| 4 | * Copyright (c) 2001 Per Allansson. All rights reserved. | 4 | * Copyright (c) 2001 Per Allansson. All rights reserved. |
| @@ -283,7 +283,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) | |||
| 283 | KbdintAuthctxt *kbdintctxt; | 283 | KbdintAuthctxt *kbdintctxt; |
| 284 | int authenticated = 0, res; | 284 | int authenticated = 0, res; |
| 285 | u_int i, nresp; | 285 | u_int i, nresp; |
| 286 | char **response = NULL, *method; | 286 | char *devicename = NULL, **response = NULL; |
| 287 | 287 | ||
| 288 | if (authctxt == NULL) | 288 | if (authctxt == NULL) |
| 289 | fatal("input_userauth_info_response: no authctxt"); | 289 | fatal("input_userauth_info_response: no authctxt"); |
| @@ -329,9 +329,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) | |||
| 329 | /* Failure! */ | 329 | /* Failure! */ |
| 330 | break; | 330 | break; |
| 331 | } | 331 | } |
| 332 | 332 | devicename = kbdintctxt->device->name; | |
| 333 | xasprintf(&method, "keyboard-interactive/%s", kbdintctxt->device->name); | ||
| 334 | |||
| 335 | if (!authctxt->postponed) { | 333 | if (!authctxt->postponed) { |
| 336 | if (authenticated) { | 334 | if (authenticated) { |
| 337 | auth2_challenge_stop(authctxt); | 335 | auth2_challenge_stop(authctxt); |
| @@ -341,8 +339,8 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) | |||
| 341 | auth2_challenge_start(authctxt); | 339 | auth2_challenge_start(authctxt); |
| 342 | } | 340 | } |
| 343 | } | 341 | } |
| 344 | userauth_finish(authctxt, authenticated, method); | 342 | userauth_finish(authctxt, authenticated, "keyboard-interactive", |
| 345 | xfree(method); | 343 | devicename); |
| 346 | } | 344 | } |
| 347 | 345 | ||
| 348 | void | 346 | void |