- OpenBSD CVS Changes

   - [canohost.c]
     fix get_remote_port() and friends for sshd -i;
     Holger.Trapp@Informatik.TU-Chemnitz.DE
   - [mpaux.c]
     make code simpler. no need for memcpy. niels@ ok
   - [pty.c]
     namebuflen not sizeof namebuflen; bnd@ep-ag.com via djm@mindrot.org
     fix proto; markus
   - [ssh.1]
      typo; mark.baushke@solipsa.com
   - [channels.c ssh.c ssh.h sshd.c]
     type conflict for 'extern Type *options' in channels.c; dot@dotat.at
   - [sshconnect.c]
     move checking of hostkey into own function.
   - [version.h]
     OpenSSH-1.2.1

1 files changed, 20 insertions, 16 deletions

diff --git a/sshd.c b/sshd.c
index 55608c0a4..3e9ff907b 100644
--- a/sshd.c
+++ b/sshd.c
@@ -11,7 +11,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.37 1999/12/08 23:31:37 damien Exp $");
+RCSID("$Id: sshd.c,v 1.38 1999/12/13 23:47:16 damien Exp $");
 
 #include <poll.h>
 
@@ -960,7 +960,7 @@ do_connection()
         unsigned char check_bytes[8];
         char *user;
         unsigned int cipher_type, auth_mask, protocol_flags;
-        int plen, slen;
+        int plen, slen, ulen;
         u_int32_t rand = 0;
 
         /*
@@ -1139,11 +1139,8 @@ do_connection()
         packet_read_expect(&plen, SSH_CMSG_USER);
 
         /* Get the user name. */
-        {
-                int ulen;
-                user = packet_get_string(&ulen);
-                packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER);
-        }
+        user = packet_get_string(&ulen);
+        packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER);
 
         /* Destroy the private and public keys.  They will no longer be needed. */
         RSA_free(public_key);
@@ -1646,15 +1643,22 @@ do_fake_authloop(char *user)
 #ifdef SKEY
                 int dlen;
                 char *password, *skeyinfo;
-                if (options.password_authentication &&
-                    options.skey_authentication == 1 &&
-                    type == SSH_CMSG_AUTH_PASSWORD &&
-                    (password = packet_get_string(&dlen)) != NULL &&
-                    dlen == 5 &&
-                    strncasecmp(password, "s/key", 5) == 0 &&
+                /* Try to send a fake s/key challenge. */
+                if (options.skey_authentication == 1 &&
                     (skeyinfo = skey_fake_keyinfo(user)) != NULL) {
-                        /* Send a fake s/key challenge. */
-                        packet_send_debug(skeyinfo);
+                        if (type == SSH_CMSG_AUTH_TIS) {
+                                packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
+                                packet_put_string(skeyinfo, strlen(skeyinfo));
+                                packet_send();
+                                packet_write_wait();
+                                continue;
+                        } else if (type == SSH_CMSG_AUTH_PASSWORD &&
+                                   options.password_authentication &&
+                                   (password = packet_get_string(&dlen)) != NULL &&
+                                   dlen == 5 &&
+                                   strncasecmp(password, "s/key", 5) == 0 ) {
+                                packet_send_debug(skeyinfo);
+                        }
                 }
 #endif
                 if (attempt > AUTH_FAIL_MAX)
@@ -1836,7 +1840,7 @@ do_authenticated(struct passwd * pw)
                                 screen = packet_get_int();
                         else
                                 screen = 0;
-                        display = x11_create_display_inet(screen);
+                        display = x11_create_display_inet(screen, options.x11_display_offset);
                         if (!display)
                                 goto fail;