diff options
-rw-r--r-- | ChangeLog | 10 | ||||
-rw-r--r-- | auth-chall.c | 44 |
2 files changed, 32 insertions, 22 deletions
@@ -1,3 +1,11 @@ | |||
1 | 20031117 | ||
2 | - (djm) OpenBSD CVS Sync | ||
3 | - djm@cvs.openbsd.org 2003/11/03 09:03:37 | ||
4 | [auth-chall.c] | ||
5 | make this a little more idiot-proof; ok markus@ | ||
6 | (includes portable-specific changes) | ||
7 | |||
8 | |||
1 | 20031115 | 9 | 20031115 |
2 | - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and | 10 | - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and |
3 | HP-UX, skip test on AIX. | 11 | HP-UX, skip test on AIX. |
@@ -1417,4 +1425,4 @@ | |||
1417 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. | 1425 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. |
1418 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au | 1426 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au |
1419 | 1427 | ||
1420 | $Id: ChangeLog,v 1.3097 2003/11/15 01:13:16 dtucker Exp $ | 1428 | $Id: ChangeLog,v 1.3098 2003/11/17 10:09:50 djm Exp $ |
diff --git a/auth-chall.c b/auth-chall.c index 00d6e0ec5..dd55d6eb0 100644 --- a/auth-chall.c +++ b/auth-chall.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth-chall.c,v 1.8 2001/05/18 14:13:28 markus Exp $"); | 26 | RCSID("$OpenBSD: auth-chall.c,v 1.9 2003/11/03 09:03:37 djm Exp $"); |
27 | 27 | ||
28 | #include "auth.h" | 28 | #include "auth.h" |
29 | #include "log.h" | 29 | #include "log.h" |
@@ -67,36 +67,38 @@ get_challenge(Authctxt *authctxt) | |||
67 | int | 67 | int |
68 | verify_response(Authctxt *authctxt, const char *response) | 68 | verify_response(Authctxt *authctxt, const char *response) |
69 | { | 69 | { |
70 | char *resp[1]; | 70 | char *resp[1], *name, *info, **prompts; |
71 | int res; | 71 | u_int i, numprompts, *echo_on; |
72 | int authenticated = 0; | ||
72 | 73 | ||
73 | if (device == NULL) | 74 | if (device == NULL) |
74 | return 0; | 75 | return 0; |
75 | if (authctxt->kbdintctxt == NULL) | 76 | if (authctxt->kbdintctxt == NULL) |
76 | return 0; | 77 | return 0; |
77 | resp[0] = (char *)response; | 78 | resp[0] = (char *)response; |
78 | res = device->respond(authctxt->kbdintctxt, 1, resp); | 79 | switch (device->respond(authctxt->kbdintctxt, 1, resp)) { |
79 | if (res == 1) { | 80 | case 0: /* Success */ |
80 | /* postponed - send a null query just in case */ | 81 | authenticated = 1; |
81 | char *name, *info, **prompts; | 82 | break; |
82 | u_int i, numprompts, *echo_on; | 83 | case 1: /* Postponed - retry with empty query for PAM */ |
84 | if ((device->query(authctxt->kbdintctxt, &name, &info, | ||
85 | &numprompts, &prompts, &echo_on)) != 0) | ||
86 | break; | ||
87 | if (numprompts == 0 && | ||
88 | device->respond(authctxt->kbdintctxt, 0, resp) == 0) | ||
89 | authenticated = 1; | ||
83 | 90 | ||
84 | res = device->query(authctxt->kbdintctxt, &name, &info, | 91 | for (i = 0; i < numprompts; i++) |
85 | &numprompts, &prompts, &echo_on); | 92 | xfree(prompts[i]); |
86 | if (res == 0) { | 93 | xfree(prompts); |
87 | for (i = 0; i < numprompts; i++) | 94 | xfree(name); |
88 | xfree(prompts[i]); | 95 | xfree(echo_on); |
89 | xfree(prompts); | 96 | xfree(info); |
90 | xfree(name); | 97 | break; |
91 | xfree(echo_on); | ||
92 | xfree(info); | ||
93 | } | ||
94 | /* if we received more prompts, we're screwed */ | ||
95 | res = (res == 0 && numprompts == 0) ? 0 : -1; | ||
96 | } | 98 | } |
97 | device->free_ctx(authctxt->kbdintctxt); | 99 | device->free_ctx(authctxt->kbdintctxt); |
98 | authctxt->kbdintctxt = NULL; | 100 | authctxt->kbdintctxt = NULL; |
99 | return res ? 0 : 1; | 101 | return authenticated; |
100 | } | 102 | } |
101 | void | 103 | void |
102 | abandon_challenge_response(Authctxt *authctxt) | 104 | abandon_challenge_response(Authctxt *authctxt) |