diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | auth1.c | 6 | ||||
-rw-r--r-- | auth2.c | 9 | ||||
-rw-r--r-- | readconf.c | 27 | ||||
-rw-r--r-- | readconf.h | 5 | ||||
-rw-r--r-- | servconf.c | 17 | ||||
-rw-r--r-- | servconf.h | 5 | ||||
-rw-r--r-- | sshconnect1.c | 18 | ||||
-rw-r--r-- | sshconnect2.c | 5 | ||||
-rw-r--r-- | sshd.c | 4 |
10 files changed, 57 insertions, 44 deletions
@@ -15,6 +15,11 @@ | |||
15 | - stevesk@cvs.openbsd.org 2001/01/22 17:22:28 | 15 | - stevesk@cvs.openbsd.org 2001/01/22 17:22:28 |
16 | [sshconnect2.c sshd.c] | 16 | [sshconnect2.c sshd.c] |
17 | fix memory leaks in SSH2 key exchange; ok markus@ | 17 | fix memory leaks in SSH2 key exchange; ok markus@ |
18 | - markus@cvs.openbsd.org 2001/01/22 23:06:39 | ||
19 | [auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h | ||
20 | sshconnect1.c sshconnect2.c sshd.c] | ||
21 | rename skey -> challenge response. | ||
22 | auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled. | ||
18 | 23 | ||
19 | 24 | ||
20 | 20010122 | 25 | 20010122 |
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: auth1.c,v 1.13 2001/01/21 19:05:43 markus Exp $"); | 13 | RCSID("$OpenBSD: auth1.c,v 1.14 2001/01/22 23:06:39 markus Exp $"); |
14 | 14 | ||
15 | #ifdef HAVE_OSF_SIA | 15 | #ifdef HAVE_OSF_SIA |
16 | # include <sia.h> | 16 | # include <sia.h> |
@@ -281,7 +281,7 @@ do_authloop(Authctxt *authctxt) | |||
281 | 281 | ||
282 | case SSH_CMSG_AUTH_TIS: | 282 | case SSH_CMSG_AUTH_TIS: |
283 | debug("rcvd SSH_CMSG_AUTH_TIS"); | 283 | debug("rcvd SSH_CMSG_AUTH_TIS"); |
284 | if (options.skey_authentication == 1) { | 284 | if (options.challenge_reponse_authentication == 1) { |
285 | char *challenge = get_challenge(authctxt, authctxt->style); | 285 | char *challenge = get_challenge(authctxt, authctxt->style); |
286 | if (challenge != NULL) { | 286 | if (challenge != NULL) { |
287 | debug("sending challenge '%s'", challenge); | 287 | debug("sending challenge '%s'", challenge); |
@@ -296,7 +296,7 @@ do_authloop(Authctxt *authctxt) | |||
296 | 296 | ||
297 | case SSH_CMSG_AUTH_TIS_RESPONSE: | 297 | case SSH_CMSG_AUTH_TIS_RESPONSE: |
298 | debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE"); | 298 | debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE"); |
299 | if (options.skey_authentication == 1) { | 299 | if (options.challenge_reponse_authentication == 1) { |
300 | char *response = packet_get_string(&dlen); | 300 | char *response = packet_get_string(&dlen); |
301 | debug("got response '%s'", response); | 301 | debug("got response '%s'", response); |
302 | packet_integrity_check(plen, 4 + dlen, type); | 302 | packet_integrity_check(plen, 4 + dlen, type); |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth2.c,v 1.33 2001/01/22 08:32:53 markus Exp $"); | 26 | RCSID("$OpenBSD: auth2.c,v 1.34 2001/01/22 23:06:39 markus Exp $"); |
27 | 27 | ||
28 | #ifdef HAVE_OSF_SIA | 28 | #ifdef HAVE_OSF_SIA |
29 | # include <sia.h> | 29 | # include <sia.h> |
@@ -123,6 +123,10 @@ do_authentication2() | |||
123 | 123 | ||
124 | x_authctxt = authctxt; /*XXX*/ | 124 | x_authctxt = authctxt; /*XXX*/ |
125 | 125 | ||
126 | /* challenge-reponse is implemented via keyboard interactive */ | ||
127 | if (options.challenge_reponse_authentication) | ||
128 | options.kbd_interactive_authentication = 1; | ||
129 | |||
126 | #ifdef AFS | 130 | #ifdef AFS |
127 | /* If machine has AFS, set process authentication group. */ | 131 | /* If machine has AFS, set process authentication group. */ |
128 | if (k_hasafs()) { | 132 | if (k_hasafs()) { |
@@ -401,7 +405,8 @@ userauth_kbdint(Authctxt *authctxt) | |||
401 | 405 | ||
402 | debug("keyboard-interactive language %s devs %s", lang, devs); | 406 | debug("keyboard-interactive language %s devs %s", lang, devs); |
403 | 407 | ||
404 | authenticated = auth2_challenge(authctxt, devs); | 408 | if (options.challenge_reponse_authentication) |
409 | authenticated = auth2_challenge(authctxt, devs); | ||
405 | 410 | ||
406 | #ifdef USE_PAM | 411 | #ifdef USE_PAM |
407 | if (authenticated == 0) | 412 | if (authenticated == 0) |
diff --git a/readconf.c b/readconf.c index a10aaff1c..5c091c60c 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: readconf.c,v 1.58 2001/01/21 19:05:53 markus Exp $"); | 15 | RCSID("$OpenBSD: readconf.c,v 1.59 2001/01/22 23:06:39 markus Exp $"); |
16 | 16 | ||
17 | #include "ssh.h" | 17 | #include "ssh.h" |
18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
@@ -93,7 +93,7 @@ typedef enum { | |||
93 | oBadOption, | 93 | oBadOption, |
94 | oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication, | 94 | oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication, |
95 | oPasswordAuthentication, oRSAAuthentication, oFallBackToRsh, oUseRsh, | 95 | oPasswordAuthentication, oRSAAuthentication, oFallBackToRsh, oUseRsh, |
96 | oSkeyAuthentication, oXAuthLocation, | 96 | oChallengeResponseAuthentication, oXAuthLocation, |
97 | #ifdef KRB4 | 97 | #ifdef KRB4 |
98 | oKerberosAuthentication, | 98 | oKerberosAuthentication, |
99 | #endif /* KRB4 */ | 99 | #endif /* KRB4 */ |
@@ -104,7 +104,7 @@ typedef enum { | |||
104 | oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, | 104 | oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, |
105 | oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, | 105 | oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, |
106 | oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, | 106 | oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, |
107 | oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oTISAuthentication, | 107 | oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, |
108 | oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, | 108 | oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, |
109 | oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, | 109 | oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, |
110 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias | 110 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias |
@@ -127,8 +127,10 @@ static struct { | |||
127 | { "kbdinteractivedevices", oKbdInteractiveDevices }, | 127 | { "kbdinteractivedevices", oKbdInteractiveDevices }, |
128 | { "rsaauthentication", oRSAAuthentication }, | 128 | { "rsaauthentication", oRSAAuthentication }, |
129 | { "pubkeyauthentication", oPubkeyAuthentication }, | 129 | { "pubkeyauthentication", oPubkeyAuthentication }, |
130 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ | 130 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ |
131 | { "skeyauthentication", oSkeyAuthentication }, | 131 | { "challengeresponseauthentication", oChallengeResponseAuthentication }, |
132 | { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */ | ||
133 | { "tisauthentication", oChallengeResponseAuthentication }, /* alias */ | ||
132 | #ifdef KRB4 | 134 | #ifdef KRB4 |
133 | { "kerberosauthentication", oKerberosAuthentication }, | 135 | { "kerberosauthentication", oKerberosAuthentication }, |
134 | #endif /* KRB4 */ | 136 | #endif /* KRB4 */ |
@@ -165,7 +167,6 @@ static struct { | |||
165 | { "compressionlevel", oCompressionLevel }, | 167 | { "compressionlevel", oCompressionLevel }, |
166 | { "keepalive", oKeepAlives }, | 168 | { "keepalive", oKeepAlives }, |
167 | { "numberofpasswordprompts", oNumberOfPasswordPrompts }, | 169 | { "numberofpasswordprompts", oNumberOfPasswordPrompts }, |
168 | { "tisauthentication", oTISAuthentication }, | ||
169 | { "loglevel", oLogLevel }, | 170 | { "loglevel", oLogLevel }, |
170 | { NULL, 0 } | 171 | { NULL, 0 } |
171 | }; | 172 | }; |
@@ -318,10 +319,8 @@ parse_flag: | |||
318 | intptr = &options->rhosts_rsa_authentication; | 319 | intptr = &options->rhosts_rsa_authentication; |
319 | goto parse_flag; | 320 | goto parse_flag; |
320 | 321 | ||
321 | case oTISAuthentication: | 322 | case oChallengeResponseAuthentication: |
322 | /* fallthrough, there is no difference on the client side */ | 323 | intptr = &options->challenge_reponse_authentication; |
323 | case oSkeyAuthentication: | ||
324 | intptr = &options->skey_authentication; | ||
325 | goto parse_flag; | 324 | goto parse_flag; |
326 | 325 | ||
327 | #ifdef KRB4 | 326 | #ifdef KRB4 |
@@ -669,7 +668,7 @@ initialize_options(Options * options) | |||
669 | options->rhosts_authentication = -1; | 668 | options->rhosts_authentication = -1; |
670 | options->rsa_authentication = -1; | 669 | options->rsa_authentication = -1; |
671 | options->pubkey_authentication = -1; | 670 | options->pubkey_authentication = -1; |
672 | options->skey_authentication = -1; | 671 | options->challenge_reponse_authentication = -1; |
673 | #ifdef KRB4 | 672 | #ifdef KRB4 |
674 | options->kerberos_authentication = -1; | 673 | options->kerberos_authentication = -1; |
675 | #endif | 674 | #endif |
@@ -736,8 +735,8 @@ fill_default_options(Options * options) | |||
736 | options->rsa_authentication = 1; | 735 | options->rsa_authentication = 1; |
737 | if (options->pubkey_authentication == -1) | 736 | if (options->pubkey_authentication == -1) |
738 | options->pubkey_authentication = 1; | 737 | options->pubkey_authentication = 1; |
739 | if (options->skey_authentication == -1) | 738 | if (options->challenge_reponse_authentication == -1) |
740 | options->skey_authentication = 0; | 739 | options->challenge_reponse_authentication = 0; |
741 | #ifdef KRB4 | 740 | #ifdef KRB4 |
742 | if (options->kerberos_authentication == -1) | 741 | if (options->kerberos_authentication == -1) |
743 | options->kerberos_authentication = 1; | 742 | options->kerberos_authentication = 1; |
@@ -751,7 +750,7 @@ fill_default_options(Options * options) | |||
751 | if (options->password_authentication == -1) | 750 | if (options->password_authentication == -1) |
752 | options->password_authentication = 1; | 751 | options->password_authentication = 1; |
753 | if (options->kbd_interactive_authentication == -1) | 752 | if (options->kbd_interactive_authentication == -1) |
754 | options->kbd_interactive_authentication = 0; | 753 | options->kbd_interactive_authentication = 1; |
755 | if (options->rhosts_rsa_authentication == -1) | 754 | if (options->rhosts_rsa_authentication == -1) |
756 | options->rhosts_rsa_authentication = 1; | 755 | options->rhosts_rsa_authentication = 1; |
757 | if (options->fallback_to_rsh == -1) | 756 | if (options->fallback_to_rsh == -1) |
diff --git a/readconf.h b/readconf.h index 08ff70839..241b7165c 100644 --- a/readconf.h +++ b/readconf.h | |||
@@ -11,7 +11,7 @@ | |||
11 | * called by a name other than "ssh" or "Secure Shell". | 11 | * called by a name other than "ssh" or "Secure Shell". |
12 | */ | 12 | */ |
13 | 13 | ||
14 | /* RCSID("$OpenBSD: readconf.h,v 1.24 2000/12/27 12:30:20 markus Exp $"); */ | 14 | /* RCSID("$OpenBSD: readconf.h,v 1.25 2001/01/22 23:06:39 markus Exp $"); */ |
15 | 15 | ||
16 | #ifndef READCONF_H | 16 | #ifndef READCONF_H |
17 | #define READCONF_H | 17 | #define READCONF_H |
@@ -36,7 +36,8 @@ typedef struct { | |||
36 | * authentication. */ | 36 | * authentication. */ |
37 | int rsa_authentication; /* Try RSA authentication. */ | 37 | int rsa_authentication; /* Try RSA authentication. */ |
38 | int pubkey_authentication; /* Try ssh2 pubkey authentication. */ | 38 | int pubkey_authentication; /* Try ssh2 pubkey authentication. */ |
39 | int skey_authentication; /* Try S/Key or TIS authentication. */ | 39 | int challenge_reponse_authentication; |
40 | /* Try S/Key or TIS, authentication. */ | ||
40 | #ifdef KRB4 | 41 | #ifdef KRB4 |
41 | int kerberos_authentication; /* Try Kerberos | 42 | int kerberos_authentication; /* Try Kerberos |
42 | * authentication. */ | 43 | * authentication. */ |
diff --git a/servconf.c b/servconf.c index 7dfd040c8..2738c62e9 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: servconf.c,v 1.62 2001/01/21 19:05:55 markus Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.63 2001/01/22 23:06:39 markus Exp $"); |
14 | 14 | ||
15 | #ifdef KRB4 | 15 | #ifdef KRB4 |
16 | #include <krb.h> | 16 | #include <krb.h> |
@@ -77,7 +77,7 @@ initialize_server_options(ServerOptions *options) | |||
77 | #endif | 77 | #endif |
78 | options->password_authentication = -1; | 78 | options->password_authentication = -1; |
79 | options->kbd_interactive_authentication = -1; | 79 | options->kbd_interactive_authentication = -1; |
80 | options->skey_authentication = -1; | 80 | options->challenge_reponse_authentication = -1; |
81 | options->permit_empty_passwd = -1; | 81 | options->permit_empty_passwd = -1; |
82 | options->use_login = -1; | 82 | options->use_login = -1; |
83 | options->allow_tcp_forwarding = -1; | 83 | options->allow_tcp_forwarding = -1; |
@@ -171,8 +171,8 @@ fill_default_server_options(ServerOptions *options) | |||
171 | options->password_authentication = 1; | 171 | options->password_authentication = 1; |
172 | if (options->kbd_interactive_authentication == -1) | 172 | if (options->kbd_interactive_authentication == -1) |
173 | options->kbd_interactive_authentication = 0; | 173 | options->kbd_interactive_authentication = 0; |
174 | if (options->skey_authentication == -1) | 174 | if (options->challenge_reponse_authentication == -1) |
175 | options->skey_authentication = 1; | 175 | options->challenge_reponse_authentication = 1; |
176 | if (options->permit_empty_passwd == -1) | 176 | if (options->permit_empty_passwd == -1) |
177 | options->permit_empty_passwd = 0; | 177 | options->permit_empty_passwd = 0; |
178 | if (options->use_login == -1) | 178 | if (options->use_login == -1) |
@@ -201,7 +201,7 @@ typedef enum { | |||
201 | #ifdef AFS | 201 | #ifdef AFS |
202 | sKerberosTgtPassing, sAFSTokenPassing, | 202 | sKerberosTgtPassing, sAFSTokenPassing, |
203 | #endif | 203 | #endif |
204 | sSkeyAuthentication, | 204 | sChallengeResponseAuthentication, |
205 | sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, | 205 | sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, |
206 | sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, | 206 | sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, |
207 | sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, | 207 | sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, |
@@ -243,7 +243,8 @@ static struct { | |||
243 | #endif | 243 | #endif |
244 | { "passwordauthentication", sPasswordAuthentication }, | 244 | { "passwordauthentication", sPasswordAuthentication }, |
245 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, | 245 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, |
246 | { "skeyauthentication", sSkeyAuthentication }, | 246 | { "challengeresponseauthentication", sChallengeResponseAuthentication }, |
247 | { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */ | ||
247 | { "checkmail", sCheckMail }, | 248 | { "checkmail", sCheckMail }, |
248 | { "listenaddress", sListenAddress }, | 249 | { "listenaddress", sListenAddress }, |
249 | { "printmotd", sPrintMotd }, | 250 | { "printmotd", sPrintMotd }, |
@@ -537,8 +538,8 @@ parse_flag: | |||
537 | intptr = &options->check_mail; | 538 | intptr = &options->check_mail; |
538 | goto parse_flag; | 539 | goto parse_flag; |
539 | 540 | ||
540 | case sSkeyAuthentication: | 541 | case sChallengeResponseAuthentication: |
541 | intptr = &options->skey_authentication; | 542 | intptr = &options->challenge_reponse_authentication; |
542 | goto parse_flag; | 543 | goto parse_flag; |
543 | 544 | ||
544 | case sPrintMotd: | 545 | case sPrintMotd: |
diff --git a/servconf.h b/servconf.h index ea0694905..e31636701 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -11,7 +11,7 @@ | |||
11 | * called by a name other than "ssh" or "Secure Shell". | 11 | * called by a name other than "ssh" or "Secure Shell". |
12 | */ | 12 | */ |
13 | 13 | ||
14 | /* RCSID("$OpenBSD: servconf.h,v 1.34 2001/01/19 12:45:27 markus Exp $"); */ | 14 | /* RCSID("$OpenBSD: servconf.h,v 1.35 2001/01/22 23:06:40 markus Exp $"); */ |
15 | 15 | ||
16 | #ifndef SERVCONF_H | 16 | #ifndef SERVCONF_H |
17 | #define SERVCONF_H | 17 | #define SERVCONF_H |
@@ -80,8 +80,7 @@ typedef struct { | |||
80 | int password_authentication; /* If true, permit password | 80 | int password_authentication; /* If true, permit password |
81 | * authentication. */ | 81 | * authentication. */ |
82 | int kbd_interactive_authentication; /* If true, permit */ | 82 | int kbd_interactive_authentication; /* If true, permit */ |
83 | int skey_authentication; /* If true, permit s/key | 83 | int challenge_reponse_authentication; |
84 | * authentication. */ | ||
85 | int permit_empty_passwd; /* If false, do not permit empty | 84 | int permit_empty_passwd; /* If false, do not permit empty |
86 | * passwords. */ | 85 | * passwords. */ |
87 | int use_login; /* If true, login(1) is used */ | 86 | int use_login; /* If true, login(1) is used */ |
diff --git a/sshconnect1.c b/sshconnect1.c index 2c097256a..5a5a22227 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect1.c,v 1.19 2001/01/22 08:15:00 markus Exp $"); | 16 | RCSID("$OpenBSD: sshconnect1.c,v 1.20 2001/01/22 23:06:40 markus Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | #include <openssl/evp.h> | 19 | #include <openssl/evp.h> |
@@ -613,7 +613,7 @@ send_afs_tokens(void) | |||
613 | * Note that the client code is not tied to s/key or TIS. | 613 | * Note that the client code is not tied to s/key or TIS. |
614 | */ | 614 | */ |
615 | int | 615 | int |
616 | try_skey_authentication() | 616 | try_challenge_reponse_authentication() |
617 | { | 617 | { |
618 | int type, i; | 618 | int type, i; |
619 | int payload_len; | 619 | int payload_len; |
@@ -621,7 +621,7 @@ try_skey_authentication() | |||
621 | char prompt[1024]; | 621 | char prompt[1024]; |
622 | char *challenge, *response; | 622 | char *challenge, *response; |
623 | 623 | ||
624 | debug("Doing skey authentication."); | 624 | debug("Doing challenge reponse authentication."); |
625 | 625 | ||
626 | for (i = 0; i < options.number_of_password_prompts; i++) { | 626 | for (i = 0; i < options.number_of_password_prompts; i++) { |
627 | /* request a challenge */ | 627 | /* request a challenge */ |
@@ -633,10 +633,10 @@ try_skey_authentication() | |||
633 | if (type != SSH_SMSG_FAILURE && | 633 | if (type != SSH_SMSG_FAILURE && |
634 | type != SSH_SMSG_AUTH_TIS_CHALLENGE) { | 634 | type != SSH_SMSG_AUTH_TIS_CHALLENGE) { |
635 | packet_disconnect("Protocol error: got %d in response " | 635 | packet_disconnect("Protocol error: got %d in response " |
636 | "to skey-auth", type); | 636 | "to SSH_CMSG_AUTH_TIS", type); |
637 | } | 637 | } |
638 | if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) { | 638 | if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) { |
639 | debug("No challenge for skey authentication."); | 639 | debug("No challenge."); |
640 | return 0; | 640 | return 0; |
641 | } | 641 | } |
642 | challenge = packet_get_string(&clen); | 642 | challenge = packet_get_string(&clen); |
@@ -665,7 +665,7 @@ try_skey_authentication() | |||
665 | return 1; | 665 | return 1; |
666 | if (type != SSH_SMSG_FAILURE) | 666 | if (type != SSH_SMSG_FAILURE) |
667 | packet_disconnect("Protocol error: got %d in response " | 667 | packet_disconnect("Protocol error: got %d in response " |
668 | "to skey-auth-reponse", type); | 668 | "to SSH_CMSG_AUTH_TIS_RESPONSE", type); |
669 | } | 669 | } |
670 | /* failure */ | 670 | /* failure */ |
671 | return 0; | 671 | return 0; |
@@ -1018,10 +1018,10 @@ ssh_userauth( | |||
1018 | try_rsa_authentication(options.identity_files[i])) | 1018 | try_rsa_authentication(options.identity_files[i])) |
1019 | return; | 1019 | return; |
1020 | } | 1020 | } |
1021 | /* Try skey authentication if the server supports it. */ | 1021 | /* Try challenge response authentication if the server supports it. */ |
1022 | if ((supported_authentications & (1 << SSH_AUTH_TIS)) && | 1022 | if ((supported_authentications & (1 << SSH_AUTH_TIS)) && |
1023 | options.skey_authentication && !options.batch_mode) { | 1023 | options.challenge_reponse_authentication && !options.batch_mode) { |
1024 | if (try_skey_authentication()) | 1024 | if (try_challenge_reponse_authentication()) |
1025 | return; | 1025 | return; |
1026 | } | 1026 | } |
1027 | /* Try password authentication if the server supports it. */ | 1027 | /* Try password authentication if the server supports it. */ |
diff --git a/sshconnect2.c b/sshconnect2.c index 1b4422876..1d911b9bb 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: sshconnect2.c,v 1.38 2001/01/22 17:22:28 stevesk Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.39 2001/01/22 23:06:40 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
29 | #include <openssl/md5.h> | 29 | #include <openssl/md5.h> |
@@ -513,6 +513,9 @@ ssh_userauth2(const char *server_user, char *host) | |||
513 | int type; | 513 | int type; |
514 | int plen; | 514 | int plen; |
515 | 515 | ||
516 | if (options.challenge_reponse_authentication) | ||
517 | options.kbd_interactive_authentication = 1; | ||
518 | |||
516 | debug("send SSH2_MSG_SERVICE_REQUEST"); | 519 | debug("send SSH2_MSG_SERVICE_REQUEST"); |
517 | packet_start(SSH2_MSG_SERVICE_REQUEST); | 520 | packet_start(SSH2_MSG_SERVICE_REQUEST); |
518 | packet_put_cstring("ssh-userauth"); | 521 | packet_put_cstring("ssh-userauth"); |
@@ -40,7 +40,7 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | RCSID("$OpenBSD: sshd.c,v 1.156 2001/01/22 17:22:28 stevesk Exp $"); | 43 | RCSID("$OpenBSD: sshd.c,v 1.157 2001/01/22 23:06:40 markus Exp $"); |
44 | 44 | ||
45 | #include <openssl/dh.h> | 45 | #include <openssl/dh.h> |
46 | #include <openssl/bn.h> | 46 | #include <openssl/bn.h> |
@@ -1254,7 +1254,7 @@ do_ssh1_kex(void) | |||
1254 | if (options.afs_token_passing) | 1254 | if (options.afs_token_passing) |
1255 | auth_mask |= 1 << SSH_PASS_AFS_TOKEN; | 1255 | auth_mask |= 1 << SSH_PASS_AFS_TOKEN; |
1256 | #endif | 1256 | #endif |
1257 | if (options.skey_authentication == 1) | 1257 | if (options.challenge_reponse_authentication == 1) |
1258 | auth_mask |= 1 << SSH_AUTH_TIS; | 1258 | auth_mask |= 1 << SSH_AUTH_TIS; |
1259 | if (options.password_authentication) | 1259 | if (options.password_authentication) |
1260 | auth_mask |= 1 << SSH_AUTH_PASSWORD; | 1260 | auth_mask |= 1 << SSH_AUTH_PASSWORD; |