diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | auth.h | 3 | ||||
| -rw-r--r-- | auth2-chall.c | 35 | ||||
| -rw-r--r-- | auth2.c | 10 |
4 files changed, 28 insertions, 26 deletions
| @@ -8,6 +8,10 @@ | |||
| 8 | [channels.c pathnames.h] | 8 | [channels.c pathnames.h] |
| 9 | use only one path to X11 UNIX domain socket vs. an array of paths | 9 | use only one path to X11 UNIX domain socket vs. an array of paths |
| 10 | to try. report from djast@cs.toronto.edu. ok markus@ | 10 | to try. report from djast@cs.toronto.edu. ok markus@ |
| 11 | - markus@cvs.openbsd.org 2001/12/09 18:45:56 | ||
| 12 | [auth2.c auth2-chall.c auth.h] | ||
| 13 | add auth2_challenge_stop(), simplifies cleanup of kbd-int sessions, | ||
| 14 | fixes memleak. | ||
| 11 | 15 | ||
| 12 | 20011219 | 16 | 20011219 |
| 13 | - (stevesk) OpenBSD CVS sync X11 localhost display | 17 | - (stevesk) OpenBSD CVS sync X11 localhost display |
| @@ -7036,4 +7040,4 @@ | |||
| 7036 | - Wrote replacements for strlcpy and mkdtemp | 7040 | - Wrote replacements for strlcpy and mkdtemp |
| 7037 | - Released 1.0pre1 | 7041 | - Released 1.0pre1 |
| 7038 | 7042 | ||
| 7039 | $Id: ChangeLog,v 1.1694 2001/12/21 01:39:51 djm Exp $ | 7043 | $Id: ChangeLog,v 1.1695 2001/12/21 01:42:34 djm Exp $ |
| @@ -21,7 +21,7 @@ | |||
| 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 23 | * | 23 | * |
| 24 | * $OpenBSD: auth.h,v 1.22 2001/06/26 17:27:22 markus Exp $ | 24 | * $OpenBSD: auth.h,v 1.23 2001/12/09 18:45:56 markus Exp $ |
| 25 | */ | 25 | */ |
| 26 | #ifndef AUTH_H | 26 | #ifndef AUTH_H |
| 27 | #define AUTH_H | 27 | #define AUTH_H |
| @@ -130,6 +130,7 @@ void userauth_finish(Authctxt *, int, char *); | |||
| 130 | int auth_root_allowed(char *); | 130 | int auth_root_allowed(char *); |
| 131 | 131 | ||
| 132 | int auth2_challenge(Authctxt *, char *); | 132 | int auth2_challenge(Authctxt *, char *); |
| 133 | void auth2_challenge_stop(Authctxt *); | ||
| 133 | 134 | ||
| 134 | int allowed_user(struct passwd *); | 135 | int allowed_user(struct passwd *); |
| 135 | 136 | ||
diff --git a/auth2-chall.c b/auth2-chall.c index 5e6a691f8..4b97e47bd 100644 --- a/auth2-chall.c +++ b/auth2-chall.c | |||
| @@ -23,7 +23,7 @@ | |||
| 23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 24 | */ | 24 | */ |
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: auth2-chall.c,v 1.8 2001/09/27 15:31:17 markus Exp $"); | 26 | RCSID("$OpenBSD: auth2-chall.c,v 1.9 2001/12/09 18:45:56 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include "ssh2.h" | 28 | #include "ssh2.h" |
| 29 | #include "auth.h" | 29 | #include "auth.h" |
| @@ -156,6 +156,18 @@ auth2_challenge(Authctxt *authctxt, char *devs) | |||
| 156 | return auth2_challenge_start(authctxt); | 156 | return auth2_challenge_start(authctxt); |
| 157 | } | 157 | } |
| 158 | 158 | ||
| 159 | /* unregister kbd-int callbacks and context */ | ||
| 160 | void | ||
| 161 | auth2_challenge_stop(Authctxt *authctxt) | ||
| 162 | { | ||
| 163 | /* unregister callback */ | ||
| 164 | dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL); | ||
| 165 | if (authctxt->kbdintctxt != NULL) { | ||
| 166 | kbdint_free(authctxt->kbdintctxt); | ||
| 167 | authctxt->kbdintctxt = NULL; | ||
| 168 | } | ||
| 169 | } | ||
| 170 | |||
| 159 | /* side effect: sets authctxt->postponed if a reply was sent*/ | 171 | /* side effect: sets authctxt->postponed if a reply was sent*/ |
| 160 | static int | 172 | static int |
| 161 | auth2_challenge_start(Authctxt *authctxt) | 173 | auth2_challenge_start(Authctxt *authctxt) |
| @@ -166,21 +178,18 @@ auth2_challenge_start(Authctxt *authctxt) | |||
| 166 | kbdintctxt->devices ? kbdintctxt->devices : "<empty>"); | 178 | kbdintctxt->devices ? kbdintctxt->devices : "<empty>"); |
| 167 | 179 | ||
| 168 | if (kbdint_next_device(kbdintctxt) == 0) { | 180 | if (kbdint_next_device(kbdintctxt) == 0) { |
| 169 | kbdint_free(kbdintctxt); | 181 | auth2_challenge_stop(authctxt); |
| 170 | authctxt->kbdintctxt = NULL; | ||
| 171 | return 0; | 182 | return 0; |
| 172 | } | 183 | } |
| 173 | debug("auth2_challenge_start: trying authentication method '%s'", | 184 | debug("auth2_challenge_start: trying authentication method '%s'", |
| 174 | kbdintctxt->device->name); | 185 | kbdintctxt->device->name); |
| 175 | 186 | ||
| 176 | if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) { | 187 | if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) { |
| 177 | kbdint_free(kbdintctxt); | 188 | auth2_challenge_stop(authctxt); |
| 178 | authctxt->kbdintctxt = NULL; | ||
| 179 | return 0; | 189 | return 0; |
| 180 | } | 190 | } |
| 181 | if (send_userauth_info_request(authctxt) == 0) { | 191 | if (send_userauth_info_request(authctxt) == 0) { |
| 182 | kbdint_free(kbdintctxt); | 192 | auth2_challenge_stop(authctxt); |
| 183 | authctxt->kbdintctxt = NULL; | ||
| 184 | return 0; | 193 | return 0; |
| 185 | } | 194 | } |
| 186 | dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, | 195 | dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, |
| @@ -271,10 +280,8 @@ input_userauth_info_response(int type, int plen, void *ctxt) | |||
| 271 | break; | 280 | break; |
| 272 | case 1: | 281 | case 1: |
| 273 | /* Authentication needs further interaction */ | 282 | /* Authentication needs further interaction */ |
| 274 | authctxt->postponed = 1; | 283 | if (send_userauth_info_request(authctxt) == 1) |
| 275 | if (send_userauth_info_request(authctxt) == 0) { | 284 | authctxt->postponed = 1; |
| 276 | authctxt->postponed = 0; | ||
| 277 | } | ||
| 278 | break; | 285 | break; |
| 279 | default: | 286 | default: |
| 280 | /* Failure! */ | 287 | /* Failure! */ |
| @@ -290,12 +297,8 @@ input_userauth_info_response(int type, int plen, void *ctxt) | |||
| 290 | strlcat(method, kbdintctxt->device->name, len); | 297 | strlcat(method, kbdintctxt->device->name, len); |
| 291 | 298 | ||
| 292 | if (!authctxt->postponed) { | 299 | if (!authctxt->postponed) { |
| 293 | /* unregister callback */ | ||
| 294 | dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL); | ||
| 295 | |||
| 296 | if (authenticated) { | 300 | if (authenticated) { |
| 297 | kbdint_free(kbdintctxt); | 301 | auth2_challenge_stop(authctxt); |
| 298 | authctxt->kbdintctxt = NULL; | ||
| 299 | } else { | 302 | } else { |
| 300 | /* start next device */ | 303 | /* start next device */ |
| 301 | /* may set authctxt->postponed */ | 304 | /* may set authctxt->postponed */ |
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: auth2.c,v 1.74 2001/12/05 03:56:39 itojun Exp $"); | 26 | RCSID("$OpenBSD: auth2.c,v 1.75 2001/12/09 18:45:56 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include <openssl/evp.h> | 28 | #include <openssl/evp.h> |
| 29 | 29 | ||
| @@ -220,14 +220,8 @@ input_userauth_request(int type, int plen, void *ctxt) | |||
| 220 | authctxt->user, authctxt->service, user, service); | 220 | authctxt->user, authctxt->service, user, service); |
| 221 | } | 221 | } |
| 222 | /* reset state */ | 222 | /* reset state */ |
| 223 | dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &protocol_error); | 223 | auth2_challenge_stop(authctxt); |
| 224 | authctxt->postponed = 0; | 224 | authctxt->postponed = 0; |
| 225 | #ifdef BSD_AUTH | ||
| 226 | if (authctxt->as) { | ||
| 227 | auth_close(authctxt->as); | ||
| 228 | authctxt->as = NULL; | ||
| 229 | } | ||
| 230 | #endif | ||
| 231 | 225 | ||
| 232 | /* try to authenticate user */ | 226 | /* try to authenticate user */ |
| 233 | m = authmethod_lookup(method); | 227 | m = authmethod_lookup(method); |