From 15b05cfa17592da7470d7bd4b2de063188697471 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 3 Dec 2012 09:53:20 +1100 Subject: - djm@cvs.openbsd.org 2012/12/02 20:34:10 [auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c] [monitor.c monitor.h] Fixes logging of partial authentication when privsep is enabled Previously, we recorded "Failed xxx" since we reset authenticated before calling auth_log() in auth2.c. This adds an explcit "Partial" state. Add a "submethod" to auth_log() to report which submethod is used for keyboard-interactive. Fix multiple authentication when one of the methods is keyboard-interactive. ok markus@ --- auth2-chall.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'auth2-chall.c') diff --git a/auth2-chall.c b/auth2-chall.c index e6dbffe22..8fdb33498 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-chall.c,v 1.34 2008/12/09 04:32:22 djm Exp $ */ +/* $OpenBSD: auth2-chall.c,v 1.35 2012/12/02 20:34:09 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Per Allansson. All rights reserved. @@ -283,7 +283,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) KbdintAuthctxt *kbdintctxt; int authenticated = 0, res; u_int i, nresp; - char **response = NULL, *method; + char *devicename = NULL, **response = NULL; if (authctxt == NULL) fatal("input_userauth_info_response: no authctxt"); @@ -329,9 +329,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) /* Failure! */ break; } - - xasprintf(&method, "keyboard-interactive/%s", kbdintctxt->device->name); - + devicename = kbdintctxt->device->name; if (!authctxt->postponed) { if (authenticated) { auth2_challenge_stop(authctxt); @@ -341,8 +339,8 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) auth2_challenge_start(authctxt); } } - userauth_finish(authctxt, authenticated, method); - xfree(method); + userauth_finish(authctxt, authenticated, "keyboard-interactive", + devicename); } void -- cgit v1.2.3 From 55aca027ed24f8fdce43bd451ce96b89f979606c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 3 Dec 2012 11:25:30 +1100 Subject: - djm@cvs.openbsd.org 2012/12/03 00:14:06 [auth2-chall.c ssh-keygen.c] Fix compilation with -Wall -Werror (trivial type fixes) --- ChangeLog | 3 +++ auth2-chall.c | 5 +++-- ssh-keygen.c | 4 ++-- 3 files changed, 8 insertions(+), 4 deletions(-) (limited to 'auth2-chall.c') diff --git a/ChangeLog b/ChangeLog index 2e9c4e279..83b13d7d7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,9 @@ - djm@cvs.openbsd.org 2012/12/02 20:47:48 [Makefile regress/forward-control.sh] regress for AllowTcpForwarding local/remote; ok markus@ + - djm@cvs.openbsd.org 2012/12/03 00:14:06 + [auth2-chall.c ssh-keygen.c] + Fix compilation with -Wall -Werror (trivial type fixes) 20121114 - (djm) OpenBSD CVS Sync diff --git a/auth2-chall.c b/auth2-chall.c index 8fdb33498..6505d4009 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-chall.c,v 1.35 2012/12/02 20:34:09 djm Exp $ */ +/* $OpenBSD: auth2-chall.c,v 1.36 2012/12/03 00:14:06 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Per Allansson. All rights reserved. @@ -283,7 +283,8 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) KbdintAuthctxt *kbdintctxt; int authenticated = 0, res; u_int i, nresp; - char *devicename = NULL, **response = NULL; + const char *devicename = NULL; + char **response = NULL; if (authctxt == NULL) fatal("input_userauth_info_response: no authctxt"); diff --git a/ssh-keygen.c b/ssh-keygen.c index 2d8af679c..1bbe0b0a8 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.219 2012/11/14 02:32:15 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.220 2012/12/03 00:14:06 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -104,7 +104,7 @@ char *identity_comment = NULL; char *ca_key_path = NULL; /* Certificate serial number */ -long long cert_serial = 0; +unsigned long long cert_serial = 0; /* Key type when certifying */ u_int cert_key_type = SSH2_CERT_TYPE_USER; -- cgit v1.2.3