diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-09-12 18:29:00 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-09-12 18:29:00 +0000 |
commit | 7d199962015ad042208beb54cf4a8fb72053f468 (patch) | |
tree | 09c89d97fae22eb9fbbc40f97370031c53effb8d | |
parent | 520b55c8c410061c9a16417a6ec879967b1ea95a (diff) |
- markus@cvs.openbsd.org 2001/08/31 11:46:39
[sshconnect2.c]
disable kbd-interactive if we don't get
SSH2_MSG_USERAUTH_INFO_REQUEST messages
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | sshconnect2.c | 14 |
2 files changed, 18 insertions, 2 deletions
@@ -73,6 +73,10 @@ - markus@cvs.openbsd.org 2001/08/30 22:22:32 [ssh-keyscan.c] do not pass pointers to longjmp; fix from wayne@blorf.net + - markus@cvs.openbsd.org 2001/08/31 11:46:39 + [sshconnect2.c] + disable kbd-interactive if we don't get + SSH2_MSG_USERAUTH_INFO_REQUEST messages 20010815 - (bal) Fixed stray code in readconf.c that went in by mistake. @@ -6396,4 +6400,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1506 2001/09/12 18:05:05 mouring Exp $ +$Id: ChangeLog,v 1.1507 2001/09/12 18:29:00 mouring Exp $ diff --git a/sshconnect2.c b/sshconnect2.c index a86d0036..a7beb360 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.81 2001/07/23 09:06:28 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.82 2001/08/31 11:46:39 markus Exp $"); #include <openssl/bn.h> #include <openssl/md5.h> @@ -164,6 +164,8 @@ struct Authctxt { /* hostbased */ Key **keys; int nkeys; + /* kbd-interactive */ + int info_req_seen; }; struct Authmethod { char *name; /* string to compare against server's list */ @@ -252,6 +254,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, options.preferred_authentications = authmethods_get(); /* setup authentication context */ + memset(&authctxt, 0, sizeof(authctxt)); authctxt.agent = ssh_get_authentication_connection(); authctxt.server_user = server_user; authctxt.local_user = local_user; @@ -262,6 +265,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, authctxt.authlist = NULL; authctxt.keys = keys; authctxt.nkeys = nkeys; + authctxt.info_req_seen = 0; if (authctxt.method == NULL) fatal("ssh_userauth2: internal error: cannot send userauth none request"); @@ -739,6 +743,12 @@ userauth_kbdint(Authctxt *authctxt) if (attempt++ >= options.number_of_password_prompts) return 0; + /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */ + if (attempt > 1 && !authctxt->info_req_seen) { + debug3("userauth_kbdint: disable: no info_req_seen"); + dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL); + return 0; + } debug2("userauth_kbdint"); packet_start(SSH2_MSG_USERAUTH_REQUEST); @@ -770,6 +780,8 @@ input_userauth_info_req(int type, int plen, void *ctxt) if (authctxt == NULL) fatal("input_userauth_info_req: no authentication context"); + authctxt->info_req_seen = 1; + name = packet_get_string(NULL); inst = packet_get_string(NULL); lang = packet_get_string(NULL); |