diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2007-03-01 21:31:28 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2007-03-01 21:31:28 +1100 |
| commit | 1d75f22c5d99ce1a4c7a87c7ae042a33fbeefefb (patch) | |
| tree | c2ba2b55799904f6954f858b0838d069677bf5af | |
| parent | cf0d2db2fa94c9e496c3fdd6bdf85e12d021cd50 (diff) | |
- dtucker@cvs.openbsd.org 2007/03/01 10:28:02
[auth2.c sshd_config.5 servconf.c]
Remove ChallengeResponseAuthentication support inside a Match
block as its interaction with KbdInteractive makes it difficult to
support. Also, relocate the CR/kbdint option special-case code into
servconf. "please commit" djm@, ok markus@ for the relocation.
| -rw-r--r-- | ChangeLog | 11 | ||||
| -rw-r--r-- | auth2.c | 6 | ||||
| -rw-r--r-- | servconf.c | 9 | ||||
| -rw-r--r-- | sshd_config.5 | 5 |
4 files changed, 19 insertions, 12 deletions
@@ -1,3 +1,12 @@ +20070301 + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2007/03/01 10:28:02 + [auth2.c sshd_config.5 servconf.c] + Remove ChallengeResponseAuthentication support inside a Match + block as its interaction with KbdInteractive makes it difficult to + support. Also, relocate the CR/kbdint option special-case code into + servconf. "please commit" djm@, ok markus@ for the relocation. + 20070228 - (dtucker) OpenBSD CVS Sync - dtucker@cvs.openbsd.org 2007/02/28 00:55:30 @@ -2773,4 +2782,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4624 2007/02/28 10:19:58 dtucker Exp $ +$Id: ChangeLog,v 1.4625 2007/03/01 10:31:28 dtucker Exp $ @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.113 2006/08/03 03:34:41 deraadt Exp $ */ +/* $OpenBSD: auth2.c,v 1.114 2007/03/01 10:28:02 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -96,10 +96,6 @@ int user_key_allowed(struct passwd *, Key *); void do_authentication2(Authctxt *authctxt) { - /* challenge-response is implemented via keyboard interactive */ - if (options.challenge_response_authentication) - options.kbd_interactive_authentication = 1; - dispatch_init(&dispatch_protocol_error); dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request); dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt); @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.169 2007/02/22 12:58:40 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.170 2007/03/01 10:28:02 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -357,7 +357,7 @@ static struct { #endif { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, - { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_ALL }, + { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ { "checkmail", sDeprecated, SSHCFG_GLOBAL }, { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, @@ -1350,7 +1350,6 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) M_CP_INTOPT(kerberos_authentication); M_CP_INTOPT(hostbased_authentication); M_CP_INTOPT(kbd_interactive_authentication); - M_CP_INTOPT(challenge_response_authentication); M_CP_INTOPT(allow_tcp_forwarding); M_CP_INTOPT(gateway_ports); @@ -1388,4 +1387,8 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, if (bad_options > 0) fatal("%s: terminating, %d bad configuration options", filename, bad_options); + + /* challenge-response is implemented via keyboard interactive */ + if (options->challenge_response_authentication == 1) + options->kbd_interactive_authentication = 1; } diff --git a/sshd_config.5 b/sshd_config.5 index 54231d56..bcd0435e 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.72 2007/02/19 10:45:58 dtucker Exp $ +.\" $OpenBSD: sshd_config.5,v 1.73 2007/03/01 10:28:02 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -513,12 +513,11 @@ keyword. Available keywords are .Cm AllowTcpForwarding , .Cm Banner , -.Cm ChallengeResponseAuthentication , .Cm ForceCommand , .Cm GatewayPorts , .Cm GSSApiAuthentication , .Cm KerberosAuthentication , -.Cm KeyboardInteractiveAuthentication , +.Cm KbdInteractiveAuthentication , .Cm PasswordAuthentication , .Cm PermitOpen , .Cm RhostsRSAAuthentication , |