From 4f9f42a9bb6a6aa8f6100d873dc6344f2f9994de Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sat, 10 May 2003 19:28:02 +1000
Subject:  - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge
 with    proper challenge-response module

---
 auth-chall.c | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'auth-chall.c')

diff --git a/auth-chall.c b/auth-chall.c
index 45e0c345..6b7c8bd1 100644
--- a/auth-chall.c
+++ b/auth-chall.c
@@ -76,7 +76,33 @@ verify_response(Authctxt *authctxt, const char *response)
 		return 0;
 	resp[0] = (char *)response;
 	res = device->respond(authctxt->kbdintctxt, 1, resp);
+	if (res == 1) {
+		/* postponed - send a null query just in case */
+		char *name, *info, **prompts;
+		u_int i, numprompts, *echo_on;
+
+		res = device->query(authctxt->kbdintctxt, &name, &info,
+		    &numprompts, &prompts, &echo_on);
+		if (res == 0) {
+			for (i = 0; i < numprompts; i++)
+				xfree(prompts[i]);
+			xfree(prompts);
+			xfree(name);
+			xfree(echo_on);
+			xfree(info);
+		}
+		/* if we received more prompts, we're screwed */
+		res = (numprompts != 0);
+	}
 	device->free_ctx(authctxt->kbdintctxt);
 	authctxt->kbdintctxt = NULL;
 	return res ? 0 : 1;
 }
+void
+abandon_challenge_response(Authctxt *authctxt)
+{
+	if (authctxt->kbdintctxt != NULL) {
+		device->free_ctx(authctxt->kbdintctxt);
+		authctxt->kbdintctxt = NULL;
+	}
+}
-- 
cgit v1.2.3