summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2007-03-01 21:31:28 +1100
committerDarren Tucker <dtucker@zip.com.au>2007-03-01 21:31:28 +1100
commit1d75f22c5d99ce1a4c7a87c7ae042a33fbeefefb (patch)
treec2ba2b55799904f6954f858b0838d069677bf5af
parentcf0d2db2fa94c9e496c3fdd6bdf85e12d021cd50 (diff)
- dtucker@cvs.openbsd.org 2007/03/01 10:28:02
[auth2.c sshd_config.5 servconf.c] Remove ChallengeResponseAuthentication support inside a Match block as its interaction with KbdInteractive makes it difficult to support. Also, relocate the CR/kbdint option special-case code into servconf. "please commit" djm@, ok markus@ for the relocation.
-rw-r--r--ChangeLog11
-rw-r--r--auth2.c6
-rw-r--r--servconf.c9
-rw-r--r--sshd_config.55
4 files changed, 19 insertions, 12 deletions
diff --git a/ChangeLog b/ChangeLog
index 79658c52..feee3ff9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+20070301
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2007/03/01 10:28:02
+ [auth2.c sshd_config.5 servconf.c]
+ Remove ChallengeResponseAuthentication support inside a Match
+ block as its interaction with KbdInteractive makes it difficult to
+ support. Also, relocate the CR/kbdint option special-case code into
+ servconf. "please commit" djm@, ok markus@ for the relocation.
+
20070228
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2007/02/28 00:55:30
@@ -2773,4 +2782,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.4624 2007/02/28 10:19:58 dtucker Exp $
+$Id: ChangeLog,v 1.4625 2007/03/01 10:31:28 dtucker Exp $
diff --git a/auth2.c b/auth2.c
index 2d880b57..b1a4e363 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.113 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth2.c,v 1.114 2007/03/01 10:28:02 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -96,10 +96,6 @@ int user_key_allowed(struct passwd *, Key *);
void
do_authentication2(Authctxt *authctxt)
{
- /* challenge-response is implemented via keyboard interactive */
- if (options.challenge_response_authentication)
- options.kbd_interactive_authentication = 1;
-
dispatch_init(&dispatch_protocol_error);
dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
diff --git a/servconf.c b/servconf.c
index c6a8043d..1e3c213a 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.169 2007/02/22 12:58:40 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.170 2007/03/01 10:28:02 dtucker Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -357,7 +357,7 @@ static struct {
#endif
{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
- { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_ALL },
+ { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
{ "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
{ "checkmail", sDeprecated, SSHCFG_GLOBAL },
{ "listenaddress", sListenAddress, SSHCFG_GLOBAL },
@@ -1350,7 +1350,6 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
M_CP_INTOPT(kerberos_authentication);
M_CP_INTOPT(hostbased_authentication);
M_CP_INTOPT(kbd_interactive_authentication);
- M_CP_INTOPT(challenge_response_authentication);
M_CP_INTOPT(allow_tcp_forwarding);
M_CP_INTOPT(gateway_ports);
@@ -1388,4 +1387,8 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
if (bad_options > 0)
fatal("%s: terminating, %d bad configuration options",
filename, bad_options);
+
+ /* challenge-response is implemented via keyboard interactive */
+ if (options->challenge_response_authentication == 1)
+ options->kbd_interactive_authentication = 1;
}
diff --git a/sshd_config.5 b/sshd_config.5
index 54231d56..bcd0435e 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.72 2007/02/19 10:45:58 dtucker Exp $
+.\" $OpenBSD: sshd_config.5,v 1.73 2007/03/01 10:28:02 dtucker Exp $
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
.Os
@@ -513,12 +513,11 @@ keyword.
Available keywords are
.Cm AllowTcpForwarding ,
.Cm Banner ,
-.Cm ChallengeResponseAuthentication ,
.Cm ForceCommand ,
.Cm GatewayPorts ,
.Cm GSSApiAuthentication ,
.Cm KerberosAuthentication ,
-.Cm KeyboardInteractiveAuthentication ,
+.Cm KbdInteractiveAuthentication ,
.Cm PasswordAuthentication ,
.Cm PermitOpen ,
.Cm RhostsRSAAuthentication ,