summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--sshconnect2.c14
2 files changed, 18 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index 40f69e84..8b9aa4dc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -73,6 +73,10 @@
- markus@cvs.openbsd.org 2001/08/30 22:22:32
[ssh-keyscan.c]
do not pass pointers to longjmp; fix from wayne@blorf.net
+ - markus@cvs.openbsd.org 2001/08/31 11:46:39
+ [sshconnect2.c]
+ disable kbd-interactive if we don't get
+ SSH2_MSG_USERAUTH_INFO_REQUEST messages
20010815
- (bal) Fixed stray code in readconf.c that went in by mistake.
@@ -6396,4 +6400,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1506 2001/09/12 18:05:05 mouring Exp $
+$Id: ChangeLog,v 1.1507 2001/09/12 18:29:00 mouring Exp $
diff --git a/sshconnect2.c b/sshconnect2.c
index a86d0036..a7beb360 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.81 2001/07/23 09:06:28 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.82 2001/08/31 11:46:39 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
@@ -164,6 +164,8 @@ struct Authctxt {
/* hostbased */
Key **keys;
int nkeys;
+ /* kbd-interactive */
+ int info_req_seen;
};
struct Authmethod {
char *name; /* string to compare against server's list */
@@ -252,6 +254,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
options.preferred_authentications = authmethods_get();
/* setup authentication context */
+ memset(&authctxt, 0, sizeof(authctxt));
authctxt.agent = ssh_get_authentication_connection();
authctxt.server_user = server_user;
authctxt.local_user = local_user;
@@ -262,6 +265,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
authctxt.authlist = NULL;
authctxt.keys = keys;
authctxt.nkeys = nkeys;
+ authctxt.info_req_seen = 0;
if (authctxt.method == NULL)
fatal("ssh_userauth2: internal error: cannot send userauth none request");
@@ -739,6 +743,12 @@ userauth_kbdint(Authctxt *authctxt)
if (attempt++ >= options.number_of_password_prompts)
return 0;
+ /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
+ if (attempt > 1 && !authctxt->info_req_seen) {
+ debug3("userauth_kbdint: disable: no info_req_seen");
+ dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
+ return 0;
+ }
debug2("userauth_kbdint");
packet_start(SSH2_MSG_USERAUTH_REQUEST);
@@ -770,6 +780,8 @@ input_userauth_info_req(int type, int plen, void *ctxt)
if (authctxt == NULL)
fatal("input_userauth_info_req: no authentication context");
+ authctxt->info_req_seen = 1;
+
name = packet_get_string(NULL);
inst = packet_get_string(NULL);
lang = packet_get_string(NULL);