summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--sshconnect1.c56
2 files changed, 35 insertions, 26 deletions
diff --git a/ChangeLog b/ChangeLog
index ef9dd84b..8ba1a9e3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,11 @@
- (bal) Applied patch to include ssh-keyscan into Redhat's package, and
patch to install ssh-keyscan manpage. Patch by Pekka Savola
<pekka@netcore.fi>
+ - (bal) OpenbSD CVS update
+ - markus@cvs.openbsd.org 2000/12/10 17:01:53
+ [sshconnect1.c]
+ always request new challenge for skey/tis-auth, fixes interop with
+ other implementations; report from roth@feep.net
20001210
- (bal) OpenBSD CVS updates
diff --git a/sshconnect1.c b/sshconnect1.c
index 70932971..f95c031d 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.11 2000/11/25 16:42:53 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.12 2000/12/10 17:01:53 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dsa.h>
@@ -604,37 +604,41 @@ try_skey_authentication()
int type, i;
int payload_len;
unsigned int clen;
+ char prompt[1024];
char *challenge, *response;
debug("Doing skey authentication.");
- /* request a challenge */
- packet_start(SSH_CMSG_AUTH_TIS);
- packet_send();
- packet_write_wait();
-
- type = packet_read(&payload_len);
- if (type != SSH_SMSG_FAILURE &&
- type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
- packet_disconnect("Protocol error: got %d in response "
- "to skey-auth", type);
- }
- if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
- debug("No challenge for skey authentication.");
- return 0;
- }
- challenge = packet_get_string(&clen);
- packet_integrity_check(payload_len, (4 + clen), type);
- if (options.cipher == SSH_CIPHER_NONE)
- log("WARNING: Encryption is disabled! "
- "Reponse will be transmitted in clear text.");
- fprintf(stderr, "%s\n", challenge);
- xfree(challenge);
- fflush(stderr);
for (i = 0; i < options.number_of_password_prompts; i++) {
+ /* request a challenge */
+ packet_start(SSH_CMSG_AUTH_TIS);
+ packet_send();
+ packet_write_wait();
+
+ type = packet_read(&payload_len);
+ if (type != SSH_SMSG_FAILURE &&
+ type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
+ packet_disconnect("Protocol error: got %d in response "
+ "to skey-auth", type);
+ }
+ if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
+ debug("No challenge for skey authentication.");
+ return 0;
+ }
+ challenge = packet_get_string(&clen);
+ packet_integrity_check(payload_len, (4 + clen), type);
+ snprintf(prompt, sizeof prompt, "%s\nResponse: ", challenge);
+ xfree(challenge);
if (i != 0)
error("Permission denied, please try again.");
- response = read_passphrase("Response: ", 0);
+ if (options.cipher == SSH_CIPHER_NONE)
+ log("WARNING: Encryption is disabled! "
+ "Reponse will be transmitted in clear text.");
+ response = read_passphrase(prompt, 0);
+ if (strcmp(response, "") == 0) {
+ xfree(response);
+ break;
+ }
packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
packet_put_string(response, strlen(response));
memset(response, 0, strlen(response));
@@ -646,7 +650,7 @@ try_skey_authentication()
return 1;
if (type != SSH_SMSG_FAILURE)
packet_disconnect("Protocol error: got %d in response "
- "to skey-auth-reponse", type);
+ "to skey-auth-reponse", type);
}
/* failure */
return 0;