http://www.sxw.org.uk/computing/patches/openssh-4.2p1-gsskex-20050926-2.patch

[gssapi-openssh.git] / openssh / auth2-chall.c

diff --git a/openssh/auth2-chall.c b/openssh/auth2-chall.c
index aacbf0bccebb19509760f91c4998f4a034fe9860..b147cadf373eeef671979cc56551ef156b3253f0 100644 (file)
--- a/openssh/auth2-chall.c
+++ b/openssh/auth2-chall.c
@@ -23,7 +23,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: auth2-chall.c,v 1.20 2002/06/30 21:59:45 deraadt Exp $");
+RCSID("$OpenBSD: auth2-chall.c,v 1.24 2005/07/17 07:17:54 djm Exp $");
 
 #include "ssh2.h"
 #include "auth.h"
@@ -31,8 +31,11 @@ RCSID("$OpenBSD: auth2-chall.c,v 1.20 2002/06/30 21:59:45 deraadt Exp $");
 #include "packet.h"
 #include "xmalloc.h"
 #include "dispatch.h"
-#include "auth.h"
 #include "log.h"
+#include "servconf.h"
+
+/* import */
+extern ServerOptions options;
 
 static int auth2_challenge_start(Authctxt *);
 static int send_userauth_info_request(Authctxt *);
@@ -72,6 +75,21 @@ struct KbdintAuthctxt
        u_int nreq;
 };
 
+#ifdef USE_PAM
+void
+remove_kbdint_device(const char *devname)
+{
+       int i, j;
+
+       for (i = 0; devices[i] != NULL; i++)
+               if (strcmp(devices[i]->name, devname) == 0) {
+                       for (j = i; devices[j] != NULL; j++)
+                               devices[j] = devices[j+1];
+                       i--;
+               }
+}
+#endif
+
 static KbdintAuthctxt *
 kbdint_alloc(const char *devs)
 {
@@ -79,6 +97,11 @@ kbdint_alloc(const char *devs)
        Buffer b;
        int i;
 
+#ifdef USE_PAM
+       if (!options.use_pam)
+               remove_kbdint_device("pam");
+#endif
+
        kbdintctxt = xmalloc(sizeof(KbdintAuthctxt));
        if (strcmp(devs, "") == 0) {
                buffer_init(&b);
@@ -144,7 +167,7 @@ kbdint_next_device(KbdintAuthctxt *kbdintctxt)
                kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
                xfree(t);
                debug2("kbdint_next_device: devices %s", kbdintctxt->devices ?
-                  kbdintctxt->devices : "<empty>");
+                   kbdintctxt->devices : "<empty>");
        } while (kbdintctxt->devices && !kbdintctxt->device);
 
        return kbdintctxt->device ? 1 : 0;
@@ -216,8 +239,7 @@ send_userauth_info_request(Authctxt *authctxt)
 {
        KbdintAuthctxt *kbdintctxt;
        char *name, *instr, **prompts;
-       int i;
-       u_int *echo_on;
+       u_int i, *echo_on;
 
        kbdintctxt = authctxt->kbdintctxt;
        if (kbdintctxt->device->query(kbdintctxt->ctxt,
@@ -250,8 +272,8 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
 {
        Authctxt *authctxt = ctxt;
        KbdintAuthctxt *kbdintctxt;
-       int i, authenticated = 0, res, len;
-       u_int nresp;
+       int authenticated = 0, res, len;
+       u_int i, nresp;
        char **response = NULL, *method;
 
        if (authctxt == NULL)
@@ -275,12 +297,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
        }
        packet_check_eom();
 
-       if (authctxt->valid) {
-               res = kbdintctxt->device->respond(kbdintctxt->ctxt,
-                   nresp, response);
-       } else {
-               res = -1;
-       }
+       res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
 
        for (i = 0; i < nresp; i++) {
                memset(response[i], 'r', strlen(response[i]));
@@ -292,7 +309,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
        switch (res) {
        case 0:
                /* Success! */
-               authenticated = 1;
+               authenticated = authctxt->valid ? 1 : 0;
                break;
        case 1:
                /* Authentication needs further interaction */