X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/41b2f31402be54e00944779e69cf43bc23fa413a..HEAD:/openssh/auth2-chall.c

diff --git a/openssh/auth2-chall.c b/openssh/auth2-chall.c
index 0d17093..5e6a691 100644
--- a/openssh/auth2-chall.c
+++ b/openssh/auth2-chall.c
@@ -23,11 +23,10 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: auth2-chall.c,v 1.20 2002/06/30 21:59:45 deraadt Exp $");
+RCSID("$OpenBSD: auth2-chall.c,v 1.8 2001/09/27 15:31:17 markus Exp $");
 
 #include "ssh2.h"
 #include "auth.h"
-#include "buffer.h"
 #include "packet.h"
 #include "xmalloc.h"
 #include "dispatch.h"
@@ -36,7 +35,7 @@ RCSID("$OpenBSD: auth2-chall.c,v 1.20 2002/06/30 21:59:45 deraadt Exp $");
 
 static int auth2_challenge_start(Authctxt *);
 static int send_userauth_info_request(Authctxt *);
-static void input_userauth_info_response(int, u_int32_t, void *);
+static void input_userauth_info_response(int, int, void *);
 
 #ifdef BSD_AUTH
 extern KbdintDevice bsdauth_device;
@@ -63,35 +62,30 @@ struct KbdintAuthctxt
 	char *devices;
 	void *ctxt;
 	KbdintDevice *device;
-	u_int nreq;
 };
 
 static KbdintAuthctxt *
 kbdint_alloc(const char *devs)
 {
 	KbdintAuthctxt *kbdintctxt;
-	Buffer b;
 	int i;
+	char buf[1024];
 
 	kbdintctxt = xmalloc(sizeof(KbdintAuthctxt));
 	if (strcmp(devs, "") == 0) {
-		buffer_init(&b);
+		buf[0] = '\0';
 		for (i = 0; devices[i]; i++) {
-			if (buffer_len(&b) > 0)
-				buffer_append(&b, ",", 1);
-			buffer_append(&b, devices[i]->name,
-			    strlen(devices[i]->name));
+			if (i != 0)
+				strlcat(buf, ",", sizeof(buf));
+			strlcat(buf, devices[i]->name, sizeof(buf));
 		}
-		buffer_append(&b, "\0", 1);
-		kbdintctxt->devices = xstrdup(buffer_ptr(&b));
-		buffer_free(&b);
+		debug("kbdint_alloc: devices '%s'", buf);
+		kbdintctxt->devices = xstrdup(buf);
 	} else {
 		kbdintctxt->devices = xstrdup(devs);
 	}
-	debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
 	kbdintctxt->ctxt = NULL;
 	kbdintctxt->device = NULL;
-	kbdintctxt->nreq = 0;
 
 	return kbdintctxt;
 }
@@ -157,23 +151,11 @@ auth2_challenge(Authctxt *authctxt, char *devs)
 
 	if (authctxt->user == NULL || !devs)
 		return 0;
-	if (authctxt->kbdintctxt == NULL)
+	if (authctxt->kbdintctxt == NULL) 
 		authctxt->kbdintctxt = kbdint_alloc(devs);
 	return auth2_challenge_start(authctxt);
 }
 
-/* unregister kbd-int callbacks and context */
-void
-auth2_challenge_stop(Authctxt *authctxt)
-{
-	/* unregister callback */
-	dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
-	if (authctxt->kbdintctxt != NULL)  {
-		kbdint_free(authctxt->kbdintctxt);
-		authctxt->kbdintctxt = NULL;
-	}
-}
-
 /* side effect: sets authctxt->postponed if a reply was sent*/
 static int
 auth2_challenge_start(Authctxt *authctxt)
@@ -184,18 +166,21 @@ auth2_challenge_start(Authctxt *authctxt)
 	    kbdintctxt->devices ?  kbdintctxt->devices : "<empty>");
 
 	if (kbdint_next_device(kbdintctxt) == 0) {
-		auth2_challenge_stop(authctxt);
+		kbdint_free(kbdintctxt);
+		authctxt->kbdintctxt = NULL;
 		return 0;
 	}
 	debug("auth2_challenge_start: trying authentication method '%s'",
 	    kbdintctxt->device->name);
 
 	if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) {
-		auth2_challenge_stop(authctxt);
+		kbdint_free(kbdintctxt);
+		authctxt->kbdintctxt = NULL;
 		return 0;
 	}
 	if (send_userauth_info_request(authctxt) == 0) {
-		auth2_challenge_stop(authctxt);
+		kbdint_free(kbdintctxt);
+		authctxt->kbdintctxt = NULL;
 		return 0;
 	}
 	dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
@@ -211,26 +196,26 @@ send_userauth_info_request(Authctxt *authctxt)
 	KbdintAuthctxt *kbdintctxt;
 	char *name, *instr, **prompts;
 	int i;
-	u_int *echo_on;
+	u_int numprompts, *echo_on;
 
 	kbdintctxt = authctxt->kbdintctxt;
 	if (kbdintctxt->device->query(kbdintctxt->ctxt,
-	    &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
+	    &name, &instr, &numprompts, &prompts, &echo_on))
 		return 0;
 
 	packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
 	packet_put_cstring(name);
 	packet_put_cstring(instr);
-	packet_put_cstring("");		/* language not used */
-	packet_put_int(kbdintctxt->nreq);
-	for (i = 0; i < kbdintctxt->nreq; i++) {
+	packet_put_cstring(""); 	/* language not used */
+	packet_put_int(numprompts);
+	for (i = 0; i < numprompts; i++) {
 		packet_put_cstring(prompts[i]);
 		packet_put_char(echo_on[i]);
 	}
 	packet_send();
 	packet_write_wait();
 
-	for (i = 0; i < kbdintctxt->nreq; i++)
+	for (i = 0; i < numprompts; i++)
 		xfree(prompts[i]);
 	xfree(prompts);
 	xfree(echo_on);
@@ -240,7 +225,7 @@ send_userauth_info_request(Authctxt *authctxt)
 }
 
 static void
-input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
+input_userauth_info_response(int type, int plen, void *ctxt)
 {
 	Authctxt *authctxt = ctxt;
 	KbdintAuthctxt *kbdintctxt;
@@ -258,16 +243,12 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
 
 	authctxt->postponed = 0;	/* reset */
 	nresp = packet_get_int();
-	if (nresp != kbdintctxt->nreq)
-		fatal("input_userauth_info_response: wrong number of replies");
-	if (nresp > 100)
-		fatal("input_userauth_info_response: too many replies");
 	if (nresp > 0) {
-		response = xmalloc(nresp * sizeof(char *));
+		response = xmalloc(nresp * sizeof(char*));
 		for (i = 0; i < nresp; i++)
 			response[i] = packet_get_string(NULL);
 	}
-	packet_check_eom();
+	packet_done();
 
 	if (authctxt->valid) {
 		res = kbdintctxt->device->respond(kbdintctxt->ctxt,
@@ -290,8 +271,10 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
 		break;
 	case 1:
 		/* Authentication needs further interaction */
-		if (send_userauth_info_request(authctxt) == 1)
-			authctxt->postponed = 1;
+		authctxt->postponed = 1;
+		if (send_userauth_info_request(authctxt) == 0) {
+			authctxt->postponed = 0;
+		}
 		break;
 	default:
 		/* Failure! */
@@ -301,12 +284,18 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
 	len = strlen("keyboard-interactive") + 2 +
 		strlen(kbdintctxt->device->name);
 	method = xmalloc(len);
-	snprintf(method, len, "keyboard-interactive/%s",
-	    kbdintctxt->device->name);
+	method[0] = '\0';
+	strlcat(method, "keyboard-interactive", len);
+	strlcat(method, "/", len);
+	strlcat(method, kbdintctxt->device->name, len);
 
 	if (!authctxt->postponed) {
+		/* unregister callback */
+		dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
+
 		if (authenticated) {
-			auth2_challenge_stop(authctxt);
+			kbdint_free(kbdintctxt);
+			authctxt->kbdintctxt = NULL;
 		} else {
 			/* start next device */
 			/* may set authctxt->postponed */
@@ -316,22 +305,3 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
 	userauth_finish(authctxt, authenticated, method);
 	xfree(method);
 }
-
-void
-privsep_challenge_enable(void)
-{
-#ifdef BSD_AUTH
-	extern KbdintDevice mm_bsdauth_device;
-#endif
-#ifdef SKEY
-	extern KbdintDevice mm_skey_device;
-#endif
-	/* As long as SSHv1 has devices[0] hard coded this is fine */
-#ifdef BSD_AUTH
-	devices[0] = &mm_bsdauth_device;
-#else
-#ifdef SKEY
-	devices[0] = &mm_skey_device;
-#endif
-#endif
-}