X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/680cee3b13f3b5197cc438649719a36181466d1b..a7045e2e7435a176522df49a644f13d47b5291af:/openssh/auth2-chall.c diff --git a/openssh/auth2-chall.c b/openssh/auth2-chall.c index e1440f4..b147cad 100644 --- a/openssh/auth2-chall.c +++ b/openssh/auth2-chall.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2-chall.c,v 1.19 2002/06/26 13:55:37 markus Exp $"); +RCSID("$OpenBSD: auth2-chall.c,v 1.24 2005/07/17 07:17:54 djm Exp $"); #include "ssh2.h" #include "auth.h" @@ -31,8 +31,11 @@ RCSID("$OpenBSD: auth2-chall.c,v 1.19 2002/06/26 13:55:37 markus Exp $"); #include "packet.h" #include "xmalloc.h" #include "dispatch.h" -#include "auth.h" #include "log.h" +#include "servconf.h" + +/* import */ +extern ServerOptions options; static int auth2_challenge_start(Authctxt *); static int send_userauth_info_request(Authctxt *); @@ -41,6 +44,9 @@ static void input_userauth_info_response(int, u_int32_t, void *); #ifdef BSD_AUTH extern KbdintDevice bsdauth_device; #else +#ifdef USE_PAM +extern KbdintDevice sshpam_device; +#endif #ifdef SKEY extern KbdintDevice skey_device; #endif @@ -50,6 +56,9 @@ KbdintDevice *devices[] = { #ifdef BSD_AUTH &bsdauth_device, #else +#ifdef USE_PAM + &sshpam_device, +#endif #ifdef SKEY &skey_device, #endif @@ -66,6 +75,21 @@ struct KbdintAuthctxt u_int nreq; }; +#ifdef USE_PAM +void +remove_kbdint_device(const char *devname) +{ + int i, j; + + for (i = 0; devices[i] != NULL; i++) + if (strcmp(devices[i]->name, devname) == 0) { + for (j = i; devices[j] != NULL; j++) + devices[j] = devices[j+1]; + i--; + } +} +#endif + static KbdintAuthctxt * kbdint_alloc(const char *devs) { @@ -73,6 +97,11 @@ kbdint_alloc(const char *devs) Buffer b; int i; +#ifdef USE_PAM + if (!options.use_pam) + remove_kbdint_device("pam"); +#endif + kbdintctxt = xmalloc(sizeof(KbdintAuthctxt)); if (strcmp(devs, "") == 0) { buffer_init(&b); @@ -138,7 +167,7 @@ kbdint_next_device(KbdintAuthctxt *kbdintctxt) kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL; xfree(t); debug2("kbdint_next_device: devices %s", kbdintctxt->devices ? - kbdintctxt->devices : ""); + kbdintctxt->devices : ""); } while (kbdintctxt->devices && !kbdintctxt->device); return kbdintctxt->device ? 1 : 0; @@ -210,8 +239,7 @@ send_userauth_info_request(Authctxt *authctxt) { KbdintAuthctxt *kbdintctxt; char *name, *instr, **prompts; - int i; - u_int *echo_on; + u_int i, *echo_on; kbdintctxt = authctxt->kbdintctxt; if (kbdintctxt->device->query(kbdintctxt->ctxt, @@ -244,8 +272,8 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) { Authctxt *authctxt = ctxt; KbdintAuthctxt *kbdintctxt; - int i, authenticated = 0, res, len; - u_int nresp; + int authenticated = 0, res, len; + u_int i, nresp; char **response = NULL, *method; if (authctxt == NULL) @@ -263,18 +291,13 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) if (nresp > 100) fatal("input_userauth_info_response: too many replies"); if (nresp > 0) { - response = xmalloc(nresp * sizeof(char*)); + response = xmalloc(nresp * sizeof(char *)); for (i = 0; i < nresp; i++) response[i] = packet_get_string(NULL); } packet_check_eom(); - if (authctxt->valid) { - res = kbdintctxt->device->respond(kbdintctxt->ctxt, - nresp, response); - } else { - res = -1; - } + res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response); for (i = 0; i < nresp; i++) { memset(response[i], 'r', strlen(response[i])); @@ -286,7 +309,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) switch (res) { case 0: /* Success! */ - authenticated = 1; + authenticated = authctxt->valid ? 1 : 0; break; case 1: /* Authentication needs further interaction */ @@ -320,18 +343,27 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) void privsep_challenge_enable(void) { +#if defined(BSD_AUTH) || defined(USE_PAM) || defined(SKEY) + int n = 0; +#endif #ifdef BSD_AUTH extern KbdintDevice mm_bsdauth_device; #endif +#ifdef USE_PAM + extern KbdintDevice mm_sshpam_device; +#endif #ifdef SKEY extern KbdintDevice mm_skey_device; #endif - /* As long as SSHv1 has devices[0] hard coded this is fine */ + #ifdef BSD_AUTH - devices[0] = &mm_bsdauth_device; + devices[n++] = &mm_bsdauth_device; #else +#ifdef USE_PAM + devices[n++] = &mm_sshpam_device; +#endif #ifdef SKEY - devices[0] = &mm_skey_device; + devices[n++] = &mm_skey_device; #endif #endif }