Forgot to check in before.

[openssh.git] / sshconnect2.c

diff --git a/sshconnect2.c b/sshconnect2.c
index 2e2452801c6ff9a9eb58ac2848de1755c15d8d0d..705aa4561ae03cc53759fa9a5ac0726b8beb30d6 100644 (file)
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.80 2001/06/26 20:14:11 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.83 2001/10/06 11:18:19 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -75,7 +75,7 @@ static int
 verify_host_key_callback(Key *hostkey)
 {
        if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
-               fatal("verify_host_key failed");
+               fatal("Host key verification failed.");
        return 0;
 }
 
@@ -164,6 +164,8 @@ struct Authctxt {
        /* hostbased */
        Key **keys;
        int nkeys;
+       /* kbd-interactive */
+       int info_req_seen;
 };
 struct Authmethod {
        char    *name;          /* string to compare against server's list */
@@ -195,22 +197,22 @@ static Authmethod *authmethod_lookup(const char *name);
 static char *authmethods_get(void);
 
 Authmethod authmethods[] = {
-       {"publickey",
-               userauth_pubkey,
-               &options.pubkey_authentication,
-               NULL},
        {"hostbased",
                userauth_hostbased,
                &options.hostbased_authentication,
                NULL},
-       {"password",
-               userauth_passwd,
-               &options.password_authentication,
-               &options.batch_mode},
+       {"publickey",
+               userauth_pubkey,
+               &options.pubkey_authentication,
+               NULL},
        {"keyboard-interactive",
                userauth_kbdint,
                &options.kbd_interactive_authentication,
                &options.batch_mode},
+       {"password",
+               userauth_passwd,
+               &options.password_authentication,
+               &options.batch_mode},
        {"none",
                userauth_none,
                NULL,
@@ -252,6 +254,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
                options.preferred_authentications = authmethods_get();
 
        /* setup authentication context */
+       memset(&authctxt, 0, sizeof(authctxt));
        authctxt.agent = ssh_get_authentication_connection();
        authctxt.server_user = server_user;
        authctxt.local_user = local_user;
@@ -262,6 +265,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
        authctxt.authlist = NULL;
        authctxt.keys = keys;
        authctxt.nkeys = nkeys;
+       authctxt.info_req_seen = 0;
        if (authctxt.method == NULL)
                fatal("ssh_userauth2: internal error: cannot send userauth none request");
 
@@ -739,6 +743,12 @@ userauth_kbdint(Authctxt *authctxt)
 
        if (attempt++ >= options.number_of_password_prompts)
                return 0;
+       /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
+       if (attempt > 1 && !authctxt->info_req_seen) {
+               debug3("userauth_kbdint: disable: no info_req_seen");
+               dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
+               return 0;
+       }
 
        debug2("userauth_kbdint");
        packet_start(SSH2_MSG_USERAUTH_REQUEST);
@@ -770,6 +780,8 @@ input_userauth_info_req(int type, int plen, void *ctxt)
        if (authctxt == NULL)
                fatal("input_userauth_info_req: no authentication context");
 
+       authctxt->info_req_seen = 1;
+
        name = packet_get_string(NULL);
        inst = packet_get_string(NULL);
        lang = packet_get_string(NULL);