*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.80 2001/06/26 20:14:11 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.83 2001/10/06 11:18:19 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
verify_host_key_callback(Key *hostkey)
{
if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
- fatal("verify_host_key failed");
+ fatal("Host key verification failed.");
return 0;
}
/* hostbased */
Key **keys;
int nkeys;
+ /* kbd-interactive */
+ int info_req_seen;
};
struct Authmethod {
char *name; /* string to compare against server's list */
static char *authmethods_get(void);
Authmethod authmethods[] = {
- {"publickey",
- userauth_pubkey,
- &options.pubkey_authentication,
- NULL},
{"hostbased",
userauth_hostbased,
&options.hostbased_authentication,
NULL},
- {"password",
- userauth_passwd,
- &options.password_authentication,
- &options.batch_mode},
+ {"publickey",
+ userauth_pubkey,
+ &options.pubkey_authentication,
+ NULL},
{"keyboard-interactive",
userauth_kbdint,
&options.kbd_interactive_authentication,
&options.batch_mode},
+ {"password",
+ userauth_passwd,
+ &options.password_authentication,
+ &options.batch_mode},
{"none",
userauth_none,
NULL,
options.preferred_authentications = authmethods_get();
/* setup authentication context */
+ memset(&authctxt, 0, sizeof(authctxt));
authctxt.agent = ssh_get_authentication_connection();
authctxt.server_user = server_user;
authctxt.local_user = local_user;
authctxt.authlist = NULL;
authctxt.keys = keys;
authctxt.nkeys = nkeys;
+ authctxt.info_req_seen = 0;
if (authctxt.method == NULL)
fatal("ssh_userauth2: internal error: cannot send userauth none request");
if (attempt++ >= options.number_of_password_prompts)
return 0;
+ /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
+ if (attempt > 1 && !authctxt->info_req_seen) {
+ debug3("userauth_kbdint: disable: no info_req_seen");
+ dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
+ return 0;
+ }
debug2("userauth_kbdint");
packet_start(SSH2_MSG_USERAUTH_REQUEST);
if (authctxt == NULL)
fatal("input_userauth_info_req: no authentication context");
+ authctxt->info_req_seen = 1;
+
name = packet_get_string(NULL);
inst = packet_get_string(NULL);
lang = packet_get_string(NULL);