- markus@cvs.openbsd.org 2003/05/11 20:30:25

[openssh.git] / auth1.c

diff --git a/auth1.c b/auth1.c
index e7d744f6eef00dbf6f4aa7aac9bfaeb7908703af..7fe363156e8c3c3d8f7c5d968b9a47bbb02c9976 100644 (file)
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.47 2003/02/06 21:22:42 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.48 2003/04/08 20:21:28 itojun Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -73,7 +73,7 @@ do_authloop(Authctxt *authctxt)
        char info[1024];
        u_int dlen;
        u_int ulen;
-       int type = 0;
+       int prev, type = 0;
        struct passwd *pw = authctxt->pw;
 
        debug("Attempting authentication for %s%.100s.",
@@ -103,8 +103,20 @@ do_authloop(Authctxt *authctxt)
                info[0] = '\0';
 
                /* Get a packet from the client. */
+               prev = type;
                type = packet_read();
 
+               /*
+                * If we started challenge-response authentication but the
+                * next packet is not a response to our challenge, release
+                * the resources allocated by get_challenge() (which would
+                * normally have been released by verify_response() had we
+                * received such a response)
+                */
+               if (prev == SSH_CMSG_AUTH_TIS &&
+                   type != SSH_CMSG_AUTH_TIS_RESPONSE)
+                       abandon_challenge_response(authctxt);
+
                /* Process the packet. */
                switch (type) {
 
@@ -401,7 +413,7 @@ do_authentication(void)
            use_privsep ? " [net]" : "");
 
 #ifdef USE_PAM
-       PRIVSEP(start_pam(authctxt->pw == NULL ? "NOUSER" : user));
+       PRIVSEP(start_pam(user));
 #endif
 
        /*