- markus@cvs.openbsd.org 2001/12/09 18:45:56

     [auth2.c auth2-chall.c auth.h]
     add auth2_challenge_stop(), simplifies cleanup of kbd-int sessions,
     fixes memleak.

diff --git a/ChangeLog b/ChangeLog
index 01ccab1df1981375da1aac435b1b0400dba00958..7631769a08b3f1da5a269e67ed17bec7513c998e 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,10 @@
      [channels.c pathnames.h]
      use only one path to X11 UNIX domain socket vs. an array of paths
      to try.  report from djast@cs.toronto.edu.  ok markus@
+   - markus@cvs.openbsd.org 2001/12/09 18:45:56
+     [auth2.c auth2-chall.c auth.h]
+     add auth2_challenge_stop(), simplifies cleanup of kbd-int sessions,
+     fixes memleak.
 
 20011219
  - (stevesk) OpenBSD CVS sync X11 localhost display

diff --git a/auth.h b/auth.h
index edfc9fb551eeb7e9ddcfaa5adbbb8c4a1c6f98c9..30a635d7af145a62bb6f6333db3efa969bbae31c 100644 (file)
--- a/auth.h
+++ b/auth.h
@@ -21,7 +21,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * $OpenBSD: auth.h,v 1.22 2001/06/26 17:27:22 markus Exp $
+ * $OpenBSD: auth.h,v 1.23 2001/12/09 18:45:56 markus Exp $
  */
 #ifndef AUTH_H
 #define AUTH_H
@@ -130,6 +130,7 @@ void        userauth_finish(Authctxt *, int, char *);
 int    auth_root_allowed(char *);
 
 int    auth2_challenge(Authctxt *, char *);
+void   auth2_challenge_stop(Authctxt *);
 
 int    allowed_user(struct passwd *);
 

diff --git a/auth2-chall.c b/auth2-chall.c
index 5e6a691f808920ae778c466b43194953a2e39857..4b97e47bddbf23be8599366830c61bb8c901a05e 100644 (file)
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -23,7 +23,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: auth2-chall.c,v 1.8 2001/09/27 15:31:17 markus Exp $");
+RCSID("$OpenBSD: auth2-chall.c,v 1.9 2001/12/09 18:45:56 markus Exp $");
 
 #include "ssh2.h"
 #include "auth.h"
@@ -156,6 +156,18 @@ auth2_challenge(Authctxt *authctxt, char *devs)
        return auth2_challenge_start(authctxt);
 }
 
+/* unregister kbd-int callbacks and context */
+void
+auth2_challenge_stop(Authctxt *authctxt)
+{
+       /* unregister callback */
+       dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
+       if (authctxt->kbdintctxt != NULL)  {
+               kbdint_free(authctxt->kbdintctxt);
+               authctxt->kbdintctxt = NULL;
+       }
+}
+
 /* side effect: sets authctxt->postponed if a reply was sent*/
 static int
 auth2_challenge_start(Authctxt *authctxt)
@@ -166,21 +178,18 @@ auth2_challenge_start(Authctxt *authctxt)
            kbdintctxt->devices ?  kbdintctxt->devices : "<empty>");
 
        if (kbdint_next_device(kbdintctxt) == 0) {
-               kbdint_free(kbdintctxt);
-               authctxt->kbdintctxt = NULL;
+               auth2_challenge_stop(authctxt);
                return 0;
        }
        debug("auth2_challenge_start: trying authentication method '%s'",
            kbdintctxt->device->name);
 
        if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) {
-               kbdint_free(kbdintctxt);
-               authctxt->kbdintctxt = NULL;
+               auth2_challenge_stop(authctxt);
                return 0;
        }
        if (send_userauth_info_request(authctxt) == 0) {
-               kbdint_free(kbdintctxt);
-               authctxt->kbdintctxt = NULL;
+               auth2_challenge_stop(authctxt);
                return 0;
        }
        dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
@@ -271,10 +280,8 @@ input_userauth_info_response(int type, int plen, void *ctxt)
                break;
        case 1:
                /* Authentication needs further interaction */
-               authctxt->postponed = 1;
-               if (send_userauth_info_request(authctxt) == 0) {
-                       authctxt->postponed = 0;
-               }
+               if (send_userauth_info_request(authctxt) == 1)
+                       authctxt->postponed = 1;
                break;
        default:
                /* Failure! */
@@ -290,12 +297,8 @@ input_userauth_info_response(int type, int plen, void *ctxt)
        strlcat(method, kbdintctxt->device->name, len);
 
        if (!authctxt->postponed) {
-               /* unregister callback */
-               dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
-
                if (authenticated) {
-                       kbdint_free(kbdintctxt);
-                       authctxt->kbdintctxt = NULL;
+                       auth2_challenge_stop(authctxt);
                } else {
                        /* start next device */
                        /* may set authctxt->postponed */

diff --git a/auth2.c b/auth2.c
index 3cfba7a6a5deab4287365a1870aabfeb58e76863..29bbdf4fb24382918703bca11a96625cd194086c 100644 (file)
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.74 2001/12/05 03:56:39 itojun Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.75 2001/12/09 18:45:56 markus Exp $");
 
 #include <openssl/evp.h>
 
@@ -220,14 +220,8 @@ input_userauth_request(int type, int plen, void *ctxt)
                    authctxt->user, authctxt->service, user, service);
        }
        /* reset state */
-       dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &protocol_error);
+       auth2_challenge_stop(authctxt);
        authctxt->postponed = 0;
-#ifdef BSD_AUTH
-       if (authctxt->as) {
-               auth_close(authctxt->as);
-               authctxt->as = NULL;
-       }
-#endif
 
        /* try to authenticate user */
        m = authmethod_lookup(method);