]> andersk Git - openssh.git/commitdiff
- markus@cvs.openbsd.org 2001/05/18 14:13:29
authormouring <mouring>
Tue, 5 Jun 2001 18:56:16 +0000 (18:56 +0000)
committermouring <mouring>
Tue, 5 Jun 2001 18:56:16 +0000 (18:56 +0000)
     [auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
      readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
     improved kbd-interactive support. work by per@appgate.com and me

13 files changed:
ChangeLog
auth-chall.c
auth.h
auth1.c
auth2-chall.c
auth2.c
readconf.c
readconf.h
servconf.c
servconf.h
sshconnect1.c
sshconnect2.c
sshd.c

index 910410006a2476c3050ec3c8a0e47faf318535a3..dedb24f49b844e57eed91ff28538bf8c696da105 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,7 +3,12 @@
    - markus@cvs.openbsd.org 2001/05/17 21:34:15                                 
      [ssh.1]                                                                    
      no spaces in PreferredAuthentications; 
-     meixner@rbg.informatik.tu-darmstadt.de                                                                              
+     meixner@rbg.informatik.tu-darmstadt.de
+   - markus@cvs.openbsd.org 2001/05/18 14:13:29
+     [auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c 
+      readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
+     improved kbd-interactive support. work by per@appgate.com and me
+
 20010528
  - (tim) [conifgure.in] add setvbuf test needed for sftp-int.c
    Patch by Corinna Vinschen <vinschen@redhat.com>
index f3502f4eee36703c4c1337666a14a9cb3a372af2..45e0c34522b16eb6cb2ad779431d1778b0aec5e3 100644 (file)
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-chall.c,v 1.7 2001/04/05 10:42:47 markus Exp $");
+RCSID("$OpenBSD: auth-chall.c,v 1.8 2001/05/18 14:13:28 markus Exp $");
 
 #include "auth.h"
 #include "log.h"
+#include "xmalloc.h"
 
-#ifdef BSD_AUTH
-char *
-get_challenge(Authctxt *authctxt, char *devs)
-{
-       char *challenge;
+/* limited protocol v1 interface to kbd-interactive authentication */
 
-       if (authctxt->as != NULL) {
-               debug2("try reuse session");
-               challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE);
-               if (challenge != NULL) {
-                       debug2("reuse bsd auth session");
-                       return challenge;
-               }
-               auth_close(authctxt->as);
-               authctxt->as = NULL;
-       }
-       debug2("new bsd auth session");
-       if (devs == NULL || strlen(devs) == 0)
-               devs = authctxt->style;
-       debug3("bsd auth: devs %s", devs ? devs : "<default>");
-       authctxt->as = auth_userchallenge(authctxt->user, devs, "auth-ssh",
-           &challenge);
-       if (authctxt->as == NULL)
-               return NULL;
-       debug2("get_challenge: <%s>", challenge ? challenge : "EMPTY");
-       return challenge;
-}
-int
-verify_response(Authctxt *authctxt, char *response)
-{
-       int authok;
-
-       if (authctxt->as == 0)
-               error("verify_response: no bsd auth session");
-       authok = auth_userresponse(authctxt->as, response, 0);
-       authctxt->as = NULL;
-       debug("verify_response: <%s> = <%d>", response, authok);
-       return authok != 0;
-}
-#else
-#ifdef SKEY
-#include <skey.h>
+extern KbdintDevice *devices[];
+static KbdintDevice *device;
 
 char *
-get_challenge(Authctxt *authctxt, char *devs)
+get_challenge(Authctxt *authctxt)
 {
-       static char challenge[1024];
-       struct skey skey;
-       if (skeychallenge(&skey, authctxt->user, challenge) == -1)
+       char *challenge, *name, *info, **prompts;
+       u_int i, numprompts;
+       u_int *echo_on;
+
+       device = devices[0]; /* we always use the 1st device for protocol 1 */
+       if (device == NULL)
                return NULL;
-       strlcat(challenge, "\nS/Key Password: ", sizeof challenge);
-       return challenge;
-}
-int
-verify_response(Authctxt *authctxt, char *response)
-{
-       return (authctxt->valid &&
-           skey_haskey(authctxt->pw->pw_name) == 0 &&
-           skey_passcheck(authctxt->pw->pw_name, response) != -1);
-}
-#else
-/* not available */
-char *
-get_challenge(Authctxt *authctxt, char *devs)
-{
-       return NULL;
+       if ((authctxt->kbdintctxt = device->init_ctx(authctxt)) == NULL)
+               return NULL;
+       if (device->query(authctxt->kbdintctxt, &name, &info,
+           &numprompts, &prompts, &echo_on)) {
+               device->free_ctx(authctxt->kbdintctxt);
+               authctxt->kbdintctxt = NULL;
+               return NULL;
+       }
+       if (numprompts < 1)
+               fatal("get_challenge: numprompts < 1");
+       challenge = xstrdup(prompts[0]);
+       for (i = 0; i < numprompts; i++)
+               xfree(prompts[i]);
+       xfree(prompts);
+       xfree(name);
+       xfree(echo_on);
+       xfree(info);
+
+       return (challenge);
 }
 int
-verify_response(Authctxt *authctxt, char *response)
+verify_response(Authctxt *authctxt, const char *response)
 {
-       return 0;
+       char *resp[1];
+       int res;
+
+       if (device == NULL)
+               return 0;
+       if (authctxt->kbdintctxt == NULL)
+               return 0;
+       resp[0] = (char *)response;
+       res = device->respond(authctxt->kbdintctxt, 1, resp);
+       device->free_ctx(authctxt->kbdintctxt);
+       authctxt->kbdintctxt = NULL;
+       return res ? 0 : 1;
 }
-#endif
-#endif
diff --git a/auth.h b/auth.h
index 1e02923c94eaf567739d532974a9d726eb7f15f0..20c3ebb78e2a9776f4dd05112a1b6cebd01ffbe0 100644 (file)
--- a/auth.h
+++ b/auth.h
@@ -21,7 +21,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * $OpenBSD: auth.h,v 1.15 2001/04/12 19:15:24 markus Exp $
+ * $OpenBSD: auth.h,v 1.16 2001/05/18 14:13:28 markus Exp $
  */
 #ifndef AUTH_H
 #define AUTH_H
@@ -36,6 +36,8 @@
 #endif
 
 typedef struct Authctxt Authctxt;
+typedef struct KbdintDevice KbdintDevice;
+
 struct Authctxt {
        int success;
        int postponed;
@@ -46,11 +48,30 @@ struct Authctxt {
        char *service;
        struct passwd *pw;
        char *style;
+       void *kbdintctxt;
 #ifdef BSD_AUTH
        auth_session_t *as;
 #endif
 };
 
+/*
+ * Keyboard interactive device:
+ * init_ctx    returns: non NULL upon success 
+ * query       returns: 0 - success, otherwise failure 
+ * respond     returns: 0 - success, 1 - need further interaction,
+ *             otherwise - failure
+ */
+struct KbdintDevice
+{
+       const char *name;
+       void*   (*init_ctx)     __P((Authctxt*));
+       int     (*query)        __P((void *ctx, char **name, char **infotxt,
+                               u_int *numprompts, char ***prompts,
+                               u_int **echo_on));
+       int     (*respond)      __P((void *ctx, u_int numresp, char **responses));
+       void    (*free_ctx)     __P((void *ctx));
+};
+
 /*
  * Tries to authenticate the user using the .rhosts file.  Returns true if
  * authentication succeeds.  If ignore_rhosts is non-zero, this will not
@@ -133,8 +154,8 @@ int auth2_challenge(Authctxt *authctxt, char *devs);
 
 int    allowed_user(struct passwd * pw);
 
-char   *get_challenge(Authctxt *authctxt, char *devs);
-int    verify_response(Authctxt *authctxt, char *response);
+char   *get_challenge(Authctxt *authctxt);
+int    verify_response(Authctxt *authctxt, const char *response);
 
 struct passwd * auth_get_user(void);
 
diff --git a/auth1.c b/auth1.c
index abf2437fadb1c1e1c03009f27c29442583550933..5ab6b06f16370b9ddf73589eb707116c546b6af2 100644 (file)
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.22 2001/03/23 12:02:49 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.23 2001/05/18 14:13:28 markus Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -271,12 +271,13 @@ do_authloop(Authctxt *authctxt)
 
                case SSH_CMSG_AUTH_TIS:
                        debug("rcvd SSH_CMSG_AUTH_TIS");
-                       if (options.challenge_reponse_authentication == 1) {
-                               char *challenge = get_challenge(authctxt, authctxt->style);
+                       if (options.challenge_response_authentication == 1) {
+                               char *challenge = get_challenge(authctxt);
                                if (challenge != NULL) {
                                        debug("sending challenge '%s'", challenge);
                                        packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
                                        packet_put_cstring(challenge);
+                                       xfree(challenge);
                                        packet_send();
                                        packet_write_wait();
                                        continue;
@@ -285,7 +286,7 @@ do_authloop(Authctxt *authctxt)
                        break;
                case SSH_CMSG_AUTH_TIS_RESPONSE:
                        debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
-                       if (options.challenge_reponse_authentication == 1) {
+                       if (options.challenge_response_authentication == 1) {
                                char *response = packet_get_string(&dlen);
                                debug("got response '%s'", response);
                                packet_integrity_check(plen, 4 + dlen, type);
index 5af60e42fa0f0b0bc57673a3798eb70ccaac0e14..ad4f7ac42e522f61acdcbbdce09404c9c33d90ae 100644 (file)
@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
+ * Copyright (c) 2001 Per Allansson.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: auth2-chall.c,v 1.4 2001/03/28 22:43:31 markus Exp $");
+RCSID("$OpenBSD: auth2-chall.c,v 1.5 2001/05/18 14:13:28 markus Exp $");
 
 #include "ssh2.h"
 #include "auth.h"
 #include "packet.h"
 #include "xmalloc.h"
 #include "dispatch.h"
+#include "auth.h"
 #include "log.h"
 
-void send_userauth_into_request(Authctxt *authctxt, char *challenge, int echo);
-void input_userauth_info_response(int type, int plen, void *ctxt);
+static int auth2_challenge_start(Authctxt *authctxt);
+static int send_userauth_info_request(Authctxt *authctxt);
+static void input_userauth_info_response(int type, int plen, void *ctxt);
+
+#ifdef BSD_AUTH
+extern KbdintDevice bsdauth_device;
+#else
+#ifdef SKEY
+extern KbdintDevice skey_device;
+#endif
+#endif
+
+KbdintDevice *devices[] = {
+#ifdef BSD_AUTH
+       &bsdauth_device,
+#else
+#ifdef SKEY
+       &skey_device,
+#endif
+#endif
+       NULL
+};
+
+typedef struct KbdintAuthctxt KbdintAuthctxt;
+struct KbdintAuthctxt
+{
+       char *devices;
+       void *ctxt;
+       KbdintDevice *device;
+};
+
+KbdintAuthctxt *
+kbdint_alloc(const char *devs)
+{
+       KbdintAuthctxt *kbdintctxt;
+       int i;
+       char buf[1024];
+
+       kbdintctxt = xmalloc(sizeof(KbdintAuthctxt));
+       if (strcmp(devs, "") == 0) {
+               buf[0] = '\0';
+               for (i = 0; devices[i]; i++) {
+                       if (i != 0)
+                               strlcat(buf, ",", sizeof(buf));
+                       strlcat(buf, devices[i]->name, sizeof(buf));
+               }
+               debug("kbdint_alloc: devices '%s'", buf);
+               kbdintctxt->devices = xstrdup(buf);
+       } else {
+               kbdintctxt->devices = xstrdup(devs);
+       }
+       kbdintctxt->ctxt = NULL;
+       kbdintctxt->device = NULL;
+
+       return kbdintctxt;
+}
+void
+kbdint_reset_device(KbdintAuthctxt *kbdintctxt)
+{
+       if (kbdintctxt->ctxt) {
+               kbdintctxt->device->free_ctx(kbdintctxt->ctxt);
+               kbdintctxt->ctxt = NULL;
+       }
+       kbdintctxt->device = NULL;
+}
+void
+kbdint_free(KbdintAuthctxt *kbdintctxt)
+{
+       if (kbdintctxt->device)
+               kbdint_reset_device(kbdintctxt);
+       if (kbdintctxt->devices) {
+               xfree(kbdintctxt->devices);
+               kbdintctxt->devices = NULL;
+       }
+       xfree(kbdintctxt);
+}
+/* get next device */
+int
+kbdint_next_device(KbdintAuthctxt *kbdintctxt)
+{
+       size_t len;
+       char *t;
+       int i;
+
+       if (kbdintctxt->device)
+               kbdint_reset_device(kbdintctxt);
+       do {
+               len = kbdintctxt->devices ?
+                   strcspn(kbdintctxt->devices, ",") : 0;
+
+               if (len == 0)
+                       break;
+               for (i = 0; devices[i]; i++)
+                       if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
+                               kbdintctxt->device = devices[i];
+               t = kbdintctxt->devices;
+               kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
+               xfree(t);
+               debug2("kbdint_next_device: devices %s", kbdintctxt->devices ?
+                  kbdintctxt->devices : "<empty>");
+       } while (kbdintctxt->devices && !kbdintctxt->device);
+
+       return kbdintctxt->device ? 1 : 0;
+}
 
 /*
- * try challenge-reponse, return -1 (= postponed) if we have to
+ * try challenge-reponse, set authctxt->postponed if we have to
  * wait for the response.
  */
 int
 auth2_challenge(Authctxt *authctxt, char *devs)
 {
-       char *challenge;
+       debug("auth2_challenge: user=%s devs=%s",
+           authctxt->user ? authctxt->user : "<nouser>",
+           devs ? devs : "<no devs>");
+
+       if (!authctxt->valid || authctxt->user == NULL || !devs)
+               return 0;
+       if (authctxt->kbdintctxt == NULL) 
+               authctxt->kbdintctxt = kbdint_alloc(devs);
+       return auth2_challenge_start(authctxt);
+}
+
+/* side effect: sets authctxt->postponed if a reply was sent*/
+static int
+auth2_challenge_start(Authctxt *authctxt)
+{
+       KbdintAuthctxt *kbdintctxt = authctxt->kbdintctxt;
+
+       debug2("auth2_challenge_start: devices %s",
+           kbdintctxt->devices ?  kbdintctxt->devices : "<empty>");
+
+       if (kbdint_next_device(kbdintctxt) == 0) {
+               kbdint_free(kbdintctxt);
+               authctxt->kbdintctxt = NULL;
+               return 0;
+       }
+       debug("auth2_challenge_start: trying authentication method '%s'",
+           kbdintctxt->device->name);
 
-       if (!authctxt->valid || authctxt->user == NULL)
+       if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) {
+               kbdint_free(kbdintctxt);
+               authctxt->kbdintctxt = NULL;
                return 0;
-       if ((challenge = get_challenge(authctxt, devs)) == NULL)
+       }
+       if (send_userauth_info_request(authctxt) == 0) {
+               kbdint_free(kbdintctxt);
+               authctxt->kbdintctxt = NULL;
                return 0;
-       send_userauth_into_request(authctxt, challenge, 0);
+       }
        dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
            &input_userauth_info_response);
+
        authctxt->postponed = 1;
        return 0;
 }
 
-void
-send_userauth_into_request(Authctxt *authctxt, char *challenge, int echo)
+static int
+send_userauth_info_request(Authctxt *authctxt)
 {
-       int nprompts = 1;
+       KbdintAuthctxt *kbdintctxt;
+       char *name, *instr, **prompts;
+       int i;
+       u_int numprompts, *echo_on;
+
+       kbdintctxt = authctxt->kbdintctxt;
+       if (kbdintctxt->device->query(kbdintctxt->ctxt,
+           &name, &instr, &numprompts, &prompts, &echo_on))
+               return 0;
 
        packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
-       /* name, instruction and language are unused */
-       packet_put_cstring("");
-       packet_put_cstring("");
-       packet_put_cstring("");
-       packet_put_int(nprompts);
-       packet_put_cstring(challenge);
-       packet_put_char(echo);
+       packet_put_cstring(name);
+       packet_put_cstring(instr);
+       packet_put_cstring("");         /* language not used */
+       packet_put_int(numprompts);
+       for (i = 0; i < numprompts; i++) {
+               packet_put_cstring(prompts[i]);
+               packet_put_char(echo_on[i]);
+       }
        packet_send();
        packet_write_wait();
+
+       for (i = 0; i < numprompts; i++)
+               xfree(prompts[i]);
+       xfree(prompts);
+       xfree(echo_on);
+       xfree(name);
+       xfree(instr);
+       return 1;
 }
 
-void
+static void
 input_userauth_info_response(int type, int plen, void *ctxt)
 {
        Authctxt *authctxt = ctxt;
-       int authenticated = 0;
-       u_int nresp, rlen;
-       char *response, *method = "challenge-reponse";
+       KbdintAuthctxt *kbdintctxt;
+       int i, authenticated = 0, res, len;
+       u_int nresp;
+       char **response = NULL, *method;
 
        if (authctxt == NULL)
                fatal("input_userauth_info_response: no authctxt");
+       kbdintctxt = authctxt->kbdintctxt;
+       if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
+               fatal("input_userauth_info_response: no kbdintctxt");
+       if (kbdintctxt->device == NULL)
+               fatal("input_userauth_info_response: no device");
 
        authctxt->postponed = 0;        /* reset */
        nresp = packet_get_int();
-       if (nresp == 1) {
-               response = packet_get_string(&rlen);
-               packet_done();
-               if (strlen(response) == 0) {
-                       /*
-                        * if we received an empty response, resend challenge
-                        * with echo enabled
-                        */
-                       char *challenge = get_challenge(authctxt, NULL);
-                       if (challenge != NULL) {
-                               send_userauth_into_request(authctxt,
-                                   challenge, 1);
-                               authctxt->postponed = 1;
-                       }
-               } else if (authctxt->valid) {
-                       authenticated = verify_response(authctxt, response);
-                       memset(response, 'r', rlen);
-               }
+       if (nresp > 0) {
+               response = xmalloc(nresp * sizeof(char*));
+               for (i = 0; i < nresp; i++)
+                       response[i] = packet_get_string(NULL);
+       }
+       packet_done();
+
+       if (authctxt->valid) {
+               res = kbdintctxt->device->respond(kbdintctxt->ctxt,
+                   nresp, response);
+       } else {
+               res = -1;
+       }
+
+       for (i = 0; i < nresp; i++) {
+               memset(response[i], 'r', strlen(response[i]));
+               xfree(response[i]);
+       }
+       if (response)
                xfree(response);
+
+       switch (res) {
+       case 0:
+               /* Success! */
+               authenticated = 1;
+               break;
+       case 1:
+               /* Authentication needs further interaction */
+               authctxt->postponed = 1;
+               if (send_userauth_info_request(authctxt) == 0) {
+                       authctxt->postponed = 0;
+               }
+               break;
+       default:
+               /* Failure! */
+               break;
        }
-       /* unregister callback */
-       if (!authctxt->postponed)
+
+       len = strlen("keyboard-interactive") + 2 +
+               strlen(kbdintctxt->device->name);
+       method = xmalloc(len);
+       method[0] = '\0';
+       strlcat(method, "keyboard-interactive", len);
+       strlcat(method, "/", len);
+       strlcat(method, kbdintctxt->device->name, len);
+
+       if (!authctxt->postponed) {
+               /* unregister callback */
                dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
 
+               if (authenticated) {
+                       kbdint_free(kbdintctxt);
+                       authctxt->kbdintctxt = NULL;
+               } else {
+                       /* start next device */
+                       /* may set authctxt->postponed */
+                       auth2_challenge_start(authctxt);
+               }
+       }
        userauth_finish(authctxt, authenticated, method);
+       xfree(method);
 }
diff --git a/auth2.c b/auth2.c
index f357b582633c021bf0287e21993397a11ca399e3..e800c0587490538ad45e106c26f8c81d1a046a5a 100644 (file)
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.56 2001/04/19 00:05:11 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.57 2001/05/18 14:13:28 markus Exp $");
 
 #include <openssl/evp.h>
 
@@ -51,6 +51,7 @@ RCSID("$OpenBSD: auth2.c,v 1.56 2001/04/19 00:05:11 markus Exp $");
 #include "hostfile.h"
 #include "canohost.h"
 #include "tildexpand.h"
+#include "match.h"
 
 /* import */
 extern ServerOptions options;
@@ -125,7 +126,7 @@ do_authentication2()
        x_authctxt = authctxt;          /*XXX*/
 
        /* challenge-reponse is implemented via keyboard interactive */
-       if (options.challenge_reponse_authentication)
+       if (options.challenge_response_authentication)
                options.kbd_interactive_authentication = 1;
        if (options.pam_authentication_via_kbd_int)
                options.kbd_interactive_authentication = 1;
@@ -400,24 +401,23 @@ int
 userauth_kbdint(Authctxt *authctxt)
 {
        int authenticated = 0;
-       char *lang = NULL;
-       char *devs = NULL;
+       char *lang, *devs;
 
        lang = packet_get_string(NULL);
        devs = packet_get_string(NULL);
        packet_done();
 
-       debug("keyboard-interactive language %s devs %s", lang, devs);
+       debug("keyboard-interactive devs %s", devs);
 
-       if (options.challenge_reponse_authentication)
+       if (options.challenge_response_authentication)
                authenticated = auth2_challenge(authctxt, devs);
 
 #ifdef USE_PAM
        if (authenticated == 0 && options.pam_authentication_via_kbd_int)
                authenticated = auth2_pam(authctxt);
 #endif
-       xfree(lang);
        xfree(devs);
+       xfree(lang);
 #ifdef HAVE_CYGWIN
        if (check_nt_auth(0, authctxt->pw->pw_uid) == 0)
                return(0);
index 75005b3fe4acfab257a1857be73db3e0d5ddf6c7..542c76f330d8737a56ac713839f89c385efb606a 100644 (file)
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.77 2001/04/30 11:18:51 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.78 2001/05/18 14:13:28 markus Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -333,7 +333,7 @@ parse_flag:
                goto parse_flag;
 
        case oChallengeResponseAuthentication:
-               intptr = &options->challenge_reponse_authentication;
+               intptr = &options->challenge_response_authentication;
                goto parse_flag;
 
 #ifdef KRB4
@@ -723,7 +723,7 @@ initialize_options(Options * options)
        options->rhosts_authentication = -1;
        options->rsa_authentication = -1;
        options->pubkey_authentication = -1;
-       options->challenge_reponse_authentication = -1;
+       options->challenge_response_authentication = -1;
 #ifdef KRB4
        options->kerberos_authentication = -1;
 #endif
@@ -797,8 +797,8 @@ fill_default_options(Options * options)
                options->rsa_authentication = 1;
        if (options->pubkey_authentication == -1)
                options->pubkey_authentication = 1;
-       if (options->challenge_reponse_authentication == -1)
-               options->challenge_reponse_authentication = 0;
+       if (options->challenge_response_authentication == -1)
+               options->challenge_response_authentication = 0;
 #ifdef KRB4
        if (options->kerberos_authentication == -1)
                options->kerberos_authentication = 1;
index 4b20c93bf5de2b717146d18f7f52c7bea163ab55..489ffc8c19dc1824d31b2e75827cc79289ccd7be 100644 (file)
@@ -11,7 +11,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-/* RCSID("$OpenBSD: readconf.h,v 1.31 2001/04/30 11:18:52 markus Exp $"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.32 2001/05/18 14:13:29 markus Exp $"); */
 
 #ifndef READCONF_H
 #define READCONF_H
@@ -39,7 +39,7 @@ typedef struct {
        int     rsa_authentication;     /* Try RSA authentication. */
        int     pubkey_authentication;  /* Try ssh2 pubkey authentication. */
        int     hostbased_authentication;       /* ssh2's rhosts_rsa */
-       int     challenge_reponse_authentication;
+       int     challenge_response_authentication;
                                        /* Try S/Key or TIS, authentication. */
 #ifdef KRB4
        int     kerberos_authentication;        /* Try Kerberos
index 37f607772887716f339c1e6cbdb031571f43ff88..02d06bdad1518721ae9cc0b579c5a35dc2eb4968 100644 (file)
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.79 2001/05/03 21:43:01 stevesk Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.80 2001/05/18 14:13:29 markus Exp $");
 
 #ifdef KRB4
 #include <krb.h>
@@ -81,7 +81,7 @@ initialize_server_options(ServerOptions *options)
 #endif
        options->password_authentication = -1;
        options->kbd_interactive_authentication = -1;
-       options->challenge_reponse_authentication = -1;
+       options->challenge_response_authentication = -1;
        options->permit_empty_passwd = -1;
        options->use_login = -1;
        options->allow_tcp_forwarding = -1;
@@ -186,8 +186,8 @@ fill_default_server_options(ServerOptions *options)
                options->password_authentication = 1;
        if (options->kbd_interactive_authentication == -1)
                options->kbd_interactive_authentication = 0;
-       if (options->challenge_reponse_authentication == -1)
-               options->challenge_reponse_authentication = 1;
+       if (options->challenge_response_authentication == -1)
+               options->challenge_response_authentication = 1;
        if (options->permit_empty_passwd == -1)
                options->permit_empty_passwd = 0;
        if (options->use_login == -1)
@@ -603,7 +603,7 @@ parse_flag:
                        goto parse_flag;
 
                case sChallengeResponseAuthentication:
-                       intptr = &options->challenge_reponse_authentication;
+                       intptr = &options->challenge_response_authentication;
                        goto parse_flag;
 
                case sPrintMotd:
index 78bca97f3691029401dcabbb1dce0d2ceaa357bb..a319a5c69ae37121d311e25973d6eec977d1f252 100644 (file)
@@ -11,7 +11,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-/* RCSID("$OpenBSD: servconf.h,v 1.41 2001/04/13 22:46:53 beck Exp $"); */
+/* RCSID("$OpenBSD: servconf.h,v 1.42 2001/05/18 14:13:29 markus Exp $"); */
 
 #ifndef SERVCONF_H
 #define SERVCONF_H
@@ -92,7 +92,7 @@ typedef struct {
        int     password_authentication;        /* If true, permit password
                                                 * authentication. */
        int     kbd_interactive_authentication; /* If true, permit */
-       int     challenge_reponse_authentication;
+       int     challenge_response_authentication;
        int     permit_empty_passwd;    /* If false, do not permit empty
                                         * passwords. */
        int     use_login;      /* If true, login(1) is used */
index d42676676bfdf5dd333e77d1d60cde9132f1ed74..c0fe86293be726597a885ba972fd3bf260128232 100644 (file)
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.31 2001/04/17 08:14:01 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.32 2001/05/18 14:13:29 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/evp.h>
@@ -616,7 +616,7 @@ send_afs_tokens(void)
  * Note that the client code is not tied to s/key or TIS.
  */
 int
-try_challenge_reponse_authentication(void)
+try_challenge_response_authentication(void)
 {
        int type, i;
        int payload_len;
@@ -1024,8 +1024,8 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
        }
        /* Try challenge response authentication if the server supports it. */
        if ((supported_authentications & (1 << SSH_AUTH_TIS)) &&
-           options.challenge_reponse_authentication && !options.batch_mode) {
-               if (try_challenge_reponse_authentication())
+           options.challenge_response_authentication && !options.batch_mode) {
+               if (try_challenge_response_authentication())
                        return;
        }
        /* Try password authentication if the server supports it. */
index 14e3d401a78aa77752807c64e2e043c11465b99b..75bd53d08776c544bb2321c7add4bef41f2d5318 100644 (file)
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.72 2001/04/18 23:43:26 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.73 2001/05/18 14:13:29 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -229,7 +229,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
        int type;
        int plen;
 
-       if (options.challenge_reponse_authentication)
+       if (options.challenge_response_authentication)
                options.kbd_interactive_authentication = 1;
 
        debug("send SSH2_MSG_SERVICE_REQUEST");
@@ -787,6 +787,7 @@ input_userauth_info_req(int type, int plen, void *ctxt)
        packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE);
        packet_put_int(num_prompts);
 
+       debug2("input_userauth_info_req: num_prompts %d", num_prompts);
        for (i = 0; i < num_prompts; i++) {
                prompt = packet_get_string(NULL);
                echo = packet_get_char();
diff --git a/sshd.c b/sshd.c
index 552fa3b2780ad54b3e3014d9401e7d1a3d89b8a9..a20b81ccac6e5c2ccd453ff8bdf23c60f660a0fb 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.195 2001/04/15 16:58:03 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.196 2001/05/18 14:13:29 markus Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -1265,7 +1265,7 @@ do_ssh1_kex(void)
        if (options.afs_token_passing)
                auth_mask |= 1 << SSH_PASS_AFS_TOKEN;
 #endif
-       if (options.challenge_reponse_authentication == 1)
+       if (options.challenge_response_authentication == 1)
                auth_mask |= 1 << SSH_AUTH_TIS;
        if (options.password_authentication)
                auth_mask |= 1 << SSH_AUTH_PASSWORD;
This page took 0.11824 seconds and 5 git commands to generate.