=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/auth2-chall.c,v retrieving revision 1.4.2.4 retrieving revision 1.5 diff -u -r1.4.2.4 -r1.5 --- src/usr.bin/ssh/auth2-chall.c 2002/06/02 22:56:09 1.4.2.4 +++ src/usr.bin/ssh/auth2-chall.c 2001/05/18 14:13:28 1.5 @@ -23,20 +23,19 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2-chall.c,v 1.4.2.4 2002/06/02 22:56:09 miod Exp $"); +RCSID("$OpenBSD: auth2-chall.c,v 1.5 2001/05/18 14:13:28 markus Exp $"); #include "ssh2.h" #include "auth.h" -#include "buffer.h" #include "packet.h" #include "xmalloc.h" #include "dispatch.h" #include "auth.h" #include "log.h" -static int auth2_challenge_start(Authctxt *); -static int send_userauth_info_request(Authctxt *); -static void input_userauth_info_response(int, u_int32_t, void *); +static int auth2_challenge_start(Authctxt *authctxt); +static int send_userauth_info_request(Authctxt *authctxt); +static void input_userauth_info_response(int type, int plen, void *ctxt); #ifdef BSD_AUTH extern KbdintDevice bsdauth_device; @@ -65,35 +64,32 @@ KbdintDevice *device; }; -static KbdintAuthctxt * +KbdintAuthctxt * kbdint_alloc(const char *devs) { KbdintAuthctxt *kbdintctxt; - Buffer b; int i; + char buf[1024]; kbdintctxt = xmalloc(sizeof(KbdintAuthctxt)); if (strcmp(devs, "") == 0) { - buffer_init(&b); + buf[0] = '\0'; for (i = 0; devices[i]; i++) { - if (buffer_len(&b) > 0) - buffer_append(&b, ",", 1); - buffer_append(&b, devices[i]->name, - strlen(devices[i]->name)); + if (i != 0) + strlcat(buf, ",", sizeof(buf)); + strlcat(buf, devices[i]->name, sizeof(buf)); } - buffer_append(&b, "\0", 1); - kbdintctxt->devices = xstrdup(buffer_ptr(&b)); - buffer_free(&b); + debug("kbdint_alloc: devices '%s'", buf); + kbdintctxt->devices = xstrdup(buf); } else { kbdintctxt->devices = xstrdup(devs); } - debug("kbdint_alloc: devices '%s'", kbdintctxt->devices); kbdintctxt->ctxt = NULL; kbdintctxt->device = NULL; return kbdintctxt; } -static void +void kbdint_reset_device(KbdintAuthctxt *kbdintctxt) { if (kbdintctxt->ctxt) { @@ -102,7 +98,7 @@ } kbdintctxt->device = NULL; } -static void +void kbdint_free(KbdintAuthctxt *kbdintctxt) { if (kbdintctxt->device) @@ -114,7 +110,7 @@ xfree(kbdintctxt); } /* get next device */ -static int +int kbdint_next_device(KbdintAuthctxt *kbdintctxt) { size_t len; @@ -143,7 +139,7 @@ } /* - * try challenge-response, set authctxt->postponed if we have to + * try challenge-reponse, set authctxt->postponed if we have to * wait for the response. */ int @@ -153,25 +149,13 @@ authctxt->user ? authctxt->user : "", devs ? devs : ""); - if (authctxt->user == NULL || !devs) + if (!authctxt->valid || authctxt->user == NULL || !devs) return 0; - if (authctxt->kbdintctxt == NULL) + if (authctxt->kbdintctxt == NULL) authctxt->kbdintctxt = kbdint_alloc(devs); return auth2_challenge_start(authctxt); } -/* unregister kbd-int callbacks and context */ -void -auth2_challenge_stop(Authctxt *authctxt) -{ - /* unregister callback */ - dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL); - if (authctxt->kbdintctxt != NULL) { - kbdint_free(authctxt->kbdintctxt); - authctxt->kbdintctxt = NULL; - } -} - /* side effect: sets authctxt->postponed if a reply was sent*/ static int auth2_challenge_start(Authctxt *authctxt) @@ -182,18 +166,21 @@ kbdintctxt->devices ? kbdintctxt->devices : ""); if (kbdint_next_device(kbdintctxt) == 0) { - auth2_challenge_stop(authctxt); + kbdint_free(kbdintctxt); + authctxt->kbdintctxt = NULL; return 0; } debug("auth2_challenge_start: trying authentication method '%s'", kbdintctxt->device->name); if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) { - auth2_challenge_stop(authctxt); + kbdint_free(kbdintctxt); + authctxt->kbdintctxt = NULL; return 0; } if (send_userauth_info_request(authctxt) == 0) { - auth2_challenge_stop(authctxt); + kbdint_free(kbdintctxt); + authctxt->kbdintctxt = NULL; return 0; } dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, @@ -238,7 +225,7 @@ } static void -input_userauth_info_response(int type, u_int32_t seq, void *ctxt) +input_userauth_info_response(int type, int plen, void *ctxt) { Authctxt *authctxt = ctxt; KbdintAuthctxt *kbdintctxt; @@ -261,7 +248,7 @@ for (i = 0; i < nresp; i++) response[i] = packet_get_string(NULL); } - packet_check_eom(); + packet_done(); if (authctxt->valid) { res = kbdintctxt->device->respond(kbdintctxt->ctxt, @@ -284,8 +271,10 @@ break; case 1: /* Authentication needs further interaction */ - if (send_userauth_info_request(authctxt) == 1) - authctxt->postponed = 1; + authctxt->postponed = 1; + if (send_userauth_info_request(authctxt) == 0) { + authctxt->postponed = 0; + } break; default: /* Failure! */ @@ -295,12 +284,18 @@ len = strlen("keyboard-interactive") + 2 + strlen(kbdintctxt->device->name); method = xmalloc(len); - snprintf(method, len, "keyboard-interactive/%s", - kbdintctxt->device->name); + method[0] = '\0'; + strlcat(method, "keyboard-interactive", len); + strlcat(method, "/", len); + strlcat(method, kbdintctxt->device->name, len); if (!authctxt->postponed) { + /* unregister callback */ + dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL); + if (authenticated) { - auth2_challenge_stop(authctxt); + kbdint_free(kbdintctxt); + authctxt->kbdintctxt = NULL; } else { /* start next device */ /* may set authctxt->postponed */ @@ -309,23 +304,4 @@ } userauth_finish(authctxt, authenticated, method); xfree(method); -} - -void -privsep_challenge_enable(void) -{ -#ifdef BSD_AUTH - extern KbdintDevice mm_bsdauth_device; -#endif -#ifdef SKEY - extern KbdintDevice mm_skey_device; -#endif - /* As long as SSHv1 has devices[0] hard coded this is fine */ -#ifdef BSD_AUTH - devices[0] = &mm_bsdauth_device; -#else -#ifdef SKEY - devices[0] = &mm_skey_device; -#endif -#endif }