- (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with

proper challenge-response module
2xsaiko · May 10, 2003 · 4f9f42a · 4f9f42a
1 parent c437cda
commit 4f9f42a
Show file tree

Hide file tree

Showing 17 changed files with 819 additions and 554 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -3,6 +3,8 @@
    "make install".  Patch by [email protected].
  - (dtucker) Bug #536: Test for and work around openpty/controlling tty
    problem on Linux (fixes "could not set controlling tty" errors).
+ - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with 
+   proper challenge-response module
 
 20030504
  - (dtucker) Bug #497: Move #include of bsd-cygwin_util.h to openbsd-compat.h.
@@ -1376,4 +1378,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2672 2003/05/10 07:05:46 dtucker Exp $
+$Id: ChangeLog,v 1.2673 2003/05/10 09:28:02 djm Exp $
diff --git a/Makefile.in b/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.230 2003/05/10 06:48:23 dtucker Exp $
+# $Id: Makefile.in,v 1.231 2003/05/10 09:28:02 djm Exp $
 
 # uncomment if you run a non bourne compatable shell. Ie. csh
 #SHELL = @SH@
@@ -81,7 +81,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
 	monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o \
 	kexdhs.o kexgexs.o \
 	auth-krb5.o auth-krb4.o \
-	loginrec.o auth-pam.o auth2-pam.o auth-sia.o md5crypt.o
+	loginrec.o auth-pam.o auth-sia.o md5crypt.o
 
 MANPAGES	= scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
 MANPAGES_IN	= scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5

diff --git a/auth-chall.c b/auth-chall.c
@@ -76,7 +76,33 @@ verify_response(Authctxt *authctxt, const char *response)
 		return 0;
 	resp[0] = (char *)response;
 	res = device->respond(authctxt->kbdintctxt, 1, resp);
+	if (res == 1) {
+		/* postponed - send a null query just in case */
+		char *name, *info, **prompts;
+		u_int i, numprompts, *echo_on;
+
+		res = device->query(authctxt->kbdintctxt, &name, &info,
+		    &numprompts, &prompts, &echo_on);
+		if (res == 0) {
+			for (i = 0; i < numprompts; i++)
+				xfree(prompts[i]);
+			xfree(prompts);
+			xfree(name);
+			xfree(echo_on);
+			xfree(info);
+		}
+		/* if we received more prompts, we're screwed */
+		res = (numprompts != 0);
+	}
 	device->free_ctx(authctxt->kbdintctxt);
 	authctxt->kbdintctxt = NULL;
 	return res ? 0 : 1;
 }
+void
+abandon_challenge_response(Authctxt *authctxt)
+{
+	if (authctxt->kbdintctxt != NULL) {
+		device->free_ctx(authctxt->kbdintctxt);
+		authctxt->kbdintctxt = NULL;
+	}
+}