nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-04-10 07:38:06 -05:00
Code Issues Projects Releases Wiki Activity

D'oh! Putting keyboard-interactive authentication _before_ publickey

Browse Source 
causes password login to occur on a server that supports password-
through-k-i. Of course when we use the new preference list mechanism
for selecting the order of authentications this will all become much
more sane, but for the moment I've put publickey back up to the top
and things seem to be happier.

[originally from svn r1220]
This commit is contained in:
Simon Tatham 2001-08-28 08:43:33 +00:00
parent 5c72d5adc5
commit d1d2fd7a13
1 changed files with 52 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
ssh.c
View File

@ -3806,66 +3806,12 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
in_commasep_string("publickey", methods, methlen);
can_passwd =
in_commasep_string("password", methods, methlen);
can_passwd =
in_commasep_string("password", methods, methlen);
can_keyb_inter =
in_commasep_string("keyboard-interactive", methods, methlen);
}
method = 0;
if (!method && can_keyb_inter && !tried_keyb_inter) {
method = AUTH_KEYBOARD_INTERACTIVE;
type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
tried_keyb_inter = TRUE;
ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
ssh2_pkt_addstring(username);
ssh2_pkt_addstring("ssh-connection"); /* service requested */
ssh2_pkt_addstring("keyboard-interactive"); /* method */
ssh2_pkt_addstring(""); /* lang */
ssh2_pkt_addstring("");
ssh2_pkt_send();
crWaitUntilV(ispkt);
if (pktin.type != SSH2_MSG_USERAUTH_INFO_REQUEST) {
if (pktin.type == SSH2_MSG_USERAUTH_FAILURE)
gotit = TRUE;
logevent("Keyboard-interactive authentication refused");
type = AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET;
continue;
}
kbd_inter_running = TRUE;
}
if (kbd_inter_running) {
method = AUTH_KEYBOARD_INTERACTIVE;
type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
tried_keyb_inter = TRUE;
/* We've got packet with that "interactive" info
dump banners, and set its prompt as ours */
{
char *name, *inst, *lang, *prompt;
int name_len, inst_len, lang_len, prompt_len;
ssh2_pkt_getstring(&name, &name_len);
ssh2_pkt_getstring(&inst, &inst_len);
ssh2_pkt_getstring(&lang, &lang_len);
if (name_len > 0)
c_write_untrusted(name, name_len);
if (inst_len > 0)
c_write_untrusted(inst, inst_len);
num_prompts = ssh2_pkt_getuint32();
ssh2_pkt_getstring(&prompt, &prompt_len);
strncpy(pwprompt, prompt, sizeof(pwprompt));
need_pw = TRUE;
echo = ssh2_pkt_getbool();
}
}
if (!method && can_pubkey && agent_exists() && !tried_agent) {
/*
* Attempt public-key authentication using Pageant.
@ -4059,6 +4005,58 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
}
}
if (!method && can_keyb_inter && !tried_keyb_inter) {
method = AUTH_KEYBOARD_INTERACTIVE;
type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
tried_keyb_inter = TRUE;
ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
ssh2_pkt_addstring(username);
ssh2_pkt_addstring("ssh-connection"); /* service requested */
ssh2_pkt_addstring("keyboard-interactive"); /* method */
ssh2_pkt_addstring(""); /* lang */
ssh2_pkt_addstring("");
ssh2_pkt_send();
crWaitUntilV(ispkt);
if (pktin.type != SSH2_MSG_USERAUTH_INFO_REQUEST) {
if (pktin.type == SSH2_MSG_USERAUTH_FAILURE)
gotit = TRUE;
logevent("Keyboard-interactive authentication refused");
type = AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET;
continue;
}
kbd_inter_running = TRUE;
}
if (kbd_inter_running) {
method = AUTH_KEYBOARD_INTERACTIVE;
type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
tried_keyb_inter = TRUE;
/* We've got packet with that "interactive" info
dump banners, and set its prompt as ours */
{
char *name, *inst, *lang, *prompt;
int name_len, inst_len, lang_len, prompt_len;
ssh2_pkt_getstring(&name, &name_len);
ssh2_pkt_getstring(&inst, &inst_len);
ssh2_pkt_getstring(&lang, &lang_len);
if (name_len > 0)
c_write_untrusted(name, name_len);
if (inst_len > 0)
c_write_untrusted(inst, inst_len);
num_prompts = ssh2_pkt_getuint32();
ssh2_pkt_getstring(&prompt, &prompt_len);
strncpy(pwprompt, prompt, sizeof(pwprompt));
need_pw = TRUE;
echo = ssh2_pkt_getbool();
}
}
if (!method && can_passwd) {
method = AUTH_PASSWORD;
sprintf(pwprompt, "%.90s@%.90s's password: ", username,