RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- dtucker@cvs.openbsd.org 2007/03/01 10:28:02 

[auth2.c sshd_config.5 servconf.c]
     Remove ChallengeResponseAuthentication support inside a Match
     block as its interaction with KbdInteractive makes it difficult to
     support.  Also, relocate the CR/kbdint option special-case code into
     servconf.  "please commit" djm@, ok markus@ for the relocation.
This commit is contained in:
Darren Tucker 2007-03-01 21:31:28 +11:00
parent cf0d2db2fa
commit 1d75f22c5d
4 changed files with 19 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ChangeLog
View File

@ -1,3 +1,12 @@
20070301
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2007/03/01 10:28:02
[auth2.c sshd_config.5 servconf.c]
Remove ChallengeResponseAuthentication support inside a Match
block as its interaction with KbdInteractive makes it difficult to
support. Also, relocate the CR/kbdint option special-case code into
servconf. "please commit" djm@, ok markus@ for the relocation.
20070228 20070228
- (dtucker) OpenBSD CVS Sync - (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2007/02/28 00:55:30 - dtucker@cvs.openbsd.org 2007/02/28 00:55:30
@ -2773,4 +2782,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@ passwords between UnixWare and OpenServer they will still work. OK dtucker@
$Id: ChangeLog,v 1.4624 2007/02/28 10:19:58 dtucker Exp $ $Id: ChangeLog,v 1.4625 2007/03/01 10:31:28 dtucker Exp $

6
auth2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2.c,v 1.113 2006/08/03 03:34:41 deraadt Exp $ */ /* $OpenBSD: auth2.c,v 1.114 2007/03/01 10:28:02 dtucker Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* *
@ -96,10 +96,6 @@ int user_key_allowed(struct passwd *, Key *);
void void
do_authentication2(Authctxt *authctxt) do_authentication2(Authctxt *authctxt)
{ {
/* challenge-response is implemented via keyboard interactive */
if (options.challenge_response_authentication)
options.kbd_interactive_authentication = 1;
dispatch_init(&dispatch_protocol_error); dispatch_init(&dispatch_protocol_error);
dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request); dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt); dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);

9
servconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: servconf.c,v 1.169 2007/02/22 12:58:40 dtucker Exp $ */ /* $OpenBSD: servconf.c,v 1.170 2007/03/01 10:28:02 dtucker Exp $ */
/* /*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved * All rights reserved
@ -357,7 +357,7 @@ static struct {
#endif #endif
{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
{ "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_ALL }, { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
{ "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
{ "checkmail", sDeprecated, SSHCFG_GLOBAL }, { "checkmail", sDeprecated, SSHCFG_GLOBAL },
{ "listenaddress", sListenAddress, SSHCFG_GLOBAL }, { "listenaddress", sListenAddress, SSHCFG_GLOBAL },
@ -1350,7 +1350,6 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
M_CP_INTOPT(kerberos_authentication); M_CP_INTOPT(kerberos_authentication);
M_CP_INTOPT(hostbased_authentication); M_CP_INTOPT(hostbased_authentication);
M_CP_INTOPT(kbd_interactive_authentication); M_CP_INTOPT(kbd_interactive_authentication);
M_CP_INTOPT(challenge_response_authentication);
M_CP_INTOPT(allow_tcp_forwarding); M_CP_INTOPT(allow_tcp_forwarding);
M_CP_INTOPT(gateway_ports); M_CP_INTOPT(gateway_ports);
@ -1388,4 +1387,8 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
if (bad_options > 0) if (bad_options > 0)
fatal("%s: terminating, %d bad configuration options", fatal("%s: terminating, %d bad configuration options",
filename, bad_options); filename, bad_options);
/* challenge-response is implemented via keyboard interactive */
if (options->challenge_response_authentication == 1)
options->kbd_interactive_authentication = 1;
} }

5
sshd_config.5
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd_config.5,v 1.72 2007/02/19 10:45:58 dtucker Exp $ .\" $OpenBSD: sshd_config.5,v 1.73 2007/03/01 10:28:02 dtucker Exp $
.Dd September 25, 1999 .Dd September 25, 1999
.Dt SSHD_CONFIG 5 .Dt SSHD_CONFIG 5
.Os .Os
@ -513,12 +513,11 @@ keyword.
Available keywords are Available keywords are
.Cm AllowTcpForwarding , .Cm AllowTcpForwarding ,
.Cm Banner , .Cm Banner ,
.Cm ChallengeResponseAuthentication ,
.Cm ForceCommand , .Cm ForceCommand ,
.Cm GatewayPorts , .Cm GatewayPorts ,
.Cm GSSApiAuthentication , .Cm GSSApiAuthentication ,
.Cm KerberosAuthentication , .Cm KerberosAuthentication ,
.Cm KeyboardInteractiveAuthentication , .Cm KbdInteractiveAuthentication ,
.Cm PasswordAuthentication , .Cm PasswordAuthentication ,
.Cm PermitOpen , .Cm PermitOpen ,
.Cm RhostsRSAAuthentication , .Cm RhostsRSAAuthentication ,