summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/sshd.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr.bin/ssh/sshd.c')
-rw-r--r--usr.bin/ssh/sshd.c34
1 files changed, 19 insertions, 15 deletions
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index e1d806546a3..a1229676045 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -11,7 +11,7 @@
*/
#include "includes.h"
-RCSID("$Id: sshd.c,v 1.72 1999/12/08 04:36:41 deraadt Exp $");
+RCSID("$Id: sshd.c,v 1.73 1999/12/08 23:59:12 markus Exp $");
#include <poll.h>
@@ -803,7 +803,7 @@ do_connection()
unsigned char check_bytes[8];
char *user;
unsigned int cipher_type, auth_mask, protocol_flags;
- int plen, slen;
+ int plen, slen, ulen;
u_int32_t rand = 0;
/*
@@ -982,11 +982,8 @@ do_connection()
packet_read_expect(&plen, SSH_CMSG_USER);
/* Get the user name. */
- {
- int ulen;
- user = packet_get_string(&ulen);
- packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER);
- }
+ user = packet_get_string(&ulen);
+ packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER);
/* Destroy the private and public keys. They will no longer be needed. */
RSA_free(public_key);
@@ -1431,15 +1428,22 @@ do_fake_authloop(char *user)
#ifdef SKEY
int dlen;
char *password, *skeyinfo;
- if (options.password_authentication &&
- options.skey_authentication == 1 &&
- type == SSH_CMSG_AUTH_PASSWORD &&
- (password = packet_get_string(&dlen)) != NULL &&
- dlen == 5 &&
- strncasecmp(password, "s/key", 5) == 0 &&
+ /* Try to send a fake s/key challenge. */
+ if (options.skey_authentication == 1 &&
(skeyinfo = skey_fake_keyinfo(user)) != NULL) {
- /* Send a fake s/key challenge. */
- packet_send_debug(skeyinfo);
+ if (type == SSH_CMSG_AUTH_TIS) {
+ packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
+ packet_put_string(skeyinfo, strlen(skeyinfo));
+ packet_send();
+ packet_write_wait();
+ continue;
+ } else if (type == SSH_CMSG_AUTH_PASSWORD &&
+ options.password_authentication &&
+ (password = packet_get_string(&dlen)) != NULL &&
+ dlen == 5 &&
+ strncasecmp(password, "s/key", 5) == 0 ) {
+ packet_send_debug(skeyinfo);
+ }
}
#endif
if (attempt > AUTH_FAIL_MAX)