- (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with proper challenge-response module

commit: 4f9f42a9bb6a6aa8f6100d873dc6344f2f9994de [log] [tgz]
author: Damien Miller <djm@mindrot.org> Sat May 10 19:28:02 2003 +1000
committer: Damien Miller <djm@mindrot.org> Sat May 10 19:28:02 2003 +1000
tree: f81c39146e1cfabb4b198f57f60453b2dcaac299
parent: c437cda328b4733b59a7ed028b72e6b7f58f86e6 [diff] [blame]
diff --git a/auth1.c b/auth1.c
index e7d744f..5086a47 100644
--- a/auth1.c
+++ b/auth1.c

@@ -73,7 +73,7 @@
 	char info[1024];
 	u_int dlen;
 	u_int ulen;
-	int type = 0;
+	int prev, type = 0;
 	struct passwd *pw = authctxt->pw;
 
 	debug("Attempting authentication for %s%.100s.",
@@ -103,8 +103,20 @@
 		info[0] = '\0';
 
 		/* Get a packet from the client. */
+		prev = type;
 		type = packet_read();
 
+		/*
+		 * If we started challenge-response authentication but the
+		 * next packet is not a response to our challenge, release
+		 * the resources allocated by get_challenge() (which would
+		 * normally have been released by verify_response() had we
+		 * received such a response)
+		 */
+		if (prev == SSH_CMSG_AUTH_TIS &&
+		    type != SSH_CMSG_AUTH_TIS_RESPONSE)
+			abandon_challenge_response(authctxt);
+
 		/* Process the packet. */
 		switch (type) {
commit	4f9f42a9bb6a6aa8f6100d873dc6344f2f9994de	[log] [tgz]
author	Damien Miller <djm@mindrot.org>	Sat May 10 19:28:02 2003 +1000
committer	Damien Miller <djm@mindrot.org>	Sat May 10 19:28:02 2003 +1000
tree	f81c39146e1cfabb4b198f57f60453b2dcaac299
parent	c437cda328b4733b59a7ed028b72e6b7f58f86e6 [diff] [blame]