- dtucker@cvs.openbsd.org 2005/01/19 13:11:47 [auth-bsdauth.c auth2-chall.c] Have keyboard-interactive code call the drivers even for responses for invalid logins. This allows the drivers themselves to decide how to handle them and prevent leaking information where possible. Existing behaviour for bsdauth is maintained by checking authctxt->valid in the bsdauth driver. Note that any third-party kbdint drivers will now need to be able to handle responses for invalid logins. ok markus@

commit: 611649ebf093bf030f2dde18103dde8c1af9226c [log] [tgz]
author: Darren Tucker <dtucker@zip.com.au> Thu Jan 20 11:05:34 2005 +1100
committer: Darren Tucker <dtucker@zip.com.au> Thu Jan 20 11:05:34 2005 +1100
tree: 123d4895161d5a2b0fe9b07b295ac310d3000bc6
parent: ea7c8127ce64879f81d6267897162a2fbf173124 [diff] [blame]
diff --git a/auth-bsdauth.c b/auth-bsdauth.c
index 2ac27a7..920c977 100644
--- a/auth-bsdauth.c
+++ b/auth-bsdauth.c

@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: auth-bsdauth.c,v 1.5 2002/06/30 21:59:45 deraadt Exp $");
+RCSID("$OpenBSD: auth-bsdauth.c,v 1.6 2005/01/19 13:11:47 dtucker Exp $");
 
 #ifdef BSD_AUTH
 #include "xmalloc.h"
@@ -83,6 +83,9 @@
 	Authctxt *authctxt = ctx;
 	int authok;
 
+	if (!authctxt->valid)
+		return -1;
+
 	if (authctxt->as == 0)
 		error("bsdauth_respond: no bsd auth session");
commit	611649ebf093bf030f2dde18103dde8c1af9226c	[log] [tgz]
author	Darren Tucker <dtucker@zip.com.au>	Thu Jan 20 11:05:34 2005 +1100
committer	Darren Tucker <dtucker@zip.com.au>	Thu Jan 20 11:05:34 2005 +1100
tree	123d4895161d5a2b0fe9b07b295ac310d3000bc6
parent	ea7c8127ce64879f81d6267897162a2fbf173124 [diff] [blame]