|
 |
674526 |
From 5b64f85bb811246c59ebab70aed331f26ba37b18 Mon Sep 17 00:00:00 2001
|
|
|
674526 |
From: "djm@openbsd.org" <djm@openbsd.org>
|
|
|
674526 |
Date: Sat, 18 Jul 2015 07:57:14 +0000
|
|
|
674526 |
Subject: upstream commit
|
|
|
674526 |
|
|
|
674526 |
only query each keyboard-interactive device once per
|
|
|
674526 |
authentication request regardless of how many times it is listed; ok markus@
|
|
|
674526 |
|
|
|
674526 |
Upstream-ID: d73fafba6e86030436ff673656ec1f33d9ffeda1
|
|
|
674526 |
---
|
|
|
674526 |
auth2-chall.c | 11 ++++++++---
|
|
|
674526 |
1 file changed, 8 insertions(+), 3 deletions(-)
|
|
|
674526 |
|
|
|
674526 |
diff --git a/auth2-chall.c b/auth2-chall.c
|
|
|
674526 |
index ddabe1a..4aff09d 100644
|
|
|
674526 |
--- a/auth2-chall.c
|
|
|
674526 |
+++ b/auth2-chall.c
|
|
|
674526 |
@@ -83,6 +83,7 @@ struct KbdintAuthctxt
|
|
|
674526 |
void *ctxt;
|
|
|
674526 |
KbdintDevice *device;
|
|
|
674526 |
u_int nreq;
|
|
|
674526 |
+ u_int devices_done;
|
|
|
674526 |
};
|
|
|
674526 |
|
|
|
674526 |
#ifdef USE_PAM
|
|
|
674526 |
@@ -169,11 +170,15 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt)
|
|
|
674526 |
if (len == 0)
|
|
|
674526 |
break;
|
|
|
674526 |
for (i = 0; devices[i]; i++) {
|
|
|
674526 |
- if (!auth2_method_allowed(authctxt,
|
|
|
674526 |
+ if ((kbdintctxt->devices_done & (1 << i)) != 0 ||
|
|
|
674526 |
+ !auth2_method_allowed(authctxt,
|
|
|
674526 |
"keyboard-interactive", devices[i]->name))
|
|
|
674526 |
continue;
|
|
|
674526 |
- if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
|
|
|
674526 |
+ if (strncmp(kbdintctxt->devices, devices[i]->name,
|
|
|
674526 |
+ len) == 0) {
|
|
|
674526 |
kbdintctxt->device = devices[i];
|
|
|
674526 |
+ kbdintctxt->devices_done |= 1 << i;
|
|
|
674526 |
+ }
|
|
|
674526 |
}
|
|
|
674526 |
t = kbdintctxt->devices;
|
|
|
674526 |
kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
|
|
|
674526 |
--
|
|
|
674526 |
cgit v0.11.2
|
|
|
674526 |
|
|
|
674526 |
|