- markus@cvs.openbsd.org 2001/05/18 14:13:29

[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c] improved kbd-interactive support. work by per@appgate.com and me
2025-07-31 01:35:11 +02:00 · 2001-06-05 18:56:16 +00:00 · 2001-06-05 18:56:16 +00:00 · 551ea37576
commit 551ea37576
parent c4bcb7d9e3
13 changed files with 349 additions and 148 deletions
--- a/9
+++ b/9
@ -3,7 +3,12 @@
   - markus@cvs.openbsd.org 2001/05/17 21:34:15                                 
     [ssh.1]                                                                    
     no spaces in PreferredAuthentications; 
-     meixner@rbg.informatik.tu-darmstadt.de                                                                              
+     meixner@rbg.informatik.tu-darmstadt.de
   - markus@cvs.openbsd.org 2001/05/18 14:13:29
     [auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c 
      readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
     improved kbd-interactive support. work by per@appgate.com and me
 20010528
 - (tim) [conifgure.in] add setvbuf test needed for sftp-int.c
   Patch by Corinna Vinschen <vinschen@redhat.com>
@ -5433,4 +5438,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.1227 2001/06/05 18:39:10 mouring Exp $
+$Id: ChangeLog,v 1.1228 2001/06/05 18:56:16 mouring Exp $
--- a/auth-chall.c
+++ b/auth-chall.c
@ -23,82 +23,60 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth-chall.c,v 1.7 2001/04/05 10:42:47 markus Exp $");
+RCSID("$OpenBSD: auth-chall.c,v 1.8 2001/05/18 14:13:28 markus Exp $");
 #include "auth.h"
 #include "log.h"
 #include "xmalloc.h"
 /* limited protocol v1 interface to kbd-interactive authentication */
 extern KbdintDevice *devices[];
 static KbdintDevice *device;
 #ifdef BSD_AUTH
 char *
-get_challenge(Authctxt *authctxt, char *devs)
+get_challenge(Authctxt *authctxt)
 {
-	char *challenge;
+	char *challenge, *name, *info, **prompts;
 	u_int i, numprompts;
 	u_int *echo_on;
-	if (authctxt->as != NULL) {
+	device = devices[0]; /* we always use the 1st device for protocol 1 */
-		debug2("try reuse session");
+	if (device == NULL)
-		challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE);
+		return NULL;
-		if (challenge != NULL) {
+	if ((authctxt->kbdintctxt = device->init_ctx(authctxt)) == NULL)
-			debug2("reuse bsd auth session");
+		return NULL;
-			return challenge;
+	if (device->query(authctxt->kbdintctxt, &name, &info,
-		}
+	    &numprompts, &prompts, &echo_on)) {
-		auth_close(authctxt->as);
+		device->free_ctx(authctxt->kbdintctxt);
-		authctxt->as = NULL;
+		authctxt->kbdintctxt = NULL;
 		return NULL;
 	}
-	debug2("new bsd auth session");
+	if (numprompts < 1)
-	if (devs == NULL || strlen(devs) == 0)
+		fatal("get_challenge: numprompts < 1");
-		devs = authctxt->style;
+	challenge = xstrdup(prompts[0]);
-	debug3("bsd auth: devs %s", devs ? devs : "<default>");
+	for (i = 0; i < numprompts; i++)
-	authctxt->as = auth_userchallenge(authctxt->user, devs, "auth-ssh",
+		xfree(prompts[i]);
-	    &challenge);
+	xfree(prompts);
-	if (authctxt->as == NULL)
+	xfree(name);
-		return NULL;
+	xfree(echo_on);
-	debug2("get_challenge: <%s>", challenge ? challenge : "EMPTY");
+	xfree(info);
 	return challenge;
 }
 int
 verify_response(Authctxt *authctxt, char *response)
 {
 	int authok;
-	if (authctxt->as == 0)
+	return (challenge);
 		error("verify_response: no bsd auth session");
 	authok = auth_userresponse(authctxt->as, response, 0);
 	authctxt->as = NULL;
 	debug("verify_response: <%s> = <%d>", response, authok);
 	return authok != 0;
 }
-#else
+int
-#ifdef SKEY
+verify_response(Authctxt *authctxt, const char *response)
-#include <skey.h>
+{
 	char *resp[1];
 	int res;
-char *
+	if (device == NULL)
-get_challenge(Authctxt *authctxt, char *devs)
+		return 0;
-{
+	if (authctxt->kbdintctxt == NULL)
-	static char challenge[1024];
+		return 0;
-	struct skey skey;
+	resp[0] = (char *)response;
-	if (skeychallenge(&skey, authctxt->user, challenge) == -1)
+	res = device->respond(authctxt->kbdintctxt, 1, resp);
-		return NULL;
+	device->free_ctx(authctxt->kbdintctxt);
-	strlcat(challenge, "\nS/Key Password: ", sizeof challenge);
+	authctxt->kbdintctxt = NULL;
-	return challenge;
+	return res ? 0 : 1;
 }
 int
 verify_response(Authctxt *authctxt, char *response)
 {
 	return (authctxt->valid &&
 	    skey_haskey(authctxt->pw->pw_name) == 0 &&
 	    skey_passcheck(authctxt->pw->pw_name, response) != -1);
 }
 #else
 /* not available */
 char *
 get_challenge(Authctxt *authctxt, char *devs)
 {
 	return NULL;
 }
 int
 verify_response(Authctxt *authctxt, char *response)
 {
 	return 0;
 }
 #endif
 #endif
--- a/auth.h
+++ b/auth.h
@ -21,7 +21,7 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
- * $OpenBSD: auth.h,v 1.15 2001/04/12 19:15:24 markus Exp $
+ * $OpenBSD: auth.h,v 1.16 2001/05/18 14:13:28 markus Exp $
 */
 #ifndef AUTH_H
 #define AUTH_H
@ -36,6 +36,8 @@
 #endif
 typedef struct Authctxt Authctxt;
 typedef struct KbdintDevice KbdintDevice;
 struct Authctxt {
 	int success;
 	int postponed;
@ -46,11 +48,30 @@ struct Authctxt {
 	char *service;
 	struct passwd *pw;
 	char *style;
 	void *kbdintctxt;
 #ifdef BSD_AUTH
 	auth_session_t *as;
 #endif
 };
 /*
 * Keyboard interactive device:
 * init_ctx	returns: non NULL upon success 
 * query	returns: 0 - success, otherwise failure 
 * respond	returns: 0 - success, 1 - need further interaction,
 *		otherwise - failure
 */
 struct KbdintDevice
 {
 	const char *name;
 	void*	(*init_ctx)	__P((Authctxt*));
 	int	(*query)	__P((void *ctx, char **name, char **infotxt,
 				u_int *numprompts, char ***prompts,
 				u_int **echo_on));
 	int	(*respond)	__P((void *ctx, u_int numresp, char **responses));
 	void	(*free_ctx)	__P((void *ctx));
 };
 /*
 * Tries to authenticate the user using the .rhosts file.  Returns true if
 * authentication succeeds.  If ignore_rhosts is non-zero, this will not
@ -133,8 +154,8 @@ int	auth2_challenge(Authctxt *authctxt, char *devs);
 int	allowed_user(struct passwd * pw);
-char	*get_challenge(Authctxt *authctxt, char *devs);
+char	*get_challenge(Authctxt *authctxt);
-int	verify_response(Authctxt *authctxt, char *response);
+int	verify_response(Authctxt *authctxt, const char *response);
 struct passwd * auth_get_user(void);
--- a/auth1.c
+++ b/auth1.c
@ -10,7 +10,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.22 2001/03/23 12:02:49 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.23 2001/05/18 14:13:28 markus Exp $");
 #include "xmalloc.h"
 #include "rsa.h"
@ -271,12 +271,13 @@ do_authloop(Authctxt *authctxt)
 		case SSH_CMSG_AUTH_TIS:
 			debug("rcvd SSH_CMSG_AUTH_TIS");
-			if (options.challenge_reponse_authentication == 1) {
+			if (options.challenge_response_authentication == 1) {
-				char *challenge = get_challenge(authctxt, authctxt->style);
+				char *challenge = get_challenge(authctxt);
 				if (challenge != NULL) {
 					debug("sending challenge '%s'", challenge);
 					packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
 					packet_put_cstring(challenge);
 					xfree(challenge);
 					packet_send();
 					packet_write_wait();
 					continue;
@ -285,7 +286,7 @@ do_authloop(Authctxt *authctxt)
 			break;
 		case SSH_CMSG_AUTH_TIS_RESPONSE:
 			debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
-			if (options.challenge_reponse_authentication == 1) {
+			if (options.challenge_response_authentication == 1) {
 				char *response = packet_get_string(&dlen);
 				debug("got response '%s'", response);
 				packet_integrity_check(plen, 4 + dlen, type);
--- a/auth2-chall.c
+++ b/auth2-chall.c
@ -1,5 +1,6 @@
 /*
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 * Copyright (c) 2001 Per Allansson.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@ -22,91 +23,285 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth2-chall.c,v 1.4 2001/03/28 22:43:31 markus Exp $");
+RCSID("$OpenBSD: auth2-chall.c,v 1.5 2001/05/18 14:13:28 markus Exp $");
 #include "ssh2.h"
 #include "auth.h"
 #include "packet.h"
 #include "xmalloc.h"
 #include "dispatch.h"
 #include "auth.h"
 #include "log.h"
-void send_userauth_into_request(Authctxt *authctxt, char *challenge, int echo);
+static int auth2_challenge_start(Authctxt *authctxt);
-void input_userauth_info_response(int type, int plen, void *ctxt);
+static int send_userauth_info_request(Authctxt *authctxt);
 static void input_userauth_info_response(int type, int plen, void *ctxt);
 #ifdef BSD_AUTH
 extern KbdintDevice bsdauth_device;
 #else
 #ifdef SKEY
 extern KbdintDevice skey_device;
 #endif
 #endif
 KbdintDevice *devices[] = {
 #ifdef BSD_AUTH
 	&bsdauth_device,
 #else
 #ifdef SKEY
 	&skey_device,
 #endif
 #endif
 	NULL
 };
 typedef struct KbdintAuthctxt KbdintAuthctxt;
 struct KbdintAuthctxt
 {
 	char *devices;
 	void *ctxt;
 	KbdintDevice *device;
 };
 KbdintAuthctxt *
 kbdint_alloc(const char *devs)
 {
 	KbdintAuthctxt *kbdintctxt;
 	int i;
 	char buf[1024];
 	kbdintctxt = xmalloc(sizeof(KbdintAuthctxt));
 	if (strcmp(devs, "") == 0) {
 		buf[0] = '\0';
 		for (i = 0; devices[i]; i++) {
 			if (i != 0)
 				strlcat(buf, ",", sizeof(buf));
 			strlcat(buf, devices[i]->name, sizeof(buf));
 		}
 		debug("kbdint_alloc: devices '%s'", buf);
 		kbdintctxt->devices = xstrdup(buf);
 	} else {
 		kbdintctxt->devices = xstrdup(devs);
 	}
 	kbdintctxt->ctxt = NULL;
 	kbdintctxt->device = NULL;
 	return kbdintctxt;
 }
 void
 kbdint_reset_device(KbdintAuthctxt *kbdintctxt)
 {
 	if (kbdintctxt->ctxt) {
 		kbdintctxt->device->free_ctx(kbdintctxt->ctxt);
 		kbdintctxt->ctxt = NULL;
 	}
 	kbdintctxt->device = NULL;
 }
 void
 kbdint_free(KbdintAuthctxt *kbdintctxt)
 {
 	if (kbdintctxt->device)
 		kbdint_reset_device(kbdintctxt);
 	if (kbdintctxt->devices) {
 		xfree(kbdintctxt->devices);
 		kbdintctxt->devices = NULL;
 	}
 	xfree(kbdintctxt);
 }
 /* get next device */
 int
 kbdint_next_device(KbdintAuthctxt *kbdintctxt)
 {
 	size_t len;
 	char *t;
 	int i;
 	if (kbdintctxt->device)
 		kbdint_reset_device(kbdintctxt);
 	do {
 		len = kbdintctxt->devices ?
 		    strcspn(kbdintctxt->devices, ",") : 0;
 		if (len == 0)
 			break;
 		for (i = 0; devices[i]; i++)
 			if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
 				kbdintctxt->device = devices[i];
 		t = kbdintctxt->devices;
 		kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
 		xfree(t);
 		debug2("kbdint_next_device: devices %s", kbdintctxt->devices ?
 		   kbdintctxt->devices : "<empty>");
 	} while (kbdintctxt->devices && !kbdintctxt->device);
 	return kbdintctxt->device ? 1 : 0;
 }
 /*
- * try challenge-reponse, return -1 (= postponed) if we have to
+ * try challenge-reponse, set authctxt->postponed if we have to
 * wait for the response.
 */
 int
 auth2_challenge(Authctxt *authctxt, char *devs)
 {
-	char *challenge;
+	debug("auth2_challenge: user=%s devs=%s",
 	    authctxt->user ? authctxt->user : "<nouser>",
 	    devs ? devs : "<no devs>");
-	if (!authctxt->valid || authctxt->user == NULL)
+	if (!authctxt->valid || authctxt->user == NULL || !devs)
 		return 0;
-	if ((challenge = get_challenge(authctxt, devs)) == NULL)
+	if (authctxt->kbdintctxt == NULL) 
 		authctxt->kbdintctxt = kbdint_alloc(devs);
 	return auth2_challenge_start(authctxt);
 }
 /* side effect: sets authctxt->postponed if a reply was sent*/
 static int
 auth2_challenge_start(Authctxt *authctxt)
 {
 	KbdintAuthctxt *kbdintctxt = authctxt->kbdintctxt;
 	debug2("auth2_challenge_start: devices %s",
 	    kbdintctxt->devices ?  kbdintctxt->devices : "<empty>");
 	if (kbdint_next_device(kbdintctxt) == 0) {
 		kbdint_free(kbdintctxt);
 		authctxt->kbdintctxt = NULL;
 		return 0;
-	send_userauth_into_request(authctxt, challenge, 0);
+	}
 	debug("auth2_challenge_start: trying authentication method '%s'",
 	    kbdintctxt->device->name);
 	if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) {
 		kbdint_free(kbdintctxt);
 		authctxt->kbdintctxt = NULL;
 		return 0;
 	}
 	if (send_userauth_info_request(authctxt) == 0) {
 		kbdint_free(kbdintctxt);
 		authctxt->kbdintctxt = NULL;
 		return 0;
 	}
 	dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
 	    &input_userauth_info_response);
 	authctxt->postponed = 1;
 	return 0;
 }
-void
+static int
-send_userauth_into_request(Authctxt *authctxt, char *challenge, int echo)
+send_userauth_info_request(Authctxt *authctxt)
 {
-	int nprompts = 1;
+	KbdintAuthctxt *kbdintctxt;
 	char *name, *instr, **prompts;
 	int i;
 	u_int numprompts, *echo_on;
 	kbdintctxt = authctxt->kbdintctxt;
 	if (kbdintctxt->device->query(kbdintctxt->ctxt,
 	    &name, &instr, &numprompts, &prompts, &echo_on))
 		return 0;
 	packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
-	/* name, instruction and language are unused */
+	packet_put_cstring(name);
-	packet_put_cstring("");
+	packet_put_cstring(instr);
-	packet_put_cstring("");
+	packet_put_cstring(""); 	/* language not used */
-	packet_put_cstring("");
+	packet_put_int(numprompts);
-	packet_put_int(nprompts);
+	for (i = 0; i < numprompts; i++) {
-	packet_put_cstring(challenge);
+		packet_put_cstring(prompts[i]);
-	packet_put_char(echo);
+		packet_put_char(echo_on[i]);
 	}
 	packet_send();
 	packet_write_wait();
 	for (i = 0; i < numprompts; i++)
 		xfree(prompts[i]);
 	xfree(prompts);
 	xfree(echo_on);
 	xfree(name);
 	xfree(instr);
 	return 1;
 }
-void
+static void
 input_userauth_info_response(int type, int plen, void *ctxt)
 {
 	Authctxt *authctxt = ctxt;
-	int authenticated = 0;
+	KbdintAuthctxt *kbdintctxt;
-	u_int nresp, rlen;
+	int i, authenticated = 0, res, len;
-	char *response, *method = "challenge-reponse";
+	u_int nresp;
 	char **response = NULL, *method;
 	if (authctxt == NULL)
 		fatal("input_userauth_info_response: no authctxt");
 	kbdintctxt = authctxt->kbdintctxt;
 	if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
 		fatal("input_userauth_info_response: no kbdintctxt");
 	if (kbdintctxt->device == NULL)
 		fatal("input_userauth_info_response: no device");
 	authctxt->postponed = 0;	/* reset */
 	nresp = packet_get_int();
-	if (nresp == 1) {
+	if (nresp > 0) {
-		response = packet_get_string(&rlen);
+		response = xmalloc(nresp * sizeof(char*));
-		packet_done();
+		for (i = 0; i < nresp; i++)
-		if (strlen(response) == 0) {
+			response[i] = packet_get_string(NULL);
 			/*
 			 * if we received an empty response, resend challenge
 			 * with echo enabled
 			 */
 			char *challenge = get_challenge(authctxt, NULL);
 			if (challenge != NULL) {
 				send_userauth_into_request(authctxt,
 				    challenge, 1);
 				authctxt->postponed = 1;
 			}
 		} else if (authctxt->valid) {
 			authenticated = verify_response(authctxt, response);
 			memset(response, 'r', rlen);
 		}
 		xfree(response);
 	}
-	/* unregister callback */
+	packet_done();
-	if (!authctxt->postponed)
+
 	if (authctxt->valid) {
 		res = kbdintctxt->device->respond(kbdintctxt->ctxt,
 		    nresp, response);
 	} else {
 		res = -1;
 	}
 	for (i = 0; i < nresp; i++) {
 		memset(response[i], 'r', strlen(response[i]));
 		xfree(response[i]);
 	}
 	if (response)
 		xfree(response);
 	switch (res) {
 	case 0:
 		/* Success! */
 		authenticated = 1;
 		break;
 	case 1:
 		/* Authentication needs further interaction */
 		authctxt->postponed = 1;
 		if (send_userauth_info_request(authctxt) == 0) {
 			authctxt->postponed = 0;
 		}
 		break;
 	default:
 		/* Failure! */
 		break;
 	}
 	len = strlen("keyboard-interactive") + 2 +
 		strlen(kbdintctxt->device->name);
 	method = xmalloc(len);
 	method[0] = '\0';
 	strlcat(method, "keyboard-interactive", len);
 	strlcat(method, "/", len);
 	strlcat(method, kbdintctxt->device->name, len);
 	if (!authctxt->postponed) {
 		/* unregister callback */
 		dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
 		if (authenticated) {
 			kbdint_free(kbdintctxt);
 			authctxt->kbdintctxt = NULL;
 		} else {
 			/* start next device */
 			/* may set authctxt->postponed */
 			auth2_challenge_start(authctxt);
 		}
 	}
 	userauth_finish(authctxt, authenticated, method);
 	xfree(method);
 }
--- a/auth2.c
+++ b/auth2.c
@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.56 2001/04/19 00:05:11 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.57 2001/05/18 14:13:28 markus Exp $");
 #include <openssl/evp.h>
@ -51,6 +51,7 @@ RCSID("$OpenBSD: auth2.c,v 1.56 2001/04/19 00:05:11 markus Exp $");
 #include "hostfile.h"
 #include "canohost.h"
 #include "tildexpand.h"
 #include "match.h"
 /* import */
 extern ServerOptions options;
@ -125,7 +126,7 @@ do_authentication2()
 	x_authctxt = authctxt;		/*XXX*/
 	/* challenge-reponse is implemented via keyboard interactive */
-	if (options.challenge_reponse_authentication)
+	if (options.challenge_response_authentication)
 		options.kbd_interactive_authentication = 1;
 	if (options.pam_authentication_via_kbd_int)
 		options.kbd_interactive_authentication = 1;
@ -400,24 +401,23 @@ int
 userauth_kbdint(Authctxt *authctxt)
 {
 	int authenticated = 0;
-	char *lang = NULL;
+	char *lang, *devs;
 	char *devs = NULL;
 	lang = packet_get_string(NULL);
 	devs = packet_get_string(NULL);
 	packet_done();
-	debug("keyboard-interactive language %s devs %s", lang, devs);
+	debug("keyboard-interactive devs %s", devs);
-	if (options.challenge_reponse_authentication)
+	if (options.challenge_response_authentication)
 		authenticated = auth2_challenge(authctxt, devs);
 #ifdef USE_PAM
 	if (authenticated == 0 && options.pam_authentication_via_kbd_int)
 		authenticated = auth2_pam(authctxt);
 #endif
 	xfree(lang);
 	xfree(devs);
 	xfree(lang);
 #ifdef HAVE_CYGWIN
 	if (check_nt_auth(0, authctxt->pw->pw_uid) == 0)
 		return(0);
--- a/readconf.c
+++ b/readconf.c
@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.77 2001/04/30 11:18:51 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.78 2001/05/18 14:13:28 markus Exp $");
 #include "ssh.h"
 #include "xmalloc.h"
@ -333,7 +333,7 @@ parse_flag:
 		goto parse_flag;
 	case oChallengeResponseAuthentication:
-		intptr = &options->challenge_reponse_authentication;
+		intptr = &options->challenge_response_authentication;
 		goto parse_flag;
 #ifdef KRB4
@ -723,7 +723,7 @@ initialize_options(Options * options)
 	options->rhosts_authentication = -1;
 	options->rsa_authentication = -1;
 	options->pubkey_authentication = -1;
-	options->challenge_reponse_authentication = -1;
+	options->challenge_response_authentication = -1;
 #ifdef KRB4
 	options->kerberos_authentication = -1;
 #endif
@ -797,8 +797,8 @@ fill_default_options(Options * options)
 		options->rsa_authentication = 1;
 	if (options->pubkey_authentication == -1)
 		options->pubkey_authentication = 1;
-	if (options->challenge_reponse_authentication == -1)
+	if (options->challenge_response_authentication == -1)
-		options->challenge_reponse_authentication = 0;
+		options->challenge_response_authentication = 0;
 #ifdef KRB4
 	if (options->kerberos_authentication == -1)
 		options->kerberos_authentication = 1;
--- a/readconf.h
+++ b/readconf.h
@ -11,7 +11,7 @@
 * called by a name other than "ssh" or "Secure Shell".
 */
-/* RCSID("$OpenBSD: readconf.h,v 1.31 2001/04/30 11:18:52 markus Exp $"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.32 2001/05/18 14:13:29 markus Exp $"); */
 #ifndef READCONF_H
 #define READCONF_H
@ -39,7 +39,7 @@ typedef struct {
 	int     rsa_authentication;	/* Try RSA authentication. */
 	int     pubkey_authentication;	/* Try ssh2 pubkey authentication. */
 	int     hostbased_authentication;	/* ssh2's rhosts_rsa */
-	int     challenge_reponse_authentication;
+	int     challenge_response_authentication;
 					/* Try S/Key or TIS, authentication. */
 #ifdef KRB4
 	int     kerberos_authentication;	/* Try Kerberos
--- a/servconf.c
+++ b/servconf.c
@ -10,7 +10,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.79 2001/05/03 21:43:01 stevesk Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.80 2001/05/18 14:13:29 markus Exp $");
 #ifdef KRB4
 #include <krb.h>
@ -81,7 +81,7 @@ initialize_server_options(ServerOptions *options)
 #endif
 	options->password_authentication = -1;
 	options->kbd_interactive_authentication = -1;
-	options->challenge_reponse_authentication = -1;
+	options->challenge_response_authentication = -1;
 	options->permit_empty_passwd = -1;
 	options->use_login = -1;
 	options->allow_tcp_forwarding = -1;
@ -186,8 +186,8 @@ fill_default_server_options(ServerOptions *options)
 		options->password_authentication = 1;
 	if (options->kbd_interactive_authentication == -1)
 		options->kbd_interactive_authentication = 0;
-	if (options->challenge_reponse_authentication == -1)
+	if (options->challenge_response_authentication == -1)
-		options->challenge_reponse_authentication = 1;
+		options->challenge_response_authentication = 1;
 	if (options->permit_empty_passwd == -1)
 		options->permit_empty_passwd = 0;
 	if (options->use_login == -1)
@ -603,7 +603,7 @@ parse_flag:
 			goto parse_flag;
 		case sChallengeResponseAuthentication:
-			intptr = &options->challenge_reponse_authentication;
+			intptr = &options->challenge_response_authentication;
 			goto parse_flag;
 		case sPrintMotd:
--- a/servconf.h
+++ b/servconf.h
@ -11,7 +11,7 @@
 * called by a name other than "ssh" or "Secure Shell".
 */
-/* RCSID("$OpenBSD: servconf.h,v 1.41 2001/04/13 22:46:53 beck Exp $"); */
+/* RCSID("$OpenBSD: servconf.h,v 1.42 2001/05/18 14:13:29 markus Exp $"); */
 #ifndef SERVCONF_H
 #define SERVCONF_H
@ -92,7 +92,7 @@ typedef struct {
 	int     password_authentication;	/* If true, permit password
 						 * authentication. */
 	int     kbd_interactive_authentication;	/* If true, permit */
-	int     challenge_reponse_authentication;
+	int     challenge_response_authentication;
 	int     permit_empty_passwd;	/* If false, do not permit empty
 					 * passwords. */
 	int     use_login;	/* If true, login(1) is used */
--- a/sshconnect1.c
+++ b/sshconnect1.c
@ -13,7 +13,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.31 2001/04/17 08:14:01 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.32 2001/05/18 14:13:29 markus Exp $");
 #include <openssl/bn.h>
 #include <openssl/evp.h>
@ -616,7 +616,7 @@ send_afs_tokens(void)
 * Note that the client code is not tied to s/key or TIS.
 */
 int
-try_challenge_reponse_authentication(void)
+try_challenge_response_authentication(void)
 {
 	int type, i;
 	int payload_len;
@ -1024,8 +1024,8 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
 	}
 	/* Try challenge response authentication if the server supports it. */
 	if ((supported_authentications & (1 << SSH_AUTH_TIS)) &&
-	    options.challenge_reponse_authentication && !options.batch_mode) {
+	    options.challenge_response_authentication && !options.batch_mode) {
-		if (try_challenge_reponse_authentication())
+		if (try_challenge_response_authentication())
 			return;
 	}
 	/* Try password authentication if the server supports it. */
--- a/sshconnect2.c
+++ b/sshconnect2.c
@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.72 2001/04/18 23:43:26 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.73 2001/05/18 14:13:29 markus Exp $");
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@ -229,7 +229,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
 	int type;
 	int plen;
-	if (options.challenge_reponse_authentication)
+	if (options.challenge_response_authentication)
 		options.kbd_interactive_authentication = 1;
 	debug("send SSH2_MSG_SERVICE_REQUEST");
@ -787,6 +787,7 @@ input_userauth_info_req(int type, int plen, void *ctxt)
 	packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE);
 	packet_put_int(num_prompts);
 	debug2("input_userauth_info_req: num_prompts %d", num_prompts);
 	for (i = 0; i < num_prompts; i++) {
 		prompt = packet_get_string(NULL);
 		echo = packet_get_char();
--- a/sshd.c
+++ b/sshd.c
@ -40,7 +40,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.195 2001/04/15 16:58:03 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.196 2001/05/18 14:13:29 markus Exp $");
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@ -1265,7 +1265,7 @@ do_ssh1_kex(void)
 	if (options.afs_token_passing)
 		auth_mask |= 1 << SSH_PASS_AFS_TOKEN;
 #endif
-	if (options.challenge_reponse_authentication == 1)
+	if (options.challenge_response_authentication == 1)
 		auth_mask |= 1 << SSH_AUTH_TIS;
 	if (options.password_authentication)
 		auth_mask |= 1 << SSH_AUTH_PASSWORD;