diff cli-auth.c @ 45:9ee8996a375f

Pubkey auth is mostly there for the client. Something strange with remote hostkey verification though.
author Matt Johnston <matt@ucc.asn.au>
date Tue, 03 Aug 2004 17:26:56 +0000
parents 942b22d7dd1c
children eee77ac31ccc
line wrap: on
line diff
--- a/cli-auth.c	Tue Aug 03 15:51:55 2004 +0000
+++ b/cli-auth.c	Tue Aug 03 17:26:56 2004 +0000
@@ -7,7 +7,6 @@
 #include "packet.h"
 #include "runopts.h"
 
-#undef DROPBEAR_PUBKEY_AUTH
 
 void cli_authinitialise() {
 
@@ -30,7 +29,6 @@
 	buf_putstring(ses.writepayload, "none", 4); /* 'none' method */
 
 	encrypt_packet();
-	cli_ses.state = USERAUTH_METHODS_SENT;
 	TRACE(("leave cli_auth_getmethods"));
 
 }
@@ -88,6 +86,20 @@
 	TRACE(("<- MSG_USERAUTH_FAILURE"));
 	TRACE(("enter recv_msg_userauth_failure"));
 
+	if (cli_ses.state != USERAUTH_REQ_SENT) {
+		/* Perhaps we should be more fatal? */
+		TRACE(("But we didn't send a userauth request!!!!!!"));
+		return;
+	}
+
+#ifdef DROPBEAR_PUBKEY_AUTH
+	/* If it was a pubkey auth request, we should cross that key 
+	 * off the list. */
+	if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
+		cli_pubkeyfail();
+	}
+#endif
+
 	methods = buf_getstring(ses.payload, &methlen);
 
 	partial = buf_getbyte(ses.payload);
@@ -154,12 +166,14 @@
 #ifdef DROPBEAR_PUBKEY_AUTH
 	if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
 		finished = cli_auth_pubkey();
+		cli_ses.lastauthtype = AUTH_TYPE_PUBKEY;
 	}
 #endif
 
 #ifdef DROPBEAR_PASSWORD_AUTH
 	if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
 		finished = cli_auth_password();
+		cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
 	}
 #endif
 
@@ -167,6 +181,5 @@
 		dropbear_exit("No auth methods could be used.");
 	}
 
-	cli_ses.state = USERAUTH_REQ_SENT;
 	TRACE(("leave cli_auth_try"));
 }