Improve ssh_userauth_kbdint.

git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@643 7dcaeef0-15fb-0310-b436-a5af3365683c
2009-04-29 10:46:45 +00:00 · 2009-04-29 10:46:45 +00:00 · 634a2d20b8
--- a/libssh/auth.c
+++ b/libssh/auth.c
@ -1228,75 +1228,99 @@ error:
  return rc;
 }
-/** \brief Try to authenticate through the "keyboard-interactive" method
+/**
- * \param session ssh session
+ * @brief Try to authenticate through the "keyboard-interactive" method.
- * \param user username to authenticate. You can specify NULL if
+ *
- * ssh_option_set_username() has been used. You cannot try two different logins in a row.
+ * @param session       The ssh session to use.
- * \param submethods undocumented. Set it to NULL
+ *
- * \returns SSH_AUTH_ERROR : a serious error happened\n
+ * @param user          The username to authenticate. You can specify NULL if
- * SSH_AUTH_DENIED : Authentication failed : use another method\n
+ *                      ssh_option_set_username() has been used. You cannot try
- * SSH_AUTH_PARTIAL : You've been partially authenticated, you still have to use another method\n
+ *                      two different logins in a row.
- * SSH_AUTH_SUCCESS : Authentication success\n
+ *
- * SSH_AUTH_INFO : The server asked some questions. Use ssh_userauth_kbdint_getnprompts() and such.
+ * @param submethods    Undocumented. Set it to NULL.
- * \see ssh_userauth_kbdint_getnprompts()
+ *
- * \see ssh_userauth_kbdint_getname()
+ * @returns SSH_AUTH_ERROR:   A serious error happened\n
- * \see ssh_userauth_kbdint_getinstruction()
+ *          SSH_AUTH_DENIED:  Authentication failed : use another method\n
- * \see ssh_userauth_kbdint_getprompt()
+ *          SSH_AUTH_PARTIAL: You've been partially authenticated, you still
- * \see ssh_userauth_kbdint_setanswer()
+ *                            have to use another method\n
 *          SSH_AUTH_SUCCESS: Authentication success\n
 *          SSH_AUTH_INFO:    The server asked some questions. Use
 *                            ssh_userauth_kbdint_getnprompts() and such.
 *
 * @see ssh_userauth_kbdint_getnprompts()
 * @see ssh_userauth_kbdint_getname()
 * @see ssh_userauth_kbdint_getinstruction()
 * @see ssh_userauth_kbdint_getprompt()
 * @see ssh_userauth_kbdint_setanswer()
 */
 int ssh_userauth_kbdint(SSH_SESSION *session, const char *user,
    const char *submethods) {
  int rc = SSH_AUTH_ERROR;
  if (session->version == 1) {
    /* No keyb-interactive for ssh1 */
    return SSH_AUTH_DENIED;
  }
-/* the heart of the whole keyboard interactive login */
+  enter_function();
-int ssh_userauth_kbdint(SSH_SESSION *session, const char *user, const char *submethods){
+
-    int err;
+  if (session->kbdint == NULL) {
-    if(session->version==1)
+    /* first time we call. we must ask for a challenge */
-        return SSH_AUTH_DENIED; // no keyb-interactive for ssh1
+    if (user == NULL) {
-    enter_function();
+      if ((user = session->options->username) == NULL) {
-    if( !session->kbdint){
+        if (ssh_options_default_username(session->options) < 0) {
-        /* first time we call. we must ask for a challenge */
+          leave_function();
-        if(!user)
+          return SSH_AUTH_ERROR;
-            if(!(user=session->options->username)){
+        } else {
-                if(ssh_options_default_username(session->options)){
+          user = session->options->username;
                    leave_function();
                	return SSH_AUTH_ERROR;
                } else
                    user=session->options->username;
            }
        if(ask_userauth(session)){
            leave_function();
        	return SSH_AUTH_ERROR;
        }
-        err=kbdauth_init(session,user,submethods);
+      }
        if(err!=SSH_AUTH_INFO){
            leave_function();
        	return err; /* error or first try success */
        }
        err=kbdauth_info_get(session);
        if(err==SSH_AUTH_ERROR){
            kbdint_free(session->kbdint);
            session->kbdint=NULL;
        }
        leave_function();
        return err;
    }
-    /* if we are at this point, it's because session->kbdint exists */
+
-    /* it means the user has set some informations there we need to send *
+    if (ask_userauth(session)) {
-     * the server. and then we need to ack the status (new questions or ok *
+      leave_function();
-     * pass in */
+      return SSH_AUTH_ERROR;
    err=kbdauth_send(session);
    kbdint_free(session->kbdint);
    session->kbdint=NULL;
    if(err!=SSH_AUTH_INFO){
        leave_function();
    	return err;
    }
-    err=kbdauth_info_get(session);
+
-    if(err==SSH_AUTH_ERROR){
+    rc = kbdauth_init(session, user, submethods);
-        kbdint_free(session->kbdint);
+    if (rc != SSH_AUTH_INFO) {
-        session->kbdint=NULL;
+      leave_function();
      return rc; /* error or first try success */
    }
    rc = kbdauth_info_get(session);
    if (rc == SSH_AUTH_ERROR) {
      kbdint_free(session->kbdint);
      session->kbdint = NULL;
    }
    leave_function();
-    return err;
+    return rc;
  }
  /*
   * If we are at this point, it ss because session->kbdint exists.
   * It means the user has set some informations there we need to send
   * the server and then we need to ack the status (new questions or ok
   * pass in).
   */
  rc = kbdauth_send(session);
  kbdint_free(session->kbdint);
  session->kbdint = NULL;
  if(rc != SSH_AUTH_INFO) {
    leave_function();
    return rc;
  }
  rc = kbdauth_info_get(session);
  if (rc == SSH_AUTH_ERROR) {
    kbdint_free(session->kbdint);
    session->kbdint = NULL;
  }
  leave_function();
  return rc;
 }
 /** You have called ssh_userauth_kbdint() and got SSH_AUTH_INFO. this