Overview

File 0001-auth-pam-Immediately-report-instructions-to-clients-and-fix-handling-in-ssh-client.patch of Package openssh

From 7c116ef927a8ef14d09065757f75560fa0ab79d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= <mail@3v1n0.net>
Date: Tue, 17 Oct 2023 04:04:13 +0200
Subject: [PATCH 1/6] auth: Add KbdintResult definition to define result values
 explicitly

kbdint result vfunc may return various values, so use an enum to make it
clearer what each result means without having to dig into the struct
documentation.
---
 auth-bsdauth.c |  2 +-
 auth-pam.c     | 10 +++++-----
 auth.h         |  5 +++++
 auth2-chall.c  |  4 ++--
 4 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/auth-bsdauth.c b/auth-bsdauth.c
index d124e994e77..ca41735debb 100644
--- a/auth-bsdauth.c
+++ b/auth-bsdauth.c
@@ -111,7 +111,7 @@ bsdauth_respond(void *ctx, u_int numresponses, char **responses)
 	authctxt->as = NULL;
 	debug3("bsdauth_respond: <%s> = <%d>", responses[0], authok);
 
-	return (authok == 0) ? -1 : 0;
+	return (authok == 0) ? KbdintResultFailure : KbdintResultSuccess;
 }
 
 static void
diff --git a/auth-pam.c b/auth-pam.c
index b49d415e7c7..86137a1acdb 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -990,15 +990,15 @@ sshpam_respond(void *ctx, u_int num, char **resp)
 	switch (ctxt->pam_done) {
 	case 1:
 		sshpam_authenticated = 1;
-		return (0);
+		return KbdintResultSuccess;
 	case 0:
 		break;
 	default:
-		return (-1);
+		return KbdintResultFailure;
 	}
 	if (num != 1) {
 		error("PAM: expected one response, got %u", num);
-		return (-1);
+		return KbdintResultFailure;
 	}
 	if ((buffer = sshbuf_new()) == NULL)
 		fatal_f("sshbuf_new failed");
@@ -1015,10 +1015,10 @@ sshpam_respond(void *ctx, u_int num, char **resp)
 	}
 	if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, buffer) == -1) {
 		sshbuf_free(buffer);
-		return (-1);
+		return KbdintResultFailure;
 	}
 	sshbuf_free(buffer);
-	return (1);
+	return KbdintResultAgain;
 }
 
 static void
diff --git a/auth.h b/auth.h
index 6d2d3976234..aac1e92d9cd 100644
--- a/auth.h
+++ b/auth.h
@@ -51,6 +51,7 @@ struct sshauthopt;
 typedef struct Authctxt Authctxt;
 typedef struct Authmethod Authmethod;
 typedef struct KbdintDevice KbdintDevice;
+typedef int KbdintResult;
 
 struct Authctxt {
 	sig_atomic_t	 success;
@@ -111,6 +112,10 @@ struct Authmethod {
# 	int	*enabled;
 	int	(*userauth)(struct ssh *, const char *);
 };
 
+#define KbdintResultFailure -1
+#define KbdintResultSuccess 0
+#define KbdintResultAgain 1
+
 /*
  * Keyboard interactive device:
  * init_ctx	returns: non NULL upon success
diff --git a/auth2-chall.c b/auth2-chall.c
index 021df829173..047d4e83c33 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -331,11 +331,11 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh)
 	free(response);
 
 	switch (res) {
-	case 0:
+	case KbdintResultSuccess:
 		/* Success! */
 		authenticated = authctxt->valid ? 1 : 0;
 		break;
-	case 1:
+	case KbdintResultAgain:
 		/* Authentication needs further interaction */
 		if (send_userauth_info_request(ssh) == 1)
 			authctxt->postponed = 1;
openSUSE Build Service is sponsored by
Places