Simon points out that r5068 broke keyboard-interactive with multiple

[PuTTY.git] / ssh.c

diff --git a/ssh.c b/ssh.c
index 63ea66a42088176e73c3fe92fdde7908c3d6045c..736c1fb1d653bf32edfef4dbe8fd2fb686c2a0e8 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -2834,8 +2834,11 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
        }
 
        /* Warn about chosen cipher if necessary. */
-       if (warn)
+       if (warn) {
+            sk_set_frozen(ssh->s, 1);
            askalg(ssh->frontend, "cipher", cipher_string);
+            sk_set_frozen(ssh->s, 0);
+        }
     }
 
     switch (s->cipher_type) {
@@ -4889,9 +4892,12 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen,
                ssh->kex = k;
            }
            if (ssh->kex) {
-               if (s->warn)
+               if (s->warn) {
+                    sk_set_frozen(ssh->s, 1);
                    askalg(ssh->frontend, "key-exchange algorithm",
                           ssh->kex->name);
+                    sk_set_frozen(ssh->s, 0);
+                }
                break;
            }
        }
@@ -4922,9 +4928,12 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen,
                }
            }
            if (s->cscipher_tobe) {
-               if (s->warn)
+               if (s->warn) {
+                    sk_set_frozen(ssh->s, 1);
                    askalg(ssh->frontend, "client-to-server cipher",
                           s->cscipher_tobe->name);
+                    sk_set_frozen(ssh->s, 0);
+                }
                break;
            }
        }
@@ -4949,9 +4958,12 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen,
                }
            }
            if (s->sccipher_tobe) {
-               if (s->warn)
+               if (s->warn) {
+                    sk_set_frozen(ssh->s, 1);
                    askalg(ssh->frontend, "server-to-client cipher",
                           s->sccipher_tobe->name);
+                    sk_set_frozen(ssh->s, 0);
+                }
                break;
            }
        }
@@ -5108,9 +5120,11 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen,
      */
     s->keystr = ssh->hostkey->fmtkey(s->hkey);
     s->fingerprint = ssh->hostkey->fingerprint(s->hkey);
+    sk_set_frozen(ssh->s, 1);
     verify_ssh_host_key(ssh->frontend,
                        ssh->savedhost, ssh->savedport, ssh->hostkey->keytype,
                        s->keystr, s->fingerprint);
+    sk_set_frozen(ssh->s, 0);
     if (!s->got_session_id) {     /* don't bother logging this in rekeys */
        logevent("Host key fingerprint is:");
        logevent(s->fingerprint);
@@ -6119,6 +6133,10 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
                 */
                if (!s->gotit)
                    s->curr_prompt = 0;
+           } else if (pktin->type == SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ) {
+               /* FIXME: perhaps we should support this? */
+               bombout(("PASSWD_CHANGEREQ not yet supported"));
+               crStopV;
            } else if (pktin->type != SSH2_MSG_USERAUTH_FAILURE) {
                bombout(("Strange packet received during authentication: type %d",
                         pktin->type));
@@ -6443,7 +6461,8 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
                }
            }
 
-           if (!s->method && s->can_keyb_inter && !s->kbd_inter_refused) {
+           if (!s->method && s->can_keyb_inter && !s->kbd_inter_refused &&
+               !s->kbd_inter_running) {
                s->method = AUTH_KEYBOARD_INTERACTIVE;
                s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE;