D'oh! Putting keyboard-interactive authentication _before_ publickey

causes password login to occur on a server that supports password-
through-k-i. Of course when we use the new preference list mechanism
for selecting the order of authentications this will all become much
more sane, but for the moment I've put publickey back up to the top
and things seem to be happier.

git-svn-id: svn://svn.tartarus.org/sgt/putty@1220 cda61777-01e9-0310-a592-d414129be87e

diff --git a/ssh.c b/ssh.c
index b0f1651..36db4e7 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -3806,66 +3806,12 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
                    in_commasep_string("publickey", methods, methlen);
                can_passwd =
                    in_commasep_string("password", methods, methlen);
-               can_passwd =
-                   in_commasep_string("password", methods, methlen);
                can_keyb_inter = 
                    in_commasep_string("keyboard-interactive", methods, methlen);
            }
 
            method = 0;
 
-           if (!method && can_keyb_inter && !tried_keyb_inter) {
-               method = AUTH_KEYBOARD_INTERACTIVE;
-               type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
-               tried_keyb_inter = TRUE;
-
-               ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
-               ssh2_pkt_addstring(username);
-               ssh2_pkt_addstring("ssh-connection");   /* service requested */
-               ssh2_pkt_addstring("keyboard-interactive");     /* method */
-               ssh2_pkt_addstring(""); /* lang */
-               ssh2_pkt_addstring("");
-               ssh2_pkt_send();
-
-               crWaitUntilV(ispkt);
-               if (pktin.type != SSH2_MSG_USERAUTH_INFO_REQUEST) {
-                   if (pktin.type == SSH2_MSG_USERAUTH_FAILURE)
-                       gotit = TRUE;
-                   logevent("Keyboard-interactive authentication refused");
-                   type = AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET;
-                   continue;
-               }
-
-               kbd_inter_running = TRUE;
-           }
-
-           if (kbd_inter_running) {
-               method = AUTH_KEYBOARD_INTERACTIVE;
-               type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
-               tried_keyb_inter = TRUE;
-
-               /* We've got packet with that "interactive" info
-                  dump banners, and set its prompt as ours */
-               {
-                   char *name, *inst, *lang, *prompt;
-                   int name_len, inst_len, lang_len, prompt_len;
-                   ssh2_pkt_getstring(&name, &name_len);
-                   ssh2_pkt_getstring(&inst, &inst_len);
-                   ssh2_pkt_getstring(&lang, &lang_len);
-                   if (name_len > 0)
-                       c_write_untrusted(name, name_len);
-                   if (inst_len > 0)
-                       c_write_untrusted(inst, inst_len);
-                   num_prompts = ssh2_pkt_getuint32();
-
-                   ssh2_pkt_getstring(&prompt, &prompt_len);
-                   strncpy(pwprompt, prompt, sizeof(pwprompt));
-                   need_pw = TRUE;
-
-                   echo = ssh2_pkt_getbool();
-               }
-           }
-
            if (!method && can_pubkey && agent_exists() && !tried_agent) {
                /*
                 * Attempt public-key authentication using Pageant.
@@ -4059,6 +4005,58 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
                }
            }
 
+           if (!method && can_keyb_inter && !tried_keyb_inter) {
+               method = AUTH_KEYBOARD_INTERACTIVE;
+               type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
+               tried_keyb_inter = TRUE;
+
+               ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+               ssh2_pkt_addstring(username);
+               ssh2_pkt_addstring("ssh-connection");   /* service requested */
+               ssh2_pkt_addstring("keyboard-interactive");     /* method */
+               ssh2_pkt_addstring(""); /* lang */
+               ssh2_pkt_addstring("");
+               ssh2_pkt_send();
+
+               crWaitUntilV(ispkt);
+               if (pktin.type != SSH2_MSG_USERAUTH_INFO_REQUEST) {
+                   if (pktin.type == SSH2_MSG_USERAUTH_FAILURE)
+                       gotit = TRUE;
+                   logevent("Keyboard-interactive authentication refused");
+                   type = AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET;
+                   continue;
+               }
+
+               kbd_inter_running = TRUE;
+           }
+
+           if (kbd_inter_running) {
+               method = AUTH_KEYBOARD_INTERACTIVE;
+               type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
+               tried_keyb_inter = TRUE;
+
+               /* We've got packet with that "interactive" info
+                  dump banners, and set its prompt as ours */
+               {
+                   char *name, *inst, *lang, *prompt;
+                   int name_len, inst_len, lang_len, prompt_len;
+                   ssh2_pkt_getstring(&name, &name_len);
+                   ssh2_pkt_getstring(&inst, &inst_len);
+                   ssh2_pkt_getstring(&lang, &lang_len);
+                   if (name_len > 0)
+                       c_write_untrusted(name, name_len);
+                   if (inst_len > 0)
+                       c_write_untrusted(inst, inst_len);
+                   num_prompts = ssh2_pkt_getuint32();
+
+                   ssh2_pkt_getstring(&prompt, &prompt_len);
+                   strncpy(pwprompt, prompt, sizeof(pwprompt));
+                   need_pw = TRUE;
+
+                   echo = ssh2_pkt_getbool();
+               }
+           }
+
            if (!method && can_passwd) {
                method = AUTH_PASSWORD;
                sprintf(pwprompt, "%.90s@%.90s's password: ", username,