else if (strncmp(cp, "BAD", 3) == 0)
return(PS_ERROR);
else if (strncmp(cp, "NO", 2) == 0)
- return(PS_ERROR);
+ {
+ if (stage == STAGE_GETAUTH)
+ return(PS_AUTHFAIL); /* RFC2060, 6.2.2 */
+ else
+ return(PS_ERROR);
+ }
else
return(PS_PROTOCOL);
}
};
if (rval)
- return PS_AUTHFAIL;
+ return(PS_AUTHFAIL);
to64frombits(buffer, response, strlen(response));
else
expunge_period = 1;
- if (preauth)
+ /*
+ * If either (a) we saw a PREAUTH token in the capability response, or
+ * (b) the user specified ssh preauthentication, then we're done.
+ */
+ if (preauth || ctl->server.preauthenticate == A_SSH)
return(PS_SUCCESS);
#if OPIE_ENABLE