Merge branch 'hans/ssh/keyboard_interactive_defensics' into maint

1 files changed, 17 insertions, 0 deletions

diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl
index 27f27b46d5..ac35b70209 100644
--- a/lib/ssh/src/ssh_auth.erl
+++ b/lib/ssh/src/ssh_auth.erl
@@ -406,10 +406,22 @@ handle_userauth_info_response(#ssh_msg_userauth_info_response{num_responses = 1,
 				   kb_tries_left = KbTriesLeft,
 				   user = User,
 				   userauth_supported_methods = Methods} = Ssh) ->
+    SendOneEmpty = proplists:get_value(tstflg, Opts) == one_empty,
     case check_password(User, unicode:characters_to_list(Password), Opts, Ssh) of
+	{true,Ssh1} when SendOneEmpty==true ->
+	    Msg = #ssh_msg_userauth_info_request{name = "",
+						 instruction = "",
+						 language_tag = "",
+						 num_prompts = 0,
+						 data = <<?BOOLEAN(?FALSE)>>
+						},
+	    {authorized_but_one_more, User,
+	     ssh_transport:ssh_packet(Msg, Ssh1)};
+
 	{true,Ssh1} ->
 	    {authorized, User,
 	     ssh_transport:ssh_packet(#ssh_msg_userauth_success{}, Ssh1)};
+
 	{false,Ssh1} ->
 	    {not_authorized, {User, {error,"Bad user or password"}}, 
 	     ssh_transport:ssh_packet(#ssh_msg_userauth_failure{
@@ -419,6 +431,11 @@ handle_userauth_info_response(#ssh_msg_userauth_info_response{num_responses = 1,
 				     )}
     end;
 
+handle_userauth_info_response({extra,#ssh_msg_userauth_info_response{}},
+			      #ssh{user = User} = Ssh) ->
+    {authorized, User,
+     ssh_transport:ssh_packet(#ssh_msg_userauth_success{}, Ssh)};
+
 handle_userauth_info_response(#ssh_msg_userauth_info_response{},
 			      _Auth) ->
     ssh_connection_handler:disconnect(