| @@ -555,6 +555,7 @@ func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packe |
|
|
| 555 |
555 |
} |
| 556 |
556 |
|
| 557 |
557 |
gotMsgExtInfo := false |
|
558 |
+gotUserAuthInfoRequest := false |
| 558 |
559 |
for { |
| 559 |
560 |
packet, err := c.readPacket() |
| 560 |
561 |
if err != nil { |
| @@ -585,6 +586,9 @@ func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packe |
|
|
| 585 |
586 |
if msg.PartialSuccess { |
| 586 |
587 |
return authPartialSuccess, msg.Methods, nil |
| 587 |
588 |
} |
|
589 |
+if !gotUserAuthInfoRequest { |
|
590 |
+return authFailure, msg.Methods, unexpectedMessageError(msgUserAuthInfoRequest, packet[0]) |
|
591 |
+ } |
| 588 |
592 |
return authFailure, msg.Methods, nil |
| 589 |
593 |
case msgUserAuthSuccess: |
| 590 |
594 |
return authSuccess, nil, nil |
| @@ -596,6 +600,7 @@ func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packe |
|
|
| 596 |
600 |
if err := Unmarshal(packet, &msg); err != nil { |
| 597 |
601 |
return authFailure, nil, err |
| 598 |
602 |
} |
|
603 |
+gotUserAuthInfoRequest = true |
| 599 |
604 |
|
| 600 |
605 |
// Manually unpack the prompt/echo pairs. |
| 601 |
606 |
rest := msg.Prompts |