diff options
| author |   dtucker <dtucker@openbsd.org> | 2008-06-13 13:56:59 +0000 |
|---|---|---|
| committer | dtucker <dtucker@openbsd.org> | 2008-06-13 13:56:59 +0000 |
| commit | 296c1c508d03d201c22cf6074b6cd2fb976ad1e9 (patch) | |
| tree | 184af73cfb50b4aff859d576106edc67441354e8 | |
| parent | compile on older gcc; no decl after code (diff) | |
| download | wireguard-openbsd-296c1c508d03d201c22cf6074b6cd2fb976ad1e9.tar.xz wireguard-openbsd-296c1c508d03d201c22cf6074b6cd2fb976ad1e9.zip | |
Clear key options in the monitor on failed authentication, prevents
applying additional restrictions to non-pubkey authentications in
the case where pubkey fails but another method subsequently succeeds.
bz #1472, found by Colin Watson, ok markus@ djm@
| -rw-r--r-- | usr.bin/ssh/monitor.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index 9d07e5cc75f..cae821ab6f7 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.96 2008/05/08 12:21:16 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.97 2008/06/13 13:56:59 dtucker Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -742,6 +742,8 @@ mm_answer_keyallowed(int sock, Buffer *m) allowed = options.pubkey_authentication && user_key_allowed(authctxt->pw, key); auth_method = "publickey"; + if (options.pubkey_authentication && allowed != 1) + auth_clear_options(); break; case MM_HOSTKEY: allowed = options.hostbased_authentication && @@ -754,6 +756,8 @@ mm_answer_keyallowed(int sock, Buffer *m) allowed = options.rhosts_rsa_authentication && auth_rhosts_rsa_key_allowed(authctxt->pw, cuser, chost, key); + if (options.rhosts_rsa_authentication && allowed != 1) + auth_clear_options(); auth_method = "rsa"; break; default: |