diff options
| author |   markus <markus@openbsd.org> | 2000-10-14 12:19:45 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2000-10-14 12:19:45 +0000 |
| commit | 6afb24b49bcc4f010730233d39823742833e8983 (patch) | |
| tree | 486fb60a5059336f5346923b4a72dc73bdae8b4c | |
| parent | OpenSSH_2.3; note that is is not complete, but the version number needs to be changed for interoperability reasons (diff) | |
| download | wireguard-openbsd-6afb24b49bcc4f010730233d39823742833e8983.tar.xz wireguard-openbsd-6afb24b49bcc4f010730233d39823742833e8983.zip | |
do not send RSA challenge if key is not allowed by key-options; from eivind@ThinkSec.com
| -rw-r--r-- | usr.bin/ssh/auth-rsa.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/usr.bin/ssh/auth-rsa.c b/usr.bin/ssh/auth-rsa.c index 522f01f84cb..e8bfa16510c 100644 --- a/usr.bin/ssh/auth-rsa.c +++ b/usr.bin/ssh/auth-rsa.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.31 2000/10/11 19:59:52 markus Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.32 2000/10/14 12:19:45 markus Exp $"); #include "rsa.h" #include "packet.h" @@ -231,6 +231,12 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) } } else options = NULL; + /* + * If our options do not allow this key to be used, + * do not send challenge. + */ + if (!auth_parse_options(pw, options, linenum)) + continue; /* Parse the key from the line. */ if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) { @@ -269,9 +275,8 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) * Break out of the loop if authentication was successful; * otherwise continue searching. */ - authenticated = auth_parse_options(pw, options, linenum); - if (authenticated) - break; + authenticated = 1; + break; } /* Restore the privileged uid. */ |