upstream commit

prevent authorized_keys options picked up on public key
 tests without a corresponding private key authentication being applied to
 other authentication methods. Reported by halex@, ok markus@

1 files changed, 4 insertions, 2 deletions

diff --git a/monitor.c b/monitor.c
index d0ee4f7a6..f520c978f 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1185,7 +1185,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
         Key *key;
         char *cuser, *chost;
         u_char *blob;
-        u_int bloblen;
+        u_int bloblen, pubkey_auth_attempt;
         enum mm_keytype type = 0;
         int allowed = 0;
 
@@ -1195,6 +1195,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
         cuser = buffer_get_string(m, NULL);
         chost = buffer_get_string(m, NULL);
         blob = buffer_get_string(m, &bloblen);
+        pubkey_auth_attempt = buffer_get_int(m);
 
         key = key_from_blob(blob, bloblen);
 
@@ -1220,7 +1221,8 @@ mm_answer_keyallowed(int sock, Buffer *m)
                             pubkey_auth_attempt);
                         pubkey_auth_info(authctxt, key, NULL);
                         auth_method = "publickey";
-                        if (options.pubkey_authentication && allowed != 1)
+                        if (options.pubkey_authentication &&
+                            (!pubkey_auth_attempt || allowed != 1))
                                 auth_clear_options();
                         break;
                 case MM_HOSTKEY: