diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2016-12-04 23:54:02 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2016-12-05 17:24:42 +1100 |
| commit | b9844a45c7f0162fd1b5465683879793d4cc4aaa (patch) | |
| tree | 2d1e5e888154116d3d9f7e88f438ea48a87e639e /sshconnect2.c | |
| parent | f2398eb774075c687b13af5bc22009eb08889abe (diff) | |
upstream commit
Fix public key authentication when multiple
authentication is in use. Instead of deleting and re-preparing the entire
keys list, just reset the 'used' flags; the keys list is already in a good
order (with already- tried keys at the back)
Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@
Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176
Diffstat (limited to 'sshconnect2.c')
| -rw-r--r-- | sshconnect2.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 7a8b7ea97..103a2b36a 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshconnect2.c,v 1.250 2016/09/28 20:32:42 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.251 2016/12/04 23:54:02 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
| @@ -318,6 +318,7 @@ void userauth(Authctxt *, char *); | |||
| 318 | static int sign_and_send_pubkey(Authctxt *, Identity *); | 318 | static int sign_and_send_pubkey(Authctxt *, Identity *); |
| 319 | static void pubkey_prepare(Authctxt *); | 319 | static void pubkey_prepare(Authctxt *); |
| 320 | static void pubkey_cleanup(Authctxt *); | 320 | static void pubkey_cleanup(Authctxt *); |
| 321 | static void pubkey_reset(Authctxt *); | ||
| 321 | static Key *load_identity_file(Identity *); | 322 | static Key *load_identity_file(Identity *); |
| 322 | 323 | ||
| 323 | static Authmethod *authmethod_get(char *authlist); | 324 | static Authmethod *authmethod_get(char *authlist); |
| @@ -560,8 +561,7 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt) | |||
| 560 | if (partial != 0) { | 561 | if (partial != 0) { |
| 561 | verbose("Authenticated with partial success."); | 562 | verbose("Authenticated with partial success."); |
| 562 | /* reset state */ | 563 | /* reset state */ |
| 563 | pubkey_cleanup(authctxt); | 564 | pubkey_reset(authctxt); |
| 564 | pubkey_prepare(authctxt); | ||
| 565 | } | 565 | } |
| 566 | debug("Authentications that can continue: %s", authlist); | 566 | debug("Authentications that can continue: %s", authlist); |
| 567 | 567 | ||
| @@ -1414,6 +1414,15 @@ pubkey_cleanup(Authctxt *authctxt) | |||
| 1414 | } | 1414 | } |
| 1415 | } | 1415 | } |
| 1416 | 1416 | ||
| 1417 | static void | ||
| 1418 | pubkey_reset(Authctxt *authctxt) | ||
| 1419 | { | ||
| 1420 | Identity *id; | ||
| 1421 | |||
| 1422 | TAILQ_FOREACH(id, &authctxt->keys, next) | ||
| 1423 | id->tried = 0; | ||
| 1424 | } | ||
| 1425 | |||
| 1417 | static int | 1426 | static int |
| 1418 | try_identity(Identity *id) | 1427 | try_identity(Identity *id) |
| 1419 | { | 1428 | { |
| @@ -1462,6 +1471,7 @@ userauth_pubkey(Authctxt *authctxt) | |||
| 1462 | } | 1471 | } |
| 1463 | key_free(id->key); | 1472 | key_free(id->key); |
| 1464 | id->key = NULL; | 1473 | id->key = NULL; |
| 1474 | id->isprivate = 0; | ||
| 1465 | } | 1475 | } |
| 1466 | } | 1476 | } |
| 1467 | if (sent) | 1477 | if (sent) |