summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog8
-rw-r--r--monitor.c6
2 files changed, 12 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index 81c36752c..362febe67 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,12 @@
3 - deraadt@cvs.openbsd.org 2008/06/13 09:44:36 3 - deraadt@cvs.openbsd.org 2008/06/13 09:44:36
4 [packet.c] 4 [packet.c]
5 compile on older gcc; no decl after code 5 compile on older gcc; no decl after code
6 - dtucker@cvs.openbsd.org 2008/06/13 13:56:59
7 [monitor.c]
8 Clear key options in the monitor on failed authentication, prevents
9 applying additional restrictions to non-pubkey authentications in
10 the case where pubkey fails but another method subsequently succeeds.
11 bz #1472, found by Colin Watson, ok markus@ djm@
6 12
720080612 1320080612
8 - (dtucker) OpenBSD CVS Sync 14 - (dtucker) OpenBSD CVS Sync
@@ -4341,4 +4347,4 @@
4341 OpenServer 6 and add osr5bigcrypt support so when someone migrates 4347 OpenServer 6 and add osr5bigcrypt support so when someone migrates
4342 passwords between UnixWare and OpenServer they will still work. OK dtucker@ 4348 passwords between UnixWare and OpenServer they will still work. OK dtucker@
4343 4349
4344$Id: ChangeLog,v 1.5004 2008/06/13 12:02:50 dtucker Exp $ 4350$Id: ChangeLog,v 1.5005 2008/06/13 22:59:49 dtucker Exp $
diff --git a/monitor.c b/monitor.c
index f872edbb5..8a9ea7849 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.96 2008/05/08 12:21:16 djm Exp $ */ 1/* $OpenBSD: monitor.c,v 1.97 2008/06/13 13:56:59 dtucker Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1015,6 +1015,8 @@ mm_answer_keyallowed(int sock, Buffer *m)
1015 allowed = options.pubkey_authentication && 1015 allowed = options.pubkey_authentication &&
1016 user_key_allowed(authctxt->pw, key); 1016 user_key_allowed(authctxt->pw, key);
1017 auth_method = "publickey"; 1017 auth_method = "publickey";
1018 if (options.pubkey_authentication && allowed != 1)
1019 auth_clear_options();
1018 break; 1020 break;
1019 case MM_HOSTKEY: 1021 case MM_HOSTKEY:
1020 allowed = options.hostbased_authentication && 1022 allowed = options.hostbased_authentication &&
@@ -1027,6 +1029,8 @@ mm_answer_keyallowed(int sock, Buffer *m)
1027 allowed = options.rhosts_rsa_authentication && 1029 allowed = options.rhosts_rsa_authentication &&
1028 auth_rhosts_rsa_key_allowed(authctxt->pw, 1030 auth_rhosts_rsa_key_allowed(authctxt->pw,
1029 cuser, chost, key); 1031 cuser, chost, key);
1032 if (options.rhosts_rsa_authentication && allowed != 1)
1033 auth_clear_options();
1030 auth_method = "rsa"; 1034 auth_method = "rsa";
1031 break; 1035 break;
1032 default: 1036 default: