1 files changed, 8 insertions, 8 deletions

diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index 8996f7e05..359393291 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.33 2018/01/23 05:27:21 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.36 2018/07/31 03:10:27 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -34,7 +34,7 @@
 #include "xmalloc.h"
 #include "ssh2.h"
 #include "packet.h"
-#include "buffer.h"
+#include "sshbuf.h"
 #include "log.h"
 #include "misc.h"
 #include "servconf.h"
@@ -67,10 +67,6 @@ userauth_hostbased(struct ssh *ssh)
         size_t alen, blen, slen;
         int r, pktype, authenticated = 0;
 
-        if (!authctxt->valid) {
-                debug2("%s: disabled because of invalid user", __func__);
-                return 0;
-        }
         /* XXX use sshkey_froms() */
         if ((r = sshpkt_get_cstring(ssh, &pkalg, &alen)) != 0 ||
             (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 ||
@@ -111,13 +107,17 @@ userauth_hostbased(struct ssh *ssh)
                     "signature format");
                 goto done;
         }
-        if (match_pattern_list(sshkey_ssh_name(key),
-            options.hostbased_key_types, 0) != 1) {
+        if (match_pattern_list(pkalg, options.hostbased_key_types, 0) != 1) {
                 logit("%s: key type %s not in HostbasedAcceptedKeyTypes",
                     __func__, sshkey_type(key));
                 goto done;
         }
 
+        if (!authctxt->valid || authctxt->user == NULL) {
+                debug2("%s: disabled because of invalid user", __func__);
+                goto done;
+        }
+
         if ((b = sshbuf_new()) == NULL)
                 fatal("%s: sshbuf_new failed", __func__);
         /* reconstruct packet */