summaryrefslogtreecommitdiff
path: root/monitor.c
diff options
context:
space:
mode:
Diffstat (limited to 'monitor.c')
-rw-r--r--monitor.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/monitor.c b/monitor.c
index dbe29f128..b830e0374 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.135 2014/07/15 15:54:14 millert Exp $ */ 1/* $OpenBSD: monitor.c,v 1.136 2014/12/22 07:51:30 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1170,6 +1170,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
1170 switch (type) { 1170 switch (type) {
1171 case MM_USERKEY: 1171 case MM_USERKEY:
1172 allowed = options.pubkey_authentication && 1172 allowed = options.pubkey_authentication &&
1173 !auth2_userkey_already_used(authctxt, key) &&
1173 user_key_allowed(authctxt->pw, key); 1174 user_key_allowed(authctxt->pw, key);
1174 pubkey_auth_info(authctxt, key, NULL); 1175 pubkey_auth_info(authctxt, key, NULL);
1175 auth_method = "publickey"; 1176 auth_method = "publickey";
@@ -1397,7 +1398,12 @@ mm_answer_keyverify(int sock, Buffer *m)
1397 debug3("%s: key %p signature %s", 1398 debug3("%s: key %p signature %s",
1398 __func__, key, (verified == 1) ? "verified" : "unverified"); 1399 __func__, key, (verified == 1) ? "verified" : "unverified");
1399 1400
1400 key_free(key); 1401 /* If auth was successful then record key to ensure it isn't reused */
1402 if (verified == 1)
1403 auth2_record_userkey(authctxt, key);
1404 else
1405 key_free(key);
1406
1401 free(blob); 1407 free(blob);
1402 free(signature); 1408 free(signature);
1403 free(data); 1409 free(data);