From f69b69b8625be447b8826b21d87713874dac25a6 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Mon, 22 Dec 2014 07:51:30 +0000
Subject: upstream commit

remember which public keys have been used for
 authentication and refuse to accept previously-used keys.

This allows AuthenticationMethods=publickey,publickey to require
that users authenticate using two _different_ pubkeys.

ok markus@
---
 monitor.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'monitor.c')

diff --git a/monitor.c b/monitor.c
index dbe29f128..b830e0374 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.135 2014/07/15 15:54:14 millert Exp $ */
+/* $OpenBSD: monitor.c,v 1.136 2014/12/22 07:51:30 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1170,6 +1170,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
 		switch (type) {
 		case MM_USERKEY:
 			allowed = options.pubkey_authentication &&
+			    !auth2_userkey_already_used(authctxt, key) &&
 			    user_key_allowed(authctxt->pw, key);
 			pubkey_auth_info(authctxt, key, NULL);
 			auth_method = "publickey";
@@ -1397,7 +1398,12 @@ mm_answer_keyverify(int sock, Buffer *m)
 	debug3("%s: key %p signature %s",
 	    __func__, key, (verified == 1) ? "verified" : "unverified");
 
-	key_free(key);
+	/* If auth was successful then record key to ensure it isn't reused */
+	if (verified == 1)
+		auth2_record_userkey(authctxt, key);
+	else
+		key_free(key);
+
 	free(blob);
 	free(signature);
 	free(data);
-- 
cgit v1.2.3