diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2015-05-01 05:23:51 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-05-10 03:54:10 +0200 |
| commit | 179be0f5e62f1f492462571944e45a3da660d82b (patch) | |
| tree | 354cf8effdfb0db2f3f1573bc01544a54eb8cec0 /auth2-pubkey.c | |
| parent | upstream commit (diff) | |
| download | openssh-179be0f5e62f1f492462571944e45a3da660d82b.tar.xz openssh-179be0f5e62f1f492462571944e45a3da660d82b.zip | |
upstream commit
prevent authorized_keys options picked up on public key
tests without a corresponding private key authentication being applied to
other authentication methods. Reported by halex@, ok markus@
Diffstat (limited to 'auth2-pubkey.c')
| -rw-r--r-- | auth2-pubkey.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index e103b70af..f96e843c2 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -169,7 +169,7 @@ userauth_pubkey(Authctxt *authctxt) /* test for correct signature */ authenticated = 0; - if (PRIVSEP(user_key_allowed(authctxt->pw, key)) && + if (PRIVSEP(user_key_allowed(authctxt->pw, key, 1)) && PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b))) == 1) { authenticated = 1; @@ -191,7 +191,7 @@ userauth_pubkey(Authctxt *authctxt) * if a user is not allowed to login. is this an * issue? -markus */ - if (PRIVSEP(user_key_allowed(authctxt->pw, key))) { + if (PRIVSEP(user_key_allowed(authctxt->pw, key, 0))) { packet_start(SSH2_MSG_USERAUTH_PK_OK); packet_put_string(pkalg, alen); packet_put_string(pkblob, blen); @@ -671,7 +671,7 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key) * Check whether key authenticates and authorises the user. */ int -user_key_allowed(struct passwd *pw, Key *key) +user_key_allowed(struct passwd *pw, Key *key, int auth_attempt) { u_int success, i; char *file; |