diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2008-06-14 00:59:49 +0200 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2008-06-14 00:59:49 +0200 |
| commit | f2c16d30b456c3b149999e91d16bf28f82197d3f (patch) | |
| tree | 74a4a098eed0b40dbd945e7adc8a51da41ebd419 /monitor.c | |
| parent | - deraadt@cvs.openbsd.org 2008/06/13 09:44:36 (diff) | |
| download | openssh-f2c16d30b456c3b149999e91d16bf28f82197d3f.tar.xz openssh-f2c16d30b456c3b149999e91d16bf28f82197d3f.zip | |
- dtucker@cvs.openbsd.org 2008/06/13 13:56:59
[monitor.c]
Clear key options in the monitor on failed authentication, prevents
applying additional restrictions to non-pubkey authentications in
the case where pubkey fails but another method subsequently succeeds.
bz #1472, found by Colin Watson, ok markus@ djm
Diffstat (limited to 'monitor.c')
| -rw-r--r-- | monitor.c | 6 |
1 files changed, 5 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.96 2008/05/08 12:21:16 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.97 2008/06/13 13:56:59 dtucker Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -1015,6 +1015,8 @@ mm_answer_keyallowed(int sock, Buffer *m) allowed = options.pubkey_authentication && user_key_allowed(authctxt->pw, key); auth_method = "publickey"; + if (options.pubkey_authentication && allowed != 1) + auth_clear_options(); break; case MM_HOSTKEY: allowed = options.hostbased_authentication && @@ -1027,6 +1029,8 @@ mm_answer_keyallowed(int sock, Buffer *m) allowed = options.rhosts_rsa_authentication && auth_rhosts_rsa_key_allowed(authctxt->pw, cuser, chost, key); + if (options.rhosts_rsa_authentication && allowed != 1) + auth_clear_options(); auth_method = "rsa"; break; default: |