diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2014-12-22 08:51:30 +0100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2014-12-22 09:06:52 +0100 |
| commit | f69b69b8625be447b8826b21d87713874dac25a6 (patch) | |
| tree | ad29e7621445860c76e02f7f2384b0198bfc27e5 /monitor.c | |
| parent | upstream commit (diff) | |
| download | openssh-f69b69b8625be447b8826b21d87713874dac25a6.tar.xz openssh-f69b69b8625be447b8826b21d87713874dac25a6.zip | |
upstream commit
remember which public keys have been used for
authentication and refuse to accept previously-used keys.
This allows AuthenticationMethods=publickey,publickey to require
that users authenticate using two _different_ pubkeys.
ok markus@
Diffstat (limited to 'monitor.c')
| -rw-r--r-- | monitor.c | 10 |
1 files changed, 8 insertions, 2 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.135 2014/07/15 15:54:14 millert Exp $ */ +/* $OpenBSD: monitor.c,v 1.136 2014/12/22 07:51:30 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -1170,6 +1170,7 @@ mm_answer_keyallowed(int sock, Buffer *m) switch (type) { case MM_USERKEY: allowed = options.pubkey_authentication && + !auth2_userkey_already_used(authctxt, key) && user_key_allowed(authctxt->pw, key); pubkey_auth_info(authctxt, key, NULL); auth_method = "publickey"; @@ -1397,7 +1398,12 @@ mm_answer_keyverify(int sock, Buffer *m) debug3("%s: key %p signature %s", __func__, key, (verified == 1) ? "verified" : "unverified"); - key_free(key); + /* If auth was successful then record key to ensure it isn't reused */ + if (verified == 1) + auth2_record_userkey(authctxt, key); + else + key_free(key); + free(blob); free(signature); free(data); |