diff options
author | djm@openbsd.org <djm@openbsd.org> | 2016-12-04 23:54:02 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2016-12-05 17:24:42 +1100 |
commit | b9844a45c7f0162fd1b5465683879793d4cc4aaa (patch) | |
tree | 2d1e5e888154116d3d9f7e88f438ea48a87e639e | |
parent | f2398eb774075c687b13af5bc22009eb08889abe (diff) |
upstream commit
Fix public key authentication when multiple
authentication is in use. Instead of deleting and re-preparing the entire
keys list, just reset the 'used' flags; the keys list is already in a good
order (with already- tried keys at the back)
Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@
Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176
-rw-r--r-- | sshconnect2.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 7a8b7ea9..103a2b36 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.250 2016/09/28 20:32:42 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.251 2016/12/04 23:54:02 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -318,6 +318,7 @@ void userauth(Authctxt *, char *); static int sign_and_send_pubkey(Authctxt *, Identity *); static void pubkey_prepare(Authctxt *); static void pubkey_cleanup(Authctxt *); +static void pubkey_reset(Authctxt *); static Key *load_identity_file(Identity *); static Authmethod *authmethod_get(char *authlist); @@ -560,8 +561,7 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt) if (partial != 0) { verbose("Authenticated with partial success."); /* reset state */ - pubkey_cleanup(authctxt); - pubkey_prepare(authctxt); + pubkey_reset(authctxt); } debug("Authentications that can continue: %s", authlist); @@ -1414,6 +1414,15 @@ pubkey_cleanup(Authctxt *authctxt) } } +static void +pubkey_reset(Authctxt *authctxt) +{ + Identity *id; + + TAILQ_FOREACH(id, &authctxt->keys, next) + id->tried = 0; +} + static int try_identity(Identity *id) { @@ -1462,6 +1471,7 @@ userauth_pubkey(Authctxt *authctxt) } key_free(id->key); id->key = NULL; + id->isprivate = 0; } } if (sent) |