upstream commit

Fix public key authentication when multiple
authentication is in use. Instead of deleting and re-preparing the entire
keys list, just reset the 'used' flags; the keys list is already in a good
order (with already- tried keys at the back)

Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@

Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176

1 files changed, 13 insertions, 3 deletions

diff --git a/sshconnect2.c b/sshconnect2.c
index 7a8b7ea9..103a2b36 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.250 2016/09/28 20:32:42 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.251 2016/12/04 23:54:02 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -318,6 +318,7 @@ void	userauth(Authctxt *, char *);
 static int sign_and_send_pubkey(Authctxt *, Identity *);
 static void pubkey_prepare(Authctxt *);
 static void pubkey_cleanup(Authctxt *);
+static void pubkey_reset(Authctxt *);
 static Key *load_identity_file(Identity *);
 
 static Authmethod *authmethod_get(char *authlist);
@@ -560,8 +561,7 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt)
 	if (partial != 0) {
 		verbose("Authenticated with partial success.");
 		/* reset state */
-		pubkey_cleanup(authctxt);
-		pubkey_prepare(authctxt);
+		pubkey_reset(authctxt);
 	}
 	debug("Authentications that can continue: %s", authlist);
 
@@ -1414,6 +1414,15 @@ pubkey_cleanup(Authctxt *authctxt)
 	}
 }
 
+static void
+pubkey_reset(Authctxt *authctxt)
+{
+	Identity *id;
+
+	TAILQ_FOREACH(id, &authctxt->keys, next)
+		id->tried = 0;
+}
+
 static int
 try_identity(Identity *id)
 {
@@ -1462,6 +1471,7 @@ userauth_pubkey(Authctxt *authctxt)
 				}
 				key_free(id->key);
 				id->key = NULL;
+				id->isprivate = 0;
 			}
 		}
 		if (sent)