upstream commit

prevent authorized_keys options picked up on public key tests without a corresponding private key authentication being applied to other authentication methods. Reported by halex@, ok markus@
author: djm@openbsd.org <djm@openbsd.org> 2015-05-01 03:23:51 +0000
committer: Damien Miller <djm@mindrot.org> 2015-05-10 11:54:10 +1000
commit: 179be0f5e62f1f492462571944e45a3da660d82b (patch)
tree: 354cf8effdfb0db2f3f1573bc01544a54eb8cec0 /auth2-pubkey.c
parent: a42d67be65b719a430b7fcaba2a4e4118382723a (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index e103b70a..f96e843c 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -169,7 +169,7 @@ userauth_pubkey(Authctxt *authctxt)
 
 		/* test for correct signature */
 		authenticated = 0;
-		if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
+		if (PRIVSEP(user_key_allowed(authctxt->pw, key, 1)) &&
 		    PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
 		    buffer_len(&b))) == 1) {
 			authenticated = 1;
@@ -191,7 +191,7 @@ userauth_pubkey(Authctxt *authctxt)
 		 * if a user is not allowed to login. is this an
 		 * issue? -markus
 		 */
-		if (PRIVSEP(user_key_allowed(authctxt->pw, key))) {
+		if (PRIVSEP(user_key_allowed(authctxt->pw, key, 0))) {
 			packet_start(SSH2_MSG_USERAUTH_PK_OK);
 			packet_put_string(pkalg, alen);
 			packet_put_string(pkblob, blen);
@@ -671,7 +671,7 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key)
  * Check whether key authenticates and authorises the user.
  */
 int
-user_key_allowed(struct passwd *pw, Key *key)
+user_key_allowed(struct passwd *pw, Key *key, int auth_attempt)
 {
 	u_int success, i;
 	char *file;
author	djm@openbsd.org <djm@openbsd.org>	2015-05-01 03:23:51 +0000
committer	Damien Miller <djm@mindrot.org>	2015-05-10 11:54:10 +1000
commit	179be0f5e62f1f492462571944e45a3da660d82b (patch)
tree	354cf8effdfb0db2f3f1573bc01544a54eb8cec0 /auth2-pubkey.c
parent	a42d67be65b719a430b7fcaba2a4e4118382723a (diff)