tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- dtucker@cvs.openbsd.org 2008/06/13 13:56:59 

[monitor.c]
     Clear key options in the monitor on failed authentication, prevents
     applying additional restrictions to non-pubkey authentications in
     the case where pubkey fails but another method subsequently succeeds.
     bz #1472, found by Colin Watson, ok markus@ djm
This commit is contained in:
Darren Tucker 2008-06-14 08:59:49 +10:00
parent 99bb7619d4
commit f2c16d30b4
2 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@ -3,6 +3,12 @@
- deraadt@cvs.openbsd.org 2008/06/13 09:44:36
[packet.c]
compile on older gcc; no decl after code
- dtucker@cvs.openbsd.org 2008/06/13 13:56:59
[monitor.c]
Clear key options in the monitor on failed authentication, prevents
applying additional restrictions to non-pubkey authentications in
the case where pubkey fails but another method subsequently succeeds.
bz #1472, found by Colin Watson, ok markus@ djm@
20080612
- (dtucker) OpenBSD CVS Sync
@ -4341,4 +4347,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@
$Id: ChangeLog,v 1.5004 2008/06/13 12:02:50 dtucker Exp $
$Id: ChangeLog,v 1.5005 2008/06/13 22:59:49 dtucker Exp $

6
monitor.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.c,v 1.96 2008/05/08 12:21:16 djm Exp $ */
/* $OpenBSD: monitor.c,v 1.97 2008/06/13 13:56:59 dtucker Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -1015,6 +1015,8 @@ mm_answer_keyallowed(int sock, Buffer *m)
allowed = options.pubkey_authentication &&
user_key_allowed(authctxt->pw, key);
auth_method = "publickey";
if (options.pubkey_authentication && allowed != 1)
auth_clear_options();
break;
case MM_HOSTKEY:
allowed = options.hostbased_authentication &&
@ -1027,6 +1029,8 @@ mm_answer_keyallowed(int sock, Buffer *m)
allowed = options.rhosts_rsa_authentication &&
auth_rhosts_rsa_key_allowed(authctxt->pw,
cuser, chost, key);
if (options.rhosts_rsa_authentication && allowed != 1)
auth_clear_options();
auth_method = "rsa";
break;
default: