- deraadt@cvs.openbsd.org 2008/06/13 09:44:36
[packet.c]
compile on older gcc; no decl after code
+ - dtucker@cvs.openbsd.org 2008/06/13 13:56:59
+ [monitor.c]
+ Clear key options in the monitor on failed authentication, prevents
+ applying additional restrictions to non-pubkey authentications in
+ the case where pubkey fails but another method subsequently succeeds.
+ bz #1472, found by Colin Watson, ok markus@ djm@
20080612
- (dtucker) OpenBSD CVS Sync
-/* $OpenBSD: monitor.c,v 1.96 2008/05/08 12:21:16 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.97 2008/06/13 13:56:59 dtucker Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
allowed = options.pubkey_authentication &&
user_key_allowed(authctxt->pw, key);
auth_method = "publickey";
+ if (options.pubkey_authentication && allowed != 1)
+ auth_clear_options();
break;
case MM_HOSTKEY:
allowed = options.hostbased_authentication &&
allowed = options.rhosts_rsa_authentication &&
auth_rhosts_rsa_key_allowed(authctxt->pw,
cuser, chost, key);
+ if (options.rhosts_rsa_authentication && allowed != 1)
+ auth_clear_options();
auth_method = "rsa";
break;
default: