[openssh-commits] [openssh] 02/02: upstream commit

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Dec 5 17:25:00 AEDT 2016 

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit b9844a45c7f0162fd1b5465683879793d4cc4aaa
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sun Dec 4 23:54:02 2016 +0000

    upstream commit
    
    Fix public key authentication when multiple
    authentication is in use. Instead of deleting and re-preparing the entire
    keys list, just reset the 'used' flags; the keys list is already in a good
    order (with already- tried keys at the back)
    
    Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@
    
    Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176
---
 sshconnect2.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/sshconnect2.c b/sshconnect2.c
index 7a8b7ea..103a2b3 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.250 2016/09/28 20:32:42 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.251 2016/12/04 23:54:02 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -318,6 +318,7 @@ void	userauth(Authctxt *, char *);
 static int sign_and_send_pubkey(Authctxt *, Identity *);
 static void pubkey_prepare(Authctxt *);
 static void pubkey_cleanup(Authctxt *);
+static void pubkey_reset(Authctxt *);
 static Key *load_identity_file(Identity *);
 
 static Authmethod *authmethod_get(char *authlist);
@@ -560,8 +561,7 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt)
 	if (partial != 0) {
 		verbose("Authenticated with partial success.");
 		/* reset state */
-		pubkey_cleanup(authctxt);
-		pubkey_prepare(authctxt);
+		pubkey_reset(authctxt);
 	}
 	debug("Authentications that can continue: %s", authlist);
 
@@ -1414,6 +1414,15 @@ pubkey_cleanup(Authctxt *authctxt)
 	}
 }
 
+static void
+pubkey_reset(Authctxt *authctxt)
+{
+	Identity *id;
+
+	TAILQ_FOREACH(id, &authctxt->keys, next)
+		id->tried = 0;
+}
+
 static int
 try_identity(Identity *id)
 {
@@ -1462,6 +1471,7 @@ userauth_pubkey(Authctxt *authctxt)
 				}
 				key_free(id->key);
 				id->key = NULL;
+				id->isprivate = 0;
 			}
 		}
 		if (sent)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list