[Bug 290] New: auth_method set incorrectly in mm_answer_keyverify()
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Jun 25 17:01:22 EST 2002
http://bugzilla.mindrot.org/show_bug.cgi?id=290
Summary: auth_method set incorrectly in mm_answer_keyverify()
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: halley at play-bow.org
Some friends pointed out some logging weirdness with OpenSSH 3.3;
I check it out on my system and saw the same thing. It says:
sshd[24182]: Accepted hostbased for halley from 127.0.0.1 port 52472 ssh2
even though it was using publickey authentication (and tracing via the
client verifies that the publickey was used). Hostbased authentication is
disabled in my config file.
Figuring this was a logging bug, I went hunting in the code. In
mm_answer_keyverify() is the line:
auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
But this line occurs *after* the call to monitor_reset_key_state(), which
sets key_blobtype to MM_NOKEY.
Moving the auth_method assignment before the call to
monitor_reset_key_state() fixed the problem. I don't think anything else
bad happens because of this bug, but I don't know the code well enough to
be sure. I also don't think there are any side effects from moving the
assignment, but again, I can't be certain.
Keep up the good work on OpenSSH!
/Bob
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-unix-dev
mailing list