[Bug 2642] [sshconnect2] publickey authentication only properly works if used first: pubkey_prepare doesn't work after pubkey_cleanup

[bugzilla-daemon at bugzilla.mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=2642

Vincent Brillault <git at lerya.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |git at lerya.net

--- Comment #2 from Vincent Brillault <git at lerya.net> ---
Created attachment 2895
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2895&action=edit
Only reorder and resent count of authctxt->keys between authentications

(Sorry for the double-posting, I am not sure what is the preferred way
of submitting patches)

While taking another look at the code, I realised that most of the
accesses to the authctxt->keys list or its content do not modify it
(the attached patch 'constifies' the arguments functions called on the
content of the list, to make it easier to see that they don't modify
them). There is only one place (not counting prepare/cleanup) that
modifies it, userauth_pubkey. That function:
- Re-order the key, increasing the tries count each time (up to 2 if it
loops)
- Set the isprivate flag on private keys when they are loaded

This patch (also available at
https://github.com/openssh/openssh-portable/pull/57):
- Unset the isprivate flag on private keys when they are freed/cleared
- Add a pubkey_reset function (called between authentication) that
re-re-order the keys and reset the 'tries' count

This patch/the code could be simplified:
- The 'constification' could be ignored
- If we don't care about the order in which keys are tested, the
re-ordering could be removed
- pubkey_reset could be inlined (esp. if the reordering is removed)
- pubkey_cleanup could be inlined (only called once)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.