diff options
author | djm@openbsd.org <djm@openbsd.org> | 2015-05-01 03:23:51 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-05-10 11:54:10 +1000 |
commit | 179be0f5e62f1f492462571944e45a3da660d82b (patch) | |
tree | 354cf8effdfb0db2f3f1573bc01544a54eb8cec0 /monitor_wrap.c | |
parent | a42d67be65b719a430b7fcaba2a4e4118382723a (diff) | |
download | openssh-git-179be0f5e62f1f492462571944e45a3da660d82b.tar.gz |
upstream commit
prevent authorized_keys options picked up on public key
tests without a corresponding private key authentication being applied to
other authentication methods. Reported by halex@, ok markus@
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r-- | monitor_wrap.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c index d39d491c..e6217b3d 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.84 2015/02/16 22:13:32 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.85 2015/05/01 03:23:51 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -371,16 +371,17 @@ mm_auth_password(Authctxt *authctxt, char *password) } int -mm_user_key_allowed(struct passwd *pw, Key *key) +mm_user_key_allowed(struct passwd *pw, Key *key, int pubkey_auth_attempt) { - return (mm_key_allowed(MM_USERKEY, NULL, NULL, key)); + return (mm_key_allowed(MM_USERKEY, NULL, NULL, key, + pubkey_auth_attempt)); } int mm_hostbased_key_allowed(struct passwd *pw, char *user, char *host, Key *key) { - return (mm_key_allowed(MM_HOSTKEY, user, host, key)); + return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0)); } int @@ -390,13 +391,14 @@ mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, char *user, int ret; key->type = KEY_RSA; /* XXX hack for key_to_blob */ - ret = mm_key_allowed(MM_RSAHOSTKEY, user, host, key); + ret = mm_key_allowed(MM_RSAHOSTKEY, user, host, key, 0); key->type = KEY_RSA1; return (ret); } int -mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) +mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key, + int pubkey_auth_attempt) { Buffer m; u_char *blob; @@ -414,6 +416,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) buffer_put_cstring(&m, user ? user : ""); buffer_put_cstring(&m, host ? host : ""); buffer_put_string(&m, blob, len); + buffer_put_int(&m, pubkey_auth_attempt); free(blob); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); |