[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ssh_userauth_list() returns incorrect list after partial auth


Hi,

when calling ssh_userauth_list() after a successful partial
authentication (e.g. public key) and another authentication method (e.g.
password) is required next by the server, only the
SSH_AUTH_METHOD_PASSWORD flag should be set. However, the
SSH_AUTH_METHOD_PUBLICKEY flag is also set, even though it is not
acceptable in the current state.

The auth_methods field in the session is reset after a failed
authentication attempt, but not after a partial one. The attached patch
changes it to be reset in both cases.

Regards,
Tilo
From f27b745b7417c0606807c5014eb4fbe0c0433f2e Mon Sep 17 00:00:00 2001
From: tilo <tilo.eckert@xxxxxxx>
Date: Mon, 15 Jun 2015 13:12:23 +0200
Subject: [PATCH 1/1] available auth_methods must be reset on partial
 authentication

---
 src/auth.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/auth.c b/src/auth.c
index da8c4d9..77b99a7 100755
--- a/src/auth.c
+++ b/src/auth.c
@@ -209,8 +209,8 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_failure){
             "Access denied. Authentication that can continue: %s",
             auth_methods);
 
-    session->auth_methods = 0;
   }
+  session->auth_methods = 0;
   if (strstr(auth_methods, "password") != NULL) {
     session->auth_methods |= SSH_AUTH_METHOD_PASSWORD;
   }
-- 
2.4.3


Archive administrator: postmaster@lists.cynapses.org