Bug 1472

Created attachment 1509 [details]
call auth_clear_options in privileged process

https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/161047 reports a problem with forced commands when used with public-key authentication but expecting password authentication also to work without the forced command. Briefly, it may be reproduced on a single machine as follows:

1) Move all but one of your keys out of the way in ~/.ssh so that the client won't find them.

2) Apply a forced command to this key in ~/.ssh/authorized_keys; command="echo hello" will do.

3) If you are running ssh-agent, remove all identities from it with 'ssh-add -D'.

4) Connect to localhost. When prompted for the public key passphrase, press Enter; then enter your normal password when prompted to do so. Observe that "hello" is printed and no shell is given.

I believe that the problem here is that, if authentication fails after calling auth_rsa_key_allowed or user_key_allowed in the privileged process, authentication options are only cleared in the monitor rather than in the privileged process. The obvious fix seems to be to clear them in both processes. This is implemented by the attached patch.

This is only reproducible if the last key offered by the client is the one with the forced command, since auth_parse_options calls auth_clear_options on entry and that's called in the privileged process.