Bugzilla – Attachment 2897 Details for
Bug 2642
[sshconnect2] publickey authentication only properly works if used first: pubkey_prepare doesn't work after pubkey_cleanup
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
more clear pubkey_reset()
bz2642.diff (text/plain), 1.57 KB, created by
Damien Miller
on 2016-12-02 13:44:54 AEDT
(
hide
)
Description:
more clear pubkey_reset()
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2016-12-02 13:44:54 AEDT
Size:
1.57 KB
patch
obsolete
>diff --git a/sshconnect2.c b/sshconnect2.c >index 460948e..d02ac73 100644 >--- a/sshconnect2.c >+++ b/sshconnect2.c >@@ -309,6 +309,7 @@ void userauth(Authctxt *, char *); > > static int sign_and_send_pubkey(Authctxt *, Identity *); > static void pubkey_prepare(Authctxt *); >+static void pubkey_reset(Authctxt *); > static void pubkey_cleanup(Authctxt *); > static Key *load_identity_file(Identity *); > >@@ -551,9 +552,7 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt) > > if (partial != 0) { > verbose("Authenticated with partial success."); >- /* reset state */ >- pubkey_cleanup(authctxt); >- pubkey_prepare(authctxt); >+ pubkey_reset(authctxt); > } > debug("Authentications that can continue: %s", authlist); > >@@ -1390,6 +1389,33 @@ pubkey_prepare(Authctxt *authctxt) > } > } > >+/* Reorder keys to try after partial authentication success */ >+static void >+pubkey_reset(Authctxt *authctxt) >+{ >+ Identity *id, *id2; >+ struct idlist tried, untried; >+ >+ TAILQ_INIT(&tried); >+ TAILQ_INIT(&untried); >+ >+ TAILQ_FOREACH_SAFE(id, &authctxt->keys, next, id2) { >+ struct idlist *which = id->tried ? &tried : &untried; >+ id->tried = 0; >+ TAILQ_REMOVE(&authctxt->keys, id, next); >+ TAILQ_INSERT_TAIL(which, id, next); >+ } >+ /* Prefer keys that have not already been tried */ >+ TAILQ_FOREACH_SAFE(id, &untried, next, id2) { >+ TAILQ_REMOVE(&tried, id, next); >+ TAILQ_INSERT_TAIL(&authctxt->keys, id, next); >+ } >+ TAILQ_FOREACH_SAFE(id, &tried, next, id2) { >+ TAILQ_REMOVE(&tried, id, next); >+ TAILQ_INSERT_TAIL(&authctxt->keys, id, next); >+ } >+} >+ > static void > pubkey_cleanup(Authctxt *authctxt) > {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2897">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2642
:
2895
|
2897
|
2898
|
2900