On Thu, Sep 22, 2016 at 09:51:11AM +1000, Darren Tucker wrote:
> The client thinks the session is authenticated, though. I think
> that's actually a bug in the OpenSSH client: ssh_userauth2() calls
> ssh_dispatch_run() with DISPATCH_BLOCK blocking on authctxt.success.
> It assumes that if it exits then it's authenticated.
>
> ssh_packet_read_poll_seqnr(), however, will return
> SSH_ERR_DISCONNECTED in that case, which will cause ssh_dispatch_run()
> to return.
This should handle this case.
diff --git a/sshconnect2.c b/sshconnect2.c
index fae8b0f..ae77243 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -404,6 +404,8 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
pubkey_cleanup(&authctxt);
ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
+ if (!authctxt.success)
+ fatal("Authentication failed.");
debug("Authentication succeeded (%s).", authctxt.method->name);
}
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
