This is an automated email from the ASF dual-hosted git repository. lgoldstein pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit e00a5e662275bdf56f07ce0a9adb0f553b0dd3e7 Author: Lyor Goldstein <[email protected]> AuthorDate: Tue Feb 12 12:18:47 2019 +0200 [SSHD-894] Ignore subsequent authentication requests if one was successful - as per RFC4252 section 5.1 --- .../sshd/server/session/ServerUserAuthService.java | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/sshd-core/src/main/java/org/apache/sshd/server/session/ServerUserAuthService.java b/sshd-core/src/main/java/org/apache/sshd/server/session/ServerUserAuthService.java index 1e45bbd..c596cf7 100644 --- a/sshd-core/src/main/java/org/apache/sshd/server/session/ServerUserAuthService.java +++ b/sshd-core/src/main/java/org/apache/sshd/server/session/ServerUserAuthService.java @@ -154,6 +154,26 @@ public class ServerUserAuthService extends AbstractCloseable implements Service, ServerSession session = getServerSession(); boolean debugEnabled = log.isDebugEnabled(); if (cmd == SshConstants.SSH_MSG_USERAUTH_REQUEST) { + /* + * According to RFC4252 section 5.1: + * + * + * When SSH_MSG_USERAUTH_SUCCESS has been sent, any + * further authentication requests received after that + * SHOULD be silently ignored. + */ + if (session.isAuthenticated()) { + String username = buffer.getString(); + String service = buffer.getString(); + String method = buffer.getString(); + + if (debugEnabled) { + log.debug("process({}) ignore user={}, service={}, method={} auth. request since session already authenticated", + session, username, service, method); + } + return; + } + if (WelcomeBannerPhase.FIRST_REQUEST.equals(getWelcomePhase())) { sendWelcomeBanner(session); }
