Hi, when calling ssh_userauth_list() after a successful partial authentication (e.g. public key) and another authentication method (e.g. password) is required next by the server, only the SSH_AUTH_METHOD_PASSWORD flag should be set. However, the SSH_AUTH_METHOD_PUBLICKEY flag is also set, even though it is not acceptable in the current state.
The auth_methods field in the session is reset after a failed authentication attempt, but not after a partial one. The attached patch changes it to be reset in both cases. Regards, Tilo
From f27b745b7417c0606807c5014eb4fbe0c0433f2e Mon Sep 17 00:00:00 2001 From: tilo <[email protected]> Date: Mon, 15 Jun 2015 13:12:23 +0200 Subject: [PATCH 1/1] available auth_methods must be reset on partial authentication --- src/auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/auth.c b/src/auth.c index da8c4d9..77b99a7 100755 --- a/src/auth.c +++ b/src/auth.c @@ -209,8 +209,8 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_failure){ "Access denied. Authentication that can continue: %s", auth_methods); - session->auth_methods = 0; } + session->auth_methods = 0; if (strstr(auth_methods, "password") != NULL) { session->auth_methods |= SSH_AUTH_METHOD_PASSWORD; } -- 2.4.3
