diff options
| author | Michael Gmelin <mg@grem.de> | 2018-01-18 01:28:19 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2018-01-18 17:08:13 +0100 |
| commit | ddafd45af12a128a99bfe4d35c58809e22d75c52 (patch) | |
| tree | 0c77cbbccc3dc3594a667c541a5026d4b43c0b9f | |
| parent | 9e4ad1e2af22f00eeca533b745b67956f57319cb (diff) | |
| download | curl-ddafd45af12a128a99bfe4d35c58809e22d75c52.tar.gz | |
SSH: Fix state machine for ssh-agent authentication
In case an identity didn't match[0], the state machine would fail in
state SSH_AUTH_AGENT instead of progressing to the next identity in
ssh-agent. As a result, ssh-agent authentication only worked if the
identity required happened to be the first added to ssh-agent.
This was introduced as part of commit c4eb10e2f06fbd6cc904f1d78e4, which
stated that the "else" statement was required to prevent getting stuck
in state SSH_AUTH_AGENT. Given the state machine's logic and libssh2's
interface I couldn't see how this could happen or reproduce it and I
also couldn't find a more detailed description of the problem which
would explain a test case to reproduce the problem this was supposed to
fix.
[0] libssh2_agent_userauth returning LIBSSH2_ERROR_AUTHENTICATION_FAILED
Closes #2248
| -rw-r--r-- | lib/ssh.c | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -955,11 +955,11 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block) sshc->sshagent_identity); if(rc < 0) { - if(rc != LIBSSH2_ERROR_EAGAIN) + if(rc != LIBSSH2_ERROR_EAGAIN) { /* tried and failed? go to next identity */ sshc->sshagent_prev_identity = sshc->sshagent_identity; - else - break; + } + break; } } |