clear auth options unless auth sucessfull

3 files changed, 9 insertions, 2 deletions

diff --git a/usr.bin/ssh/auth-options.h b/usr.bin/ssh/auth-options.h
index 9044d98bea8..02ac5df1d1e 100644
--- a/usr.bin/ssh/auth-options.h
+++ b/usr.bin/ssh/auth-options.h
@@ -22,4 +22,7 @@ extern struct envstring *custom_environment;
 
 /* return 1 if access is granted, 0 if not. side effect: sets key option flags */
 int	auth_parse_options(struct passwd *pw, char *options, unsigned long linenum);
+/* reset options flags */
+void	auth_clear_options(void);
+
 #endif
diff --git a/usr.bin/ssh/auth-rsa.c b/usr.bin/ssh/auth-rsa.c
index 8b9d8ba47ad..522f01f84cb 100644
--- a/usr.bin/ssh/auth-rsa.c
+++ b/usr.bin/ssh/auth-rsa.c
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.30 2000/10/03 18:03:03 markus Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.31 2000/10/11 19:59:52 markus Exp $");
 
 #include "rsa.h"
 #include "packet.h"
@@ -284,6 +284,8 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
 
 	if (authenticated)
 		packet_send_debug("RSA authentication accepted.");
+	else
+		auth_clear_options();
 
 	/* Return authentication result. */
 	return authenticated;
diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c
index 765b48a760c..7006bfeab06 100644
--- a/usr.bin/ssh/auth2.c
+++ b/usr.bin/ssh/auth2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.16 2000/09/27 21:41:34 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.17 2000/10/11 19:59:52 markus Exp $");
 
 #include <openssl/dsa.h>
 #include <openssl/rsa.h>
@@ -319,6 +319,8 @@ ssh2_auth_pubkey(struct passwd *pw, char *service)
 				authenticated = -1;
 			}
 		}
+		if (authenticated != 1)
+			auth_clear_options();
 		key_free(key);
 	}
 	xfree(pkalg);