From ddafd45af12a128a99bfe4d35c58809e22d75c52 Mon Sep 17 00:00:00 2001 From: Michael Gmelin Date: Thu, 18 Jan 2018 01:28:19 +0100 Subject: [PATCH] SSH: Fix state machine for ssh-agent authentication In case an identity didn't match[0], the state machine would fail in state SSH_AUTH_AGENT instead of progressing to the next identity in ssh-agent. As a result, ssh-agent authentication only worked if the identity required happened to be the first added to ssh-agent. This was introduced as part of commit c4eb10e2f06fbd6cc904f1d78e4, which stated that the "else" statement was required to prevent getting stuck in state SSH_AUTH_AGENT. Given the state machine's logic and libssh2's interface I couldn't see how this could happen or reproduce it and I also couldn't find a more detailed description of the problem which would explain a test case to reproduce the problem this was supposed to fix. [0] libssh2_agent_userauth returning LIBSSH2_ERROR_AUTHENTICATION_FAILED Closes #2248 --- lib/ssh.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/ssh.c b/lib/ssh.c index 6516c5d37..a86ed706e 100644 --- a/lib/ssh.c +++ b/lib/ssh.c @@ -955,11 +955,11 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block) sshc->sshagent_identity); if(rc < 0) { - if(rc != LIBSSH2_ERROR_EAGAIN) + if(rc != LIBSSH2_ERROR_EAGAIN) { /* tried and failed? go to next identity */ sshc->sshagent_prev_identity = sshc->sshagent_identity; - else - break; + } + break; } }