Import openssh_6.9p1.orig.tar.gz

author: Colin Watson <cjwatson@debian.org> 2015-08-19 17:00:17 +0100
committer: Colin Watson <cjwatson@debian.org> 2015-08-19 17:00:17 +0100
commit: 544df7a04ae5b5c1fc30be7c445ad685d7a02dc9 (patch)
tree: 33d2a87dd50fe5894ac6ec4579c83401b7ab00a4 /monitor.c
parent: baccdb349b31c47cd76fb63211f754ed33a9707e (diff)
parent: 7de4b03a6e4071d454b72927ffaf52949fa34545 (diff)
1 files changed, 13 insertions, 9 deletions
diff --git a/monitor.c b/monitor.c
index bab6ce87e..b4109657e 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.145 2015/02/20 22:17:21 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.150 2015/06/22 23:42:16 djm Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -404,7 +404,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
                if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
                        auth_log(authctxt, authenticated, partial,
                            auth_method, auth_submethod);
-                        if (!authenticated)
+                        if (!partial && !authenticated)
                                authctxt->failures++;
                }
        }
@@ -1185,7 +1185,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
        Key *key;
        char *cuser, *chost;
        u_char *blob;
-        u_int bloblen;
+        u_int bloblen, pubkey_auth_attempt;
        enum mm_keytype type = 0;
        int allowed = 0;
@@ -1195,6 +1195,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
        cuser = buffer_get_string(m, NULL);
        chost = buffer_get_string(m, NULL);
        blob = buffer_get_string(m, &bloblen);
+        pubkey_auth_attempt = buffer_get_int(m);
        key = key_from_blob(blob, bloblen);
@@ -1215,19 +1216,19 @@ mm_answer_keyallowed(int sock, Buffer *m)
                        allowed = options.pubkey_authentication &&
                            !auth2_userkey_already_used(authctxt, key) &&
                            match_pattern_list(sshkey_ssh_name(key),
-                            options.pubkey_key_types,
+                            options.pubkey_key_types, 0) == 1 &&
-                            strlen(options.pubkey_key_types), 0) == 1 &&
+                            user_key_allowed(authctxt->pw, key,
-                            user_key_allowed(authctxt->pw, key);
+                            pubkey_auth_attempt);
                        pubkey_auth_info(authctxt, key, NULL);
                        auth_method = "publickey";
-                        if (options.pubkey_authentication && allowed != 1)
+                        if (options.pubkey_authentication &&
+                            (!pubkey_auth_attempt || allowed != 1))
                                auth_clear_options();
                        break;
                case MM_HOSTKEY:
                        allowed = options.hostbased_authentication &&
                            match_pattern_list(sshkey_ssh_name(key),
-                            options.hostbased_key_types,
+                            options.hostbased_key_types, 0) == 1 &&
-                            strlen(options.hostbased_key_types), 0) == 1 &&
                            hostbased_key_allowed(authctxt->pw,
                            cuser, chost, key);
                        pubkey_auth_info(authctxt, key,
@@ -1474,6 +1475,9 @@ mm_record_login(Session *s, struct passwd *pw)
        socklen_t fromlen;
        struct sockaddr_storage from;
+        if (options.use_login)
+                return;
        /*
         * Get IP address of client. If the connection is not a socket, let
         * the address be 0.0.0.0.
author	Colin Watson <cjwatson@debian.org>	2015-08-19 17:00:17 +0100
committer	Colin Watson <cjwatson@debian.org>	2015-08-19 17:00:17 +0100
commit	544df7a04ae5b5c1fc30be7c445ad685d7a02dc9 (patch)
tree	33d2a87dd50fe5894ac6ec4579c83401b7ab00a4 /monitor.c
parent	baccdb349b31c47cd76fb63211f754ed33a9707e (diff)
parent	7de4b03a6e4071d454b72927ffaf52949fa34545 (diff)