1 files changed, 0 insertions, 120 deletions
diff --git a/debian/patches/auth-log-verbosity.patch b/debian/patches/auth-log-verbosity.patch
deleted file mode 100644
index ba7642d83..000000000
--- a/debian/patches/auth-log-verbosity.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-From 50e9edb57b6808cbbf63fe3433febb103baac1e8 Mon Sep 17 00:00:00 2001
-From: Colin Watson <cjwatson@debian.org>
-Date: Sun, 9 Feb 2014 16:10:02 +0000
-Subject: Quieten logs when multiple from= restrictions are used
-Bug-Debian: http://bugs.debian.org/630606
-Forwarded: no
-Last-Update: 2017-10-04
-Patch-Name: auth-log-verbosity.patch
---
- auth-options.c | 35 ++++++++++++++++++++++++++---------
- auth-options.h |  1 +
- auth2-pubkey.c |  3 +++
- 3 files changed, 30 insertions(+), 9 deletions(-)
-diff --git a/auth-options.c b/auth-options.c
-index bed00eef..ccdd0b20 100644
--- a/auth-options.c
-+++ b/auth-options.c
-@@ -59,10 +59,21 @@ int forced_tun_device = -1;
- /* "principals=" option. */
- char *authorized_principals = NULL;
- 
-+/* Throttle log messages. */
-+int logged_from_hostip = 0;
-+int logged_cert_hostip = 0;
-+
- extern ServerOptions options;
- 
- /* XXX refactor to be stateless */
- 
-+void
-+auth_start_parse_options(void)
-+{
-+       logged_from_hostip = 0;
-+       logged_cert_hostip = 0;
-+}
-+
- void
- auth_clear_options(void)
- {
-@@ -322,10 +333,13 @@ auth_parse_options(struct passwd *pw, char *opts, const char *file,
-                                /* FALLTHROUGH */
-                        case 0:
-                                free(patterns);
-                               logit("Authentication tried for %.100s with "
-                                   "correct key but not from a permitted "
-                                   "host (host=%.200s, ip=%.200s).",
-                                   pw->pw_name, remote_host, remote_ip);
-+                               if (!logged_from_hostip) {
-+                                       logit("Authentication tried for %.100s with "
-+                                           "correct key but not from a permitted "
-+                                           "host (host=%.200s, ip=%.200s).",
-+                                           pw->pw_name, remote_host, remote_ip);
-+                                       logged_from_hostip = 1;
-+                               }
-                                auth_debug_add("Your host '%.200s' is not "
-                                    "permitted to use this key for login.",
-                                    remote_host);
-@@ -549,11 +563,14 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw,
-                                        break;
-                                case 0:
-                                        /* no match */
-                                       logit("Authentication tried for %.100s "
-                                           "with valid certificate but not "
-                                           "from a permitted host "
-                                           "(ip=%.200s).", pw->pw_name,
-                                           remote_ip);
-+                                       if (!logged_cert_hostip) {
-+                                               logit("Authentication tried for %.100s "
-+                                                   "with valid certificate but not "
-+                                                   "from a permitted host "
-+                                                   "(ip=%.200s).", pw->pw_name,
-+                                                   remote_ip);
-+                                               logged_cert_hostip = 1;
-+                                       }
-                                        auth_debug_add("Your address '%.200s' "
-                                            "is not permitted to use this "
-                                            "certificate for login.",
-diff --git a/auth-options.h b/auth-options.h
-index 547f0163..4de0f14d 100644
--- a/auth-options.h
-+++ b/auth-options.h
-@@ -33,6 +33,7 @@ extern int forced_tun_device;
- extern int key_is_cert_authority;
- extern char *authorized_principals;
- 
-+void   auth_start_parse_options(void);
- int    auth_parse_options(struct passwd *, char *, const char *, u_long);
- void   auth_clear_options(void);
- int    auth_cert_options(struct sshkey *, struct passwd *, const char **);
-diff --git a/auth2-pubkey.c b/auth2-pubkey.c
-index 169839b0..43f880b6 100644
--- a/auth2-pubkey.c
-+++ b/auth2-pubkey.c
-@@ -269,6 +269,7 @@ process_principals(FILE *f, const char *file, struct passwd *pw,
-        u_long linenum = 0;
-        u_int i, found_principal = 0;
- 
-+       auth_start_parse_options();
-        while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
-                /* Always consume entire input */
-                if (found_principal)
-@@ -471,6 +472,7 @@ check_authkeys_file(FILE *f, char *file, struct sshkey *key, struct passwd *pw)
-        u_long linenum = 0;
-        struct sshkey *found = NULL;
- 
-+       auth_start_parse_options();
-        while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
-                char *cp, *key_options = NULL, *fp = NULL;
-                const char *reason = NULL;
-@@ -624,6 +626,7 @@ user_cert_trusted_ca(struct passwd *pw, struct sshkey *key)
-        if (sshkey_cert_check_authority(key, 0, 1,
-            use_authorized_principals ? NULL : pw->pw_name, &reason) != 0)
-                goto fail_reason;
-+       auth_start_parse_options();
-        if (auth_cert_options(key, pw, &reason) != 0)
-                goto fail_reason;
-

diff --git a/debian/patches/auth-log-verbosity.patch b/debian/patches/auth-log-verbosity.patch deleted file mode 100644 index ba7642d83..000000000 --- a/debian/patches/auth-log-verbosity.patch +++ /dev/null
@@ -1,120 +0,0 @@
1	From 50e9edb57b6808cbbf63fe3433febb103baac1e8 Mon Sep 17 00:00:00 2001
2	From: Colin Watson <cjwatson@debian.org>
3	Date: Sun, 9 Feb 2014 16:10:02 +0000
4	Subject: Quieten logs when multiple from= restrictions are used
5
6	Bug-Debian: http://bugs.debian.org/630606
7	Forwarded: no
8	Last-Update: 2017-10-04
9
10	Patch-Name: auth-log-verbosity.patch
11	---
12	auth-options.c \| 35 ++++++++++++++++++++++++++---------
13	auth-options.h \| 1 +
14	auth2-pubkey.c \| 3 +++
15	3 files changed, 30 insertions(+), 9 deletions(-)
16
17	diff --git a/auth-options.c b/auth-options.c
18	index bed00eef..ccdd0b20 100644
19	--- a/auth-options.c
20	+++ b/auth-options.c
21	@@ -59,10 +59,21 @@ int forced_tun_device = -1;
22	/* "principals=" option. */
23	char *authorized_principals = NULL;
24
25	+/* Throttle log messages. */
26	+int logged_from_hostip = 0;
27	+int logged_cert_hostip = 0;
28	+
29	extern ServerOptions options;
30
31	/* XXX refactor to be stateless */
32
33	+void
34	+auth_start_parse_options(void)
35	+{
36	+ logged_from_hostip = 0;
37	+ logged_cert_hostip = 0;
38	+}
39	+
40	void
41	auth_clear_options(void)
42	{
43	@@ -322,10 +333,13 @@ auth_parse_options(struct passwd pw, char opts, const char *file,
44	/* FALLTHROUGH */
45	case 0:
46	free(patterns);
47	- logit("Authentication tried for %.100s with "
48	- "correct key but not from a permitted "
49	- "host (host=%.200s, ip=%.200s).",
50	- pw->pw_name, remote_host, remote_ip);
51	+ if (!logged_from_hostip) {
52	+ logit("Authentication tried for %.100s with "
53	+ "correct key but not from a permitted "
54	+ "host (host=%.200s, ip=%.200s).",
55	+ pw->pw_name, remote_host, remote_ip);
56	+ logged_from_hostip = 1;
57	+ }
58	auth_debug_add("Your host '%.200s' is not "
59	"permitted to use this key for login.",
60	remote_host);
61	@@ -549,11 +563,14 @@ parse_option_list(struct sshbuf oblob, struct passwd pw,
62	break;
63	case 0:
64	/* no match */
65	- logit("Authentication tried for %.100s "
66	- "with valid certificate but not "
67	- "from a permitted host "
68	- "(ip=%.200s).", pw->pw_name,
69	- remote_ip);
70	+ if (!logged_cert_hostip) {
71	+ logit("Authentication tried for %.100s "
72	+ "with valid certificate but not "
73	+ "from a permitted host "
74	+ "(ip=%.200s).", pw->pw_name,
75	+ remote_ip);
76	+ logged_cert_hostip = 1;
77	+ }
78	auth_debug_add("Your address '%.200s' "
79	"is not permitted to use this "
80	"certificate for login.",
81	diff --git a/auth-options.h b/auth-options.h
82	index 547f0163..4de0f14d 100644
83	--- a/auth-options.h
84	+++ b/auth-options.h
85	@@ -33,6 +33,7 @@ extern int forced_tun_device;
86	extern int key_is_cert_authority;
87	extern char *authorized_principals;
88
89	+void auth_start_parse_options(void);
90	int auth_parse_options(struct passwd , char , const char *, u_long);
91	void auth_clear_options(void);
92	int auth_cert_options(struct sshkey , struct passwd , const char **);
93	diff --git a/auth2-pubkey.c b/auth2-pubkey.c
94	index 169839b0..43f880b6 100644
95	--- a/auth2-pubkey.c
96	+++ b/auth2-pubkey.c
97	@@ -269,6 +269,7 @@ process_principals(FILE f, const char file, struct passwd *pw,
98	u_long linenum = 0;
99	u_int i, found_principal = 0;
100
101	+ auth_start_parse_options();
102	while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
103	/* Always consume entire input */
104	if (found_principal)
105	@@ -471,6 +472,7 @@ check_authkeys_file(FILE f, char file, struct sshkey key, struct passwd pw)
106	u_long linenum = 0;
107	struct sshkey *found = NULL;
108
109	+ auth_start_parse_options();
110	while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
111	char cp, key_options = NULL, *fp = NULL;
112	const char *reason = NULL;
113	@@ -624,6 +626,7 @@ user_cert_trusted_ca(struct passwd pw, struct sshkey key)
114	if (sshkey_cert_check_authority(key, 0, 1,
115	use_authorized_principals ? NULL : pw->pw_name, &reason) != 0)
116	goto fail_reason;
117	+ auth_start_parse_options();
118	if (auth_cert_options(key, pw, &reason) != 0)
119	goto fail_reason;
120