diff --git a/openssh-5.9p1-audit4.patch b/openssh-5.9p1-audit4.patch index 88dd403..1ae1e71 100644 --- a/openssh-5.9p1-audit4.patch +++ b/openssh-5.9p1-audit4.patch @@ -1,6 +1,6 @@ diff -up openssh-5.9p1/audit-bsm.c.audit4 openssh-5.9p1/audit-bsm.c ---- openssh-5.9p1/audit-bsm.c.audit4 2012-02-06 17:15:01.574908126 +0100 -+++ openssh-5.9p1/audit-bsm.c 2012-02-06 17:15:21.656095559 +0100 +--- openssh-5.9p1/audit-bsm.c.audit4 2012-07-27 14:27:56.149474798 +0200 ++++ openssh-5.9p1/audit-bsm.c 2012-07-27 14:27:56.164474882 +0200 @@ -408,4 +408,10 @@ audit_kex_body(int ctos, char *enc, char { /* not implemented */ @@ -13,8 +13,8 @@ diff -up openssh-5.9p1/audit-bsm.c.audit4 openssh-5.9p1/audit-bsm.c +} #endif /* BSM */ diff -up openssh-5.9p1/audit.c.audit4 openssh-5.9p1/audit.c ---- openssh-5.9p1/audit.c.audit4 2012-02-06 17:15:01.576787216 +0100 -+++ openssh-5.9p1/audit.c 2012-02-06 17:15:21.690032906 +0100 +--- openssh-5.9p1/audit.c.audit4 2012-07-27 14:27:56.150474804 +0200 ++++ openssh-5.9p1/audit.c 2012-07-27 14:27:56.165474888 +0200 @@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid())); } @@ -45,8 +45,8 @@ diff -up openssh-5.9p1/audit.c.audit4 openssh-5.9p1/audit.c # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.9p1/audit.h.audit4 openssh-5.9p1/audit.h ---- openssh-5.9p1/audit.h.audit4 2012-02-06 17:15:01.576787216 +0100 -+++ openssh-5.9p1/audit.h 2012-02-06 17:15:21.690876254 +0100 +--- openssh-5.9p1/audit.h.audit4 2012-07-27 14:27:56.151474810 +0200 ++++ openssh-5.9p1/audit.h 2012-07-27 14:27:56.165474888 +0200 @@ -62,5 +62,7 @@ void audit_unsupported(int); void audit_kex(int, char *, char *, char *); void audit_unsupported_body(int); @@ -56,8 +56,8 @@ diff -up openssh-5.9p1/audit.h.audit4 openssh-5.9p1/audit.h #endif /* _SSH_AUDIT_H */ diff -up openssh-5.9p1/audit-linux.c.audit4 openssh-5.9p1/audit-linux.c ---- openssh-5.9p1/audit-linux.c.audit4 2012-02-06 17:15:01.575908525 +0100 -+++ openssh-5.9p1/audit-linux.c 2012-02-06 17:15:21.682001323 +0100 +--- openssh-5.9p1/audit-linux.c.audit4 2012-07-27 14:27:56.149474798 +0200 ++++ openssh-5.9p1/audit-linux.c 2012-07-27 14:27:56.166474894 +0200 @@ -294,6 +294,8 @@ audit_unsupported_body(int what) #endif } @@ -109,8 +109,8 @@ diff -up openssh-5.9p1/audit-linux.c.audit4 openssh-5.9p1/audit-linux.c + #endif /* USE_LINUX_AUDIT */ diff -up openssh-5.9p1/auditstub.c.audit4 openssh-5.9p1/auditstub.c ---- openssh-5.9p1/auditstub.c.audit4 2012-02-06 17:15:01.576787216 +0100 -+++ openssh-5.9p1/auditstub.c 2012-02-06 17:15:21.690876254 +0100 +--- openssh-5.9p1/auditstub.c.audit4 2012-07-27 14:27:56.151474810 +0200 ++++ openssh-5.9p1/auditstub.c 2012-07-27 14:27:56.166474894 +0200 @@ -27,6 +27,8 @@ * Red Hat author: Jan F. Chadima */ @@ -134,8 +134,8 @@ diff -up openssh-5.9p1/auditstub.c.audit4 openssh-5.9p1/auditstub.c +{ +} diff -up openssh-5.9p1/kex.c.audit4 openssh-5.9p1/kex.c ---- openssh-5.9p1/kex.c.audit4 2012-02-06 17:15:01.578907640 +0100 -+++ openssh-5.9p1/kex.c 2012-02-06 17:15:21.691785656 +0100 +--- openssh-5.9p1/kex.c.audit4 2012-07-27 14:27:56.153474822 +0200 ++++ openssh-5.9p1/kex.c 2012-07-27 14:27:56.167474900 +0200 @@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i fprintf(stderr, "\n"); } @@ -173,7 +173,7 @@ diff -up openssh-5.9p1/kex.c.audit4 openssh-5.9p1/kex.c + diff -up openssh-5.9p1/kex.h.audit4 openssh-5.9p1/kex.h --- openssh-5.9p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200 -+++ openssh-5.9p1/kex.h 2012-02-06 17:15:21.691785656 +0100 ++++ openssh-5.9p1/kex.h 2012-07-27 14:27:56.168474905 +0200 @@ -156,6 +156,8 @@ void kexgex_server(Kex *); void kexecdh_client(Kex *); void kexecdh_server(Kex *); @@ -185,7 +185,7 @@ diff -up openssh-5.9p1/kex.h.audit4 openssh-5.9p1/kex.h BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); diff -up openssh-5.9p1/mac.c.audit4 openssh-5.9p1/mac.c --- openssh-5.9p1/mac.c.audit4 2011-08-17 02:29:03.000000000 +0200 -+++ openssh-5.9p1/mac.c 2012-02-06 17:15:21.692918961 +0100 ++++ openssh-5.9p1/mac.c 2012-07-27 14:27:56.168474905 +0200 @@ -168,6 +168,20 @@ mac_clear(Mac *mac) mac->umac_ctx = NULL; } @@ -209,16 +209,16 @@ diff -up openssh-5.9p1/mac.c.audit4 openssh-5.9p1/mac.c int diff -up openssh-5.9p1/mac.h.audit4 openssh-5.9p1/mac.h --- openssh-5.9p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200 -+++ openssh-5.9p1/mac.h 2012-02-06 17:15:21.692918961 +0100 ++++ openssh-5.9p1/mac.h 2012-07-27 14:27:56.169474910 +0200 @@ -28,3 +28,4 @@ int mac_setup(Mac *, char *); int mac_init(Mac *); u_char *mac_compute(Mac *, u_int32_t, u_char *, int); void mac_clear(Mac *); +void mac_destroy(Mac *); diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c ---- openssh-5.9p1/monitor.c.audit4 2012-02-06 17:15:01.579896475 +0100 -+++ openssh-5.9p1/monitor.c 2012-02-06 17:16:32.405783810 +0100 -@@ -189,6 +189,7 @@ int mm_answer_audit_command(int, Buffer +--- openssh-5.9p1/monitor.c.audit4 2012-07-27 14:27:56.154474827 +0200 ++++ openssh-5.9p1/monitor.c 2012-07-27 14:31:20.311655098 +0200 +@@ -189,6 +189,7 @@ int mm_answer_audit_command(int, Buffer int mm_answer_audit_end_command(int, Buffer *); int mm_answer_audit_unsupported_body(int, Buffer *); int mm_answer_audit_kex_body(int, Buffer *); @@ -226,7 +226,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c #endif static int monitor_read_log(struct monitor *); -@@ -242,6 +243,7 @@ struct mon_table mon_dispatch_proto20[] +@@ -242,6 +243,7 @@ struct mon_table mon_dispatch_proto20[] {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, @@ -242,7 +242,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c #endif {0, 0, NULL} }; -@@ -314,6 +317,7 @@ struct mon_table mon_dispatch_proto15[] +@@ -314,6 +317,7 @@ struct mon_table mon_dispatch_proto15[] {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, @@ -258,8 +258,8 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c #endif {0, 0, NULL} }; -@@ -451,10 +456,6 @@ monitor_child_preauth(Authctxt *_authctx - #endif +@@ -449,10 +454,6 @@ monitor_child_preauth(Authctxt *_authctx + authenticated = 0; } - /* Drain any buffered messages from the child */ @@ -269,7 +269,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c if (!authctxt->valid) fatal("%s: authenticated invalid user", __func__); if (strcmp(auth_method, "unknown") == 0) -@@ -1954,11 +1955,13 @@ mm_get_keystate(struct monitor *pmonitor +@@ -1952,11 +1953,13 @@ mm_get_keystate(struct monitor *pmonitor blob = buffer_get_string(&m, &bloblen); current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); @@ -283,7 +283,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c xfree(blob); /* Now get sequence numbers for the packets */ -@@ -2004,6 +2007,21 @@ mm_get_keystate(struct monitor *pmonitor +@@ -2002,6 +2005,21 @@ mm_get_keystate(struct monitor *pmonitor } buffer_free(&m); @@ -305,7 +305,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c } -@@ -2450,4 +2468,22 @@ mm_answer_audit_kex_body(int sock, Buffe +@@ -2448,4 +2466,22 @@ mm_answer_audit_kex_body(int sock, Buffe return 0; } @@ -329,8 +329,8 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.9p1/monitor.h.audit4 openssh-5.9p1/monitor.h ---- openssh-5.9p1/monitor.h.audit4 2012-02-06 17:15:01.580908188 +0100 -+++ openssh-5.9p1/monitor.h 2012-02-06 17:15:21.695033617 +0100 +--- openssh-5.9p1/monitor.h.audit4 2012-07-27 14:27:56.155474832 +0200 ++++ openssh-5.9p1/monitor.h 2012-07-27 14:27:56.171474920 +0200 @@ -63,6 +63,7 @@ enum monitor_reqtype { MONITOR_ANS_AUDIT_COMMAND, MONITOR_REQ_AUDIT_END_COMMAND, MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, @@ -340,8 +340,8 @@ diff -up openssh-5.9p1/monitor.h.audit4 openssh-5.9p1/monitor.h MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1, MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA, diff -up openssh-5.9p1/monitor_wrap.c.audit4 openssh-5.9p1/monitor_wrap.c ---- openssh-5.9p1/monitor_wrap.c.audit4 2012-02-06 17:15:01.581802928 +0100 -+++ openssh-5.9p1/monitor_wrap.c 2012-02-06 17:15:21.696033353 +0100 +--- openssh-5.9p1/monitor_wrap.c.audit4 2012-07-27 14:27:56.156474837 +0200 ++++ openssh-5.9p1/monitor_wrap.c 2012-07-27 14:27:56.172474926 +0200 @@ -653,12 +653,14 @@ mm_send_keystate(struct monitor *monitor fatal("%s: conversion of newkeys failed", __func__); @@ -378,8 +378,8 @@ diff -up openssh-5.9p1/monitor_wrap.c.audit4 openssh-5.9p1/monitor_wrap.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.9p1/monitor_wrap.h.audit4 openssh-5.9p1/monitor_wrap.h ---- openssh-5.9p1/monitor_wrap.h.audit4 2012-02-06 17:15:01.582908343 +0100 -+++ openssh-5.9p1/monitor_wrap.h 2012-02-06 17:15:21.696033353 +0100 +--- openssh-5.9p1/monitor_wrap.h.audit4 2012-07-27 14:27:56.157474843 +0200 ++++ openssh-5.9p1/monitor_wrap.h 2012-07-27 14:27:56.173474932 +0200 @@ -79,6 +79,7 @@ int mm_audit_run_command(const char *); void mm_audit_end_command(int, const char *); void mm_audit_unsupported_body(int); @@ -389,8 +389,8 @@ diff -up openssh-5.9p1/monitor_wrap.h.audit4 openssh-5.9p1/monitor_wrap.h struct Session; diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c ---- openssh-5.9p1/packet.c.audit4 2012-02-06 17:15:01.545908387 +0100 -+++ openssh-5.9p1/packet.c 2012-02-06 17:15:21.696886524 +0100 +--- openssh-5.9p1/packet.c.audit4 2012-07-27 14:27:56.099474520 +0200 ++++ openssh-5.9p1/packet.c 2012-07-27 14:27:56.174474938 +0200 @@ -60,6 +60,7 @@ #include @@ -584,7 +584,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c + diff -up openssh-5.9p1/packet.h.audit4 openssh-5.9p1/packet.h --- openssh-5.9p1/packet.h.audit4 2011-05-15 00:43:13.000000000 +0200 -+++ openssh-5.9p1/packet.h 2012-02-06 17:15:21.697874825 +0100 ++++ openssh-5.9p1/packet.h 2012-07-27 14:27:56.175474944 +0200 @@ -124,4 +124,5 @@ void packet_restore_state(void); void *packet_get_input(void); void *packet_get_output(void); @@ -592,8 +592,8 @@ diff -up openssh-5.9p1/packet.h.audit4 openssh-5.9p1/packet.h +void packet_destroy_all(int, int); #endif /* PACKET_H */ diff -up openssh-5.9p1/session.c.audit4 openssh-5.9p1/session.c ---- openssh-5.9p1/session.c.audit4 2012-02-06 17:15:01.562908533 +0100 -+++ openssh-5.9p1/session.c 2012-02-06 17:15:21.697874825 +0100 +--- openssh-5.9p1/session.c.audit4 2012-07-27 14:27:56.130474693 +0200 ++++ openssh-5.9p1/session.c 2012-07-27 14:27:56.176474950 +0200 @@ -1634,6 +1634,9 @@ do_child(Session *s, const char *command /* remove hostkey from the child's memory */ @@ -605,8 +605,8 @@ diff -up openssh-5.9p1/session.c.audit4 openssh-5.9p1/session.c /* Force a password change */ if (s->authctxt->force_pwchange) { diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c ---- openssh-5.9p1/sshd.c.audit4 2012-02-06 17:15:01.583866459 +0100 -+++ openssh-5.9p1/sshd.c 2012-02-06 17:15:21.699033720 +0100 +--- openssh-5.9p1/sshd.c.audit4 2012-07-27 14:27:56.159474855 +0200 ++++ openssh-5.9p1/sshd.c 2012-07-27 14:27:56.178474961 +0200 @@ -686,6 +686,8 @@ privsep_preauth(Authctxt *authctxt) } } diff --git a/openssh-5.9p1-required-authentications.patch b/openssh-5.9p1-required-authentications.patch index 491069a..cecbffc 100644 --- a/openssh-5.9p1-required-authentications.patch +++ b/openssh-5.9p1-required-authentications.patch @@ -1,6 +1,6 @@ diff -up openssh-5.9p1/auth.c.required-authentication openssh-5.9p1/auth.c ---- openssh-5.9p1/auth.c.required-authentication 2012-03-30 18:37:59.990184619 +0200 -+++ openssh-5.9p1/auth.c 2012-03-30 18:38:00.003189876 +0200 +--- openssh-5.9p1/auth.c.required-authentication 2012-07-27 12:21:41.181601972 +0200 ++++ openssh-5.9p1/auth.c 2012-07-27 12:21:41.203602020 +0200 @@ -251,7 +251,8 @@ allowed_user(struct passwd * pw) } @@ -92,7 +92,7 @@ diff -up openssh-5.9p1/auth.c.required-authentication openssh-5.9p1/auth.c +} diff -up openssh-5.9p1/auth.h.required-authentication openssh-5.9p1/auth.h --- openssh-5.9p1/auth.h.required-authentication 2011-05-29 13:39:38.000000000 +0200 -+++ openssh-5.9p1/auth.h 2012-03-30 18:38:00.003189876 +0200 ++++ openssh-5.9p1/auth.h 2012-07-27 12:21:41.204602022 +0200 @@ -142,10 +142,11 @@ void disable_forwarding(void); void do_authentication(Authctxt *); void do_authentication2(Authctxt *); @@ -122,8 +122,8 @@ diff -up openssh-5.9p1/auth.h.required-authentication openssh-5.9p1/auth.h diff -up openssh-5.9p1/auth1.c.required-authentication openssh-5.9p1/auth1.c --- openssh-5.9p1/auth1.c.required-authentication 2010-08-31 14:36:39.000000000 +0200 -+++ openssh-5.9p1/auth1.c 2012-03-30 18:38:00.004189905 +0200 -@@ -98,6 +98,54 @@ static const struct AuthMethod1 ++++ openssh-5.9p1/auth1.c 2012-07-27 12:50:50.708706675 +0200 +@@ -98,6 +98,55 @@ static const struct AuthMethod1 return (NULL); } @@ -160,6 +160,7 @@ diff -up openssh-5.9p1/auth1.c.required-authentication openssh-5.9p1/auth1.c + debug("auth1_check_required: unknown method " + "\"%s\"", cp); + ret = -1; ++ break; + } + if (*(m->enabled) == 0) { + debug("auth1_check_required: method %s explicitly " @@ -178,7 +179,7 @@ diff -up openssh-5.9p1/auth1.c.required-authentication openssh-5.9p1/auth1.c static char * get_authname(int type) { -@@ -237,6 +285,7 @@ do_authloop(Authctxt *authctxt) +@@ -237,6 +286,7 @@ do_authloop(Authctxt *authctxt) { int authenticated = 0; char info[1024]; @@ -186,7 +187,7 @@ diff -up openssh-5.9p1/auth1.c.required-authentication openssh-5.9p1/auth1.c int prev = 0, type = 0; const struct AuthMethod1 *meth; -@@ -244,7 +293,7 @@ do_authloop(Authctxt *authctxt) +@@ -244,7 +294,7 @@ do_authloop(Authctxt *authctxt) authctxt->valid ? "" : "invalid user ", authctxt->user); /* If the user has no password, accept authentication immediately. */ @@ -195,7 +196,7 @@ diff -up openssh-5.9p1/auth1.c.required-authentication openssh-5.9p1/auth1.c #ifdef KRB5 (!options.kerberos_authentication || options.kerberos_or_local_passwd) && #endif -@@ -253,7 +302,7 @@ do_authloop(Authctxt *authctxt) +@@ -253,7 +303,7 @@ do_authloop(Authctxt *authctxt) if (options.use_pam && (PRIVSEP(do_pam_account()))) #endif { @@ -204,7 +205,7 @@ diff -up openssh-5.9p1/auth1.c.required-authentication openssh-5.9p1/auth1.c return; } } -@@ -272,6 +321,7 @@ do_authloop(Authctxt *authctxt) +@@ -272,6 +322,7 @@ do_authloop(Authctxt *authctxt) /* Get a packet from the client. */ prev = type; type = packet_read(); @@ -212,7 +213,7 @@ diff -up openssh-5.9p1/auth1.c.required-authentication openssh-5.9p1/auth1.c /* * If we started challenge-response authentication but the -@@ -287,8 +337,8 @@ do_authloop(Authctxt *authctxt) +@@ -287,8 +338,8 @@ do_authloop(Authctxt *authctxt) if (authctxt->failures >= options.max_authtries) goto skip; if ((meth = lookup_authmethod1(type)) == NULL) { @@ -223,7 +224,7 @@ diff -up openssh-5.9p1/auth1.c.required-authentication openssh-5.9p1/auth1.c goto skip; } -@@ -297,6 +347,17 @@ do_authloop(Authctxt *authctxt) +@@ -297,6 +348,17 @@ do_authloop(Authctxt *authctxt) goto skip; } @@ -241,7 +242,7 @@ diff -up openssh-5.9p1/auth1.c.required-authentication openssh-5.9p1/auth1.c authenticated = meth->method(authctxt, info, sizeof(info)); if (authenticated == -1) continue; /* "postponed" */ -@@ -352,7 +413,29 @@ do_authloop(Authctxt *authctxt) +@@ -352,7 +414,29 @@ do_authloop(Authctxt *authctxt) skip: /* Log before sending the reply */ @@ -251,7 +252,7 @@ diff -up openssh-5.9p1/auth1.c.required-authentication openssh-5.9p1/auth1.c + /* Loop until the required authmethods are done */ + if (authenticated && options.required_auth1 != NULL) { + if (auth_remove_from_list(&options.required_auth1, -+ meth_name) != 1) ++ meth_name) == 0) + fatal("INTERNAL ERROR: authenticated method " + "\"%s\" not in required list \"%s\"", + meth_name, options.required_auth1); @@ -272,7 +273,7 @@ diff -up openssh-5.9p1/auth1.c.required-authentication openssh-5.9p1/auth1.c if (client_user != NULL) { xfree(client_user); -@@ -368,6 +451,7 @@ do_authloop(Authctxt *authctxt) +@@ -368,6 +452,7 @@ do_authloop(Authctxt *authctxt) #endif packet_disconnect(AUTH_FAIL_MSG, authctxt->user); } @@ -282,7 +283,7 @@ diff -up openssh-5.9p1/auth1.c.required-authentication openssh-5.9p1/auth1.c packet_send(); diff -up openssh-5.9p1/auth2.c.required-authentication openssh-5.9p1/auth2.c --- openssh-5.9p1/auth2.c.required-authentication 2011-05-05 06:04:11.000000000 +0200 -+++ openssh-5.9p1/auth2.c 2012-03-30 18:38:04.560122485 +0200 ++++ openssh-5.9p1/auth2.c 2012-07-27 12:51:59.048241612 +0200 @@ -215,7 +215,7 @@ input_userauth_request(int type, u_int32 { Authctxt *authctxt = ctxt; @@ -331,7 +332,7 @@ diff -up openssh-5.9p1/auth2.c.required-authentication openssh-5.9p1/auth2.c if (!authctxt->valid && authenticated) fatal("INTERNAL ERROR: authenticated invalid user %s", -@@ -330,12 +339,42 @@ userauth_finish(Authctxt *authctxt, int +@@ -330,12 +339,42 @@ userauth_finish(Authctxt *authctxt, int #endif /* _UNICOS */ /* Log before sending the reply */ @@ -347,7 +348,7 @@ diff -up openssh-5.9p1/auth2.c.required-authentication openssh-5.9p1/auth2.c + if ((m = authmethod_lookup(method)) == NULL) + fatal("INTERNAL ERROR: authenticated method " + "\"%s\" unknown", method); -+ if (auth_remove_from_list(&options.required_auth2, method) != 1) ++ if (auth_remove_from_list(&options.required_auth2, method) == 0) + fatal("INTERNAL ERROR: authenticated method " + "\"%s\" not in required list \"%s\"", + method, options.required_auth2); @@ -376,7 +377,7 @@ diff -up openssh-5.9p1/auth2.c.required-authentication openssh-5.9p1/auth2.c if (authenticated == 1) { /* turn off userauth */ dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore); -@@ -345,7 +384,6 @@ userauth_finish(Authctxt *authctxt, int +@@ -345,7 +384,6 @@ userauth_finish(Authctxt *authctxt, int /* now we can break out */ authctxt->success = 1; } else { @@ -384,7 +385,7 @@ diff -up openssh-5.9p1/auth2.c.required-authentication openssh-5.9p1/auth2.c /* Allow initial try of "none" auth without failure penalty */ if (!authctxt->server_caused_failure && (authctxt->attempt > 1 || strcmp(method, "none") != 0)) -@@ -356,10 +394,11 @@ userauth_finish(Authctxt *authctxt, int +@@ -356,10 +394,11 @@ userauth_finish(Authctxt *authctxt, int #endif packet_disconnect(AUTH_FAIL_MSG, authctxt->user); } @@ -453,7 +454,7 @@ diff -up openssh-5.9p1/auth2.c.required-authentication openssh-5.9p1/auth2.c + diff -up openssh-5.9p1/auth2-gss.c.required-authentication openssh-5.9p1/auth2-gss.c --- openssh-5.9p1/auth2-gss.c.required-authentication 2011-05-05 06:04:11.000000000 +0200 -+++ openssh-5.9p1/auth2-gss.c 2012-03-30 18:38:00.005184630 +0200 ++++ openssh-5.9p1/auth2-gss.c 2012-07-27 12:21:41.206602026 +0200 @@ -163,7 +163,7 @@ input_gssapi_token(int type, u_int32_t p } authctxt->postponed = 0; @@ -483,7 +484,7 @@ diff -up openssh-5.9p1/auth2-gss.c.required-authentication openssh-5.9p1/auth2-g Authmethod method_gssapi = { diff -up openssh-5.9p1/auth2-chall.c.required-authentication openssh-5.9p1/auth2-chall.c --- openssh-5.9p1/auth2-chall.c.required-authentication 2009-01-28 06:13:39.000000000 +0100 -+++ openssh-5.9p1/auth2-chall.c 2012-03-30 19:25:49.049897712 +0200 ++++ openssh-5.9p1/auth2-chall.c 2012-07-27 12:21:41.206602026 +0200 @@ -341,7 +341,8 @@ input_userauth_info_response(int type, u auth2_challenge_start(authctxt); } @@ -496,7 +497,7 @@ diff -up openssh-5.9p1/auth2-chall.c.required-authentication openssh-5.9p1/auth2 diff -up openssh-5.9p1/auth2-none.c.required-authentication openssh-5.9p1/auth2-none.c --- openssh-5.9p1/auth2-none.c.required-authentication 2010-06-26 02:01:33.000000000 +0200 -+++ openssh-5.9p1/auth2-none.c 2012-03-30 18:38:00.006184515 +0200 ++++ openssh-5.9p1/auth2-none.c 2012-07-27 12:21:41.207602028 +0200 @@ -61,7 +61,7 @@ userauth_none(Authctxt *authctxt) { none_enabled = 0; @@ -507,8 +508,8 @@ diff -up openssh-5.9p1/auth2-none.c.required-authentication openssh-5.9p1/auth2- return (0); } diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c ---- openssh-5.9p1/monitor.c.required-authentication 2012-03-30 18:37:59.976189954 +0200 -+++ openssh-5.9p1/monitor.c 2012-03-30 18:38:04.555127442 +0200 +--- openssh-5.9p1/monitor.c.required-authentication 2012-07-27 12:21:41.161601930 +0200 ++++ openssh-5.9p1/monitor.c 2012-07-27 12:51:18.884927066 +0200 @@ -199,6 +199,7 @@ static int key_blobtype = MM_NOKEY; static char *hostbased_cuser = NULL; static char *hostbased_chost = NULL; @@ -517,12 +518,10 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c static u_int session_id2_len = 0; static u_char *session_id2 = NULL; static pid_t monitor_child_pid; -@@ -352,7 +353,8 @@ void - monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) +@@ -353,6 +354,7 @@ monitor_child_preauth(Authctxt *_authctx { struct mon_table *ent; -- int authenticated = 0; -+ int no_increment, authenticated = 0; + int authenticated = 0; + char **req_auth; debug3("preauth child monitor started"); @@ -542,43 +541,45 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); } -@@ -380,6 +384,8 @@ monitor_child_preauth(Authctxt *_authctx +@@ -380,6 +384,7 @@ monitor_child_preauth(Authctxt *_authctx /* The first few requests do not require asynchronous access */ while (!authenticated) { auth_method = "unknown"; + auth_submethod = NULL; -+ no_increment = 1; authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); if (authenticated) { if (!(ent->flags & MON_AUTHDECIDE)) -@@ -401,11 +407,24 @@ monitor_child_preauth(Authctxt *_authctx +@@ -401,10 +406,19 @@ monitor_child_preauth(Authctxt *_authctx } #endif } + /* Loop until the required authmethods are done */ + if (authenticated && *req_auth != NULL) { -+ if (auth_remove_from_list(req_auth, auth_method) != 1) ++ if (auth_remove_from_list(req_auth, auth_method) == 0) + fatal("INTERNAL ERROR: authenticated method " + "\"%s\" not in required list \"%s\"", + auth_method, *req_auth); + debug2("monitor_child_preauth: required list now: %s", + *req_auth == NULL ? "DONE" : *req_auth); -+ if (*req_auth != NULL) { -+ authenticated = 0; -+ no_increment = 1; -+ } + } if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { auth_log(authctxt, authenticated, auth_method, - compat20 ? " ssh2" : ""); -- if (!authenticated) + auth_submethod, compat20 ? " ssh2" : ""); -+ if (!authenticated && !no_increment) + if (!authenticated) authctxt->failures++; } - #ifdef JPAKE -@@ -862,6 +881,7 @@ mm_answer_authpassword(int sock, Buffer +@@ -417,6 +431,8 @@ monitor_child_preauth(Authctxt *_authctx + } + } + #endif ++ if (*req_auth != NULL) ++ authenticated = 0; + } + + /* Drain any buffered messages from the child */ +@@ -862,6 +878,7 @@ mm_answer_authpassword(int sock, Buffer auth_method = "none"; else auth_method = "password"; @@ -586,7 +587,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c /* Causes monitor loop to terminate if authenticated */ return (authenticated); -@@ -921,6 +941,7 @@ mm_answer_bsdauthrespond(int sock, Buffe +@@ -921,6 +938,7 @@ mm_answer_bsdauthrespond(int sock, Buffe mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); auth_method = "bsdauth"; @@ -594,7 +595,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c return (authok != 0); } -@@ -970,6 +991,7 @@ mm_answer_skeyrespond(int sock, Buffer * +@@ -970,6 +988,7 @@ mm_answer_skeyrespond(int sock, Buffer * mm_request_send(sock, MONITOR_ANS_SKEYRESPOND, m); auth_method = "skey"; @@ -602,7 +603,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c return (authok != 0); } -@@ -1059,7 +1081,8 @@ mm_answer_pam_query(int sock, Buffer *m) +@@ -1059,7 +1078,8 @@ mm_answer_pam_query(int sock, Buffer *m) xfree(prompts); if (echo_on != NULL) xfree(echo_on); @@ -612,7 +613,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m); return (0); } -@@ -1088,7 +1111,8 @@ mm_answer_pam_respond(int sock, Buffer * +@@ -1088,7 +1108,8 @@ mm_answer_pam_respond(int sock, Buffer * buffer_clear(m); buffer_put_int(m, ret); mm_request_send(sock, MONITOR_ANS_PAM_RESPOND, m); @@ -622,7 +623,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c if (ret == 0) sshpam_authok = sshpam_ctxt; return (0); -@@ -1102,7 +1126,8 @@ mm_answer_pam_free_ctx(int sock, Buffer +@@ -1102,7 +1123,8 @@ mm_answer_pam_free_ctx(int sock, Buffer (sshpam_device.free_ctx)(sshpam_ctxt); buffer_clear(m); mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); @@ -632,7 +633,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c return (sshpam_authok == sshpam_ctxt); } #endif -@@ -1138,6 +1163,7 @@ mm_answer_keyallowed(int sock, Buffer *m +@@ -1138,6 +1160,7 @@ mm_answer_keyallowed(int sock, Buffer *m allowed = options.pubkey_authentication && user_key_allowed(authctxt->pw, key); auth_method = "publickey"; @@ -640,7 +641,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c if (options.pubkey_authentication && allowed != 1) auth_clear_options(); break; -@@ -1146,6 +1172,7 @@ mm_answer_keyallowed(int sock, Buffer *m +@@ -1146,6 +1169,7 @@ mm_answer_keyallowed(int sock, Buffer *m hostbased_key_allowed(authctxt->pw, cuser, chost, key); auth_method = "hostbased"; @@ -648,7 +649,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c break; case MM_RSAHOSTKEY: key->type = KEY_RSA1; /* XXX */ -@@ -1155,6 +1182,7 @@ mm_answer_keyallowed(int sock, Buffer *m +@@ -1155,6 +1179,7 @@ mm_answer_keyallowed(int sock, Buffer *m if (options.rhosts_rsa_authentication && allowed != 1) auth_clear_options(); auth_method = "rsa"; @@ -656,7 +657,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c break; default: fatal("%s: unknown key type %d", __func__, type); -@@ -1180,7 +1208,8 @@ mm_answer_keyallowed(int sock, Buffer *m +@@ -1180,7 +1205,8 @@ mm_answer_keyallowed(int sock, Buffer *m hostbased_chost = chost; } else { /* Log failed attempt */ @@ -666,7 +667,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c xfree(blob); xfree(cuser); xfree(chost); -@@ -1356,6 +1385,7 @@ mm_answer_keyverify(int sock, Buffer *m) +@@ -1356,6 +1382,7 @@ mm_answer_keyverify(int sock, Buffer *m) xfree(data); auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; @@ -674,7 +675,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c monitor_reset_key_state(); -@@ -1545,6 +1575,7 @@ mm_answer_rsa_keyallowed(int sock, Buffe +@@ -1545,6 +1572,7 @@ mm_answer_rsa_keyallowed(int sock, Buffe debug3("%s entering", __func__); auth_method = "rsa"; @@ -682,7 +683,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c if (options.rsa_authentication && authctxt->valid) { if ((client_n = BN_new()) == NULL) fatal("%s: BN_new", __func__); -@@ -1650,6 +1681,7 @@ mm_answer_rsa_response(int sock, Buffer +@@ -1650,6 +1678,7 @@ mm_answer_rsa_response(int sock, Buffer xfree(response); auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; @@ -690,7 +691,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c /* reset state */ BN_clear_free(ssh1_challenge); -@@ -2099,6 +2131,7 @@ mm_answer_gss_userok(int sock, Buffer *m +@@ -2099,6 +2128,7 @@ mm_answer_gss_userok(int sock, Buffer *m mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m); auth_method = "gssapi-with-mic"; @@ -698,7 +699,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c /* Monitor loop will terminate if authenticated */ return (authenticated); -@@ -2303,6 +2336,7 @@ mm_answer_jpake_check_confirm(int sock, +@@ -2303,6 +2333,7 @@ mm_answer_jpake_check_confirm(int sock, monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 1); auth_method = "jpake-01@openssh.com"; @@ -707,8 +708,8 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c } diff -up openssh-5.9p1/servconf.c.required-authentication openssh-5.9p1/servconf.c ---- openssh-5.9p1/servconf.c.required-authentication 2012-03-30 18:37:59.981184513 +0200 -+++ openssh-5.9p1/servconf.c 2012-03-30 18:38:04.558121635 +0200 +--- openssh-5.9p1/servconf.c.required-authentication 2012-07-27 12:21:41.167601942 +0200 ++++ openssh-5.9p1/servconf.c 2012-07-27 12:21:41.209602032 +0200 @@ -42,6 +42,8 @@ #include "key.h" #include "kex.h" @@ -718,7 +719,7 @@ diff -up openssh-5.9p1/servconf.c.required-authentication openssh-5.9p1/servconf #include "match.h" #include "channels.h" #include "groupaccess.h" -@@ -129,6 +131,8 @@ initialize_server_options(ServerOptions +@@ -129,6 +131,8 @@ initialize_server_options(ServerOptions options->num_authkeys_files = 0; options->num_accept_env = 0; options->permit_tun = -1; @@ -780,7 +781,7 @@ diff -up openssh-5.9p1/servconf.c.required-authentication openssh-5.9p1/servconf goto parse_int; diff -up openssh-5.9p1/servconf.h.required-authentication openssh-5.9p1/servconf.h --- openssh-5.9p1/servconf.h.required-authentication 2011-06-23 00:30:03.000000000 +0200 -+++ openssh-5.9p1/servconf.h 2012-03-30 18:38:00.009184624 +0200 ++++ openssh-5.9p1/servconf.h 2012-07-27 12:21:41.210602035 +0200 @@ -154,6 +154,9 @@ typedef struct { u_int num_authkeys_files; /* Files containing public keys */ char *authorized_keys_files[MAX_AUTHKEYS_FILES]; @@ -793,7 +794,7 @@ diff -up openssh-5.9p1/servconf.h.required-authentication openssh-5.9p1/servconf int use_pam; /* Enable auth via PAM */ diff -up openssh-5.9p1/sshd_config.5.required-authentication openssh-5.9p1/sshd_config.5 --- openssh-5.9p1/sshd_config.5.required-authentication 2011-08-05 22:17:33.000000000 +0200 -+++ openssh-5.9p1/sshd_config.5 2012-03-30 18:38:00.009184624 +0200 ++++ openssh-5.9p1/sshd_config.5 2012-07-27 12:38:47.607222070 +0200 @@ -723,6 +723,8 @@ Available keywords are .Cm PermitOpen , .Cm PermitRootLogin , @@ -808,7 +809,7 @@ diff -up openssh-5.9p1/sshd_config.5.required-authentication openssh-5.9p1/sshd_ Note that if this file is not readable, then public key authentication will be refused for all users. +.It Cm RequiredAuthentications[12] -+ Requires two authentication methods to succeed before authorizing the connection. ++ Specifies required methods of authentications that has to succeed before authorizing the connection. + (RequiredAuthentication1 for Protocol version 1, and RequiredAuthentication2 for v2) + + RequiredAuthentications1 method[,method...]