Bug 2270 - AuthenticationMethods - partial success is considered as failure
Summary: AuthenticationMethods - partial success is considered as failure
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 6.6p1
Hardware: Other Linux
: P5 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_6_8
  Show dependency treegraph
 
Reported: 2014-09-04 23:04 AEST by Petr Lautrbach
Modified: 2015-03-18 18:17 AEDT (History)
1 user (show)

See Also:

Attachments
don't increment failures in case of partial success (632 bytes, patch)
2014-09-04 23:04 AEST, Petr Lautrbach 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Petr Lautrbach 2014-09-04 23:04:04 AEST 
Created attachment 2468 [details]
don't increment failures in case of partial success

sshd logs auth failure even if there was no failed attempt in authenticationthat when using AuthenticationMethods, see logs:

debug3: userauth_finish: failure partial=0 next methods="password" [preauth]
debug1: userauth-request for user plautrba service ssh-connection method password [preauth]
debug1: attempt 1 failures 0 [preauth]
...
debug3: userauth_finish: failure partial=1 next methods="publickey" [preauth]
debug1: userauth-request for user plautrba service ssh-connection method publickey [preauth]
debug1: attempt 2 failures 1 [preauth]


The problem is in the auth2.c code which doesn't take into account partial success and increments authctxt->failures as authenticated is set to 0.
Comment 1 Petr Lautrbach 2014-12-22 21:49:19 AEDT 
I believe this is fixed in the latest tree. Thanks.

commit 058f839fe15c51be8b3a844a76ab9a8db550be4f
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Dec 18 23:58:04 2014 +0000

    upstream commit
    
    don't count partial authentication success as a failure
     against MaxAuthTries; ok deraadt@
Comment 2 Damien Miller 2015-03-18 18:17:10 AEDT 
openssh-6.8 is released