From ce2d80b4e72c6770212d2581e601cf8d653e7897 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Sep 04 2014 14:33:25 +0000
Subject: don't consider a partial success as a failure


---

diff --git a/openssh-6.6.1p1-partial-success.patch b/openssh-6.6.1p1-partial-success.patch
new file mode 100644
index 0000000..b5c61cf
--- /dev/null
+++ b/openssh-6.6.1p1-partial-success.patch
@@ -0,0 +1,16 @@
+diff --git a/auth2.c b/auth2.c
+index d9b440a..ec0bf12 100644
+--- a/auth2.c
++++ b/auth2.c
+@@ -355,8 +355,9 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
+ 		authctxt->success = 1;
+ 	} else {
+ 
+-		/* Allow initial try of "none" auth without failure penalty */
+-		if (!authctxt->server_caused_failure &&
++		/* Allow initial try of "none" auth without failure penalty
++		 * Partial succes is not failure */
++		if (!authctxt->server_caused_failure && !partial &&
+ 		    (authctxt->attempt > 1 || strcmp(method, "none") != 0))
+ 			authctxt->failures++;
+ 		if (authctxt->failures >= options.max_authtries) {
diff --git a/openssh.spec b/openssh.spec
index 9bf38a0..813bc11 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -198,6 +198,9 @@ Patch911: openssh-6.6p1-set_remote_ipaddr.patch
 # https://bugzilla.mindrot.org/show_bug.cgi?id=2058
 # slightly changed patch from comment 10
 Patch912: openssh-6.6.1p1-utf8-banner.patch
+# don't consider a partial success as a failure
+# https://bugzilla.mindrot.org/show_bug.cgi?id=2270
+Patch913: openssh-6.6.1p1-partial-success.patch
 
 
 License: BSD
@@ -405,6 +408,7 @@ popd
 %patch910 -p1 -b .NI_MAXHOST
 %patch911 -p1 -b .set_remote_ipaddr
 %patch912 -p1 -b .utf8-banner
+%patch913 -p1 -b .partial-success
 
 %patch200 -p1 -b .audit
 %patch700 -p1 -b .fips