mirror of git://anongit.mindrot.org/openssh.git
- djm@cvs.openbsd.org 2008/07/04 23:30:16
[auth1.c auth2.c] Make protocol 1 MaxAuthTries logic match protocol 2's. Do not treat the first protocol 2 authentication attempt as a failure IFF it is for method "none". Makes MaxAuthTries' user-visible behaviour identical for protocol 1 vs 2. ok dtucker@
This commit is contained in:
parent
d874fa517b
commit
0b4d48ba74
10
ChangeLog
10
ChangeLog
|
@ -9,6 +9,14 @@
|
|||
- djm@cvs.openbsd.org 2008/07/04 23:08:25
|
||||
[packet.c]
|
||||
handle EINTR in packet_write_poll()l ok dtucker@
|
||||
- djm@cvs.openbsd.org 2008/07/04 23:30:16
|
||||
[auth1.c auth2.c]
|
||||
Make protocol 1 MaxAuthTries logic match protocol 2's.
|
||||
Do not treat the first protocol 2 authentication attempt as
|
||||
a failure IFF it is for method "none".
|
||||
Makes MaxAuthTries' user-visible behaviour identical for
|
||||
protocol 1 vs 2.
|
||||
ok dtucker@
|
||||
|
||||
20080704
|
||||
- (dtucker) OpenBSD CVS Sync
|
||||
|
@ -4582,4 +4590,4 @@
|
|||
OpenServer 6 and add osr5bigcrypt support so when someone migrates
|
||||
passwords between UnixWare and OpenServer they will still work. OK dtucker@
|
||||
|
||||
$Id: ChangeLog,v 1.5061 2008/07/04 23:40:56 djm Exp $
|
||||
$Id: ChangeLog,v 1.5062 2008/07/04 23:44:53 djm Exp $
|
||||
|
|
6
auth1.c
6
auth1.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth1.c,v 1.72 2008/05/08 12:02:23 djm Exp $ */
|
||||
/* $OpenBSD: auth1.c,v 1.73 2008/07/04 23:30:16 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
|
@ -284,6 +284,8 @@ do_authloop(Authctxt *authctxt)
|
|||
type != SSH_CMSG_AUTH_TIS_RESPONSE)
|
||||
abandon_challenge_response(authctxt);
|
||||
|
||||
if (authctxt->failures >= options.max_authtries)
|
||||
goto skip;
|
||||
if ((meth = lookup_authmethod1(type)) == NULL) {
|
||||
logit("Unknown message during authentication: "
|
||||
"type %d", type);
|
||||
|
@ -368,7 +370,7 @@ do_authloop(Authctxt *authctxt)
|
|||
if (authenticated)
|
||||
return;
|
||||
|
||||
if (authctxt->failures++ > options.max_authtries) {
|
||||
if (++authctxt->failures >= options.max_authtries) {
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
|
||||
#endif
|
||||
|
|
9
auth2.c
9
auth2.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2.c,v 1.118 2008/07/02 13:30:34 djm Exp $ */
|
||||
/* $OpenBSD: auth2.c,v 1.119 2008/07/04 23:30:16 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -36,6 +36,7 @@
|
|||
#include <unistd.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "atomicio.h"
|
||||
#include "ssh2.h"
|
||||
#include "packet.h"
|
||||
#include "log.h"
|
||||
|
@ -333,7 +334,11 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
|
|||
/* now we can break out */
|
||||
authctxt->success = 1;
|
||||
} else {
|
||||
if (++authctxt->failures >= options.max_authtries) {
|
||||
|
||||
/* Allow initial try of "none" auth without failure penalty */
|
||||
if (authctxt->attempt > 1 || strcmp(method, "none") != 0)
|
||||
authctxt->failures++;
|
||||
if (authctxt->failures >= options.max_authtries) {
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
|
||||
#endif
|
||||
|
|
Loading…
Reference in New Issue