mirror of git://anongit.mindrot.org/openssh.git
upstream: eliminate function-static attempt counters for
passwd/kbdint authmethods by moving them to the client authctxt; Patch from Markus Schmidt, ok markus@ OpenBSD-Commit-ID: 4df4404a5d5416eb056f68e0e2f4fa91ba3b3f7f
This commit is contained in:
djm@openbsd.org
Damien Miller
parent
8a8183474c
commit
4a526941d3
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sshconnect2.c,v 1.291 2018/12/27 03:25:25 djm Exp $ */
|
||||
/* $OpenBSD: sshconnect2.c,v 1.292 2019/01/04 03:27:50 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2008 Damien Miller. All rights reserved.
|
||||
|
|
@ -264,7 +264,6 @@ struct cauthctxt {
|
|||
struct cauthmethod *method;
|
||||
sig_atomic_t success;
|
||||
char *authlist;
|
||||
int attempt;
|
||||
/* pubkey */
|
||||
struct idlist keys;
|
||||
int agent_fd;
|
||||
|
|
@ -274,6 +273,9 @@ struct cauthctxt {
|
|||
const char *active_ktype;
|
||||
/* kbd-interactive */
|
||||
int info_req_seen;
|
||||
int attempt_kbdint;
|
||||
/* password */
|
||||
int attempt_passwd;
|
||||
/* generic */
|
||||
void *methoddata;
|
||||
};
|
||||
|
|
@ -385,6 +387,8 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
|
|||
authctxt.sensitive = sensitive;
|
||||
authctxt.active_ktype = authctxt.oktypes = authctxt.ktypes = NULL;
|
||||
authctxt.info_req_seen = 0;
|
||||
authctxt.attempt_kbdint = 0;
|
||||
authctxt.attempt_passwd = 0;
|
||||
authctxt.agent_fd = -1;
|
||||
pubkey_prepare(&authctxt);
|
||||
if (authctxt.method == NULL) {
|
||||
|
|
@ -954,16 +958,15 @@ int
|
|||
userauth_passwd(Authctxt *authctxt)
|
||||
{
|
||||
struct ssh *ssh = active_state; /* XXX */
|
||||
static int attempt = 0;
|
||||
char *password, *prompt = NULL;
|
||||
const char *host = options.host_key_alias ? options.host_key_alias :
|
||||
authctxt->host;
|
||||
int r;
|
||||
|
||||
if (attempt++ >= options.number_of_password_prompts)
|
||||
if (authctxt->attempt_passwd++ >= options.number_of_password_prompts)
|
||||
return 0;
|
||||
|
||||
if (attempt != 1)
|
||||
if (authctxt->attempt_passwd != 1)
|
||||
error("Permission denied, please try again.");
|
||||
|
||||
xasprintf(&prompt, "%s@%s's password: ", authctxt->server_user, host);
|
||||
|
|
@ -1705,13 +1708,12 @@ int
|
|||
userauth_kbdint(Authctxt *authctxt)
|
||||
{
|
||||
struct ssh *ssh = active_state; /* XXX */
|
||||
static int attempt = 0;
|
||||
int r;
|
||||
|
||||
if (attempt++ >= options.number_of_password_prompts)
|
||||
if (authctxt->attempt_kbdint++ >= options.number_of_password_prompts)
|
||||
return 0;
|
||||
/* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
|
||||
if (attempt > 1 && !authctxt->info_req_seen) {
|
||||
if (authctxt->attempt_kbdint > 1 && !authctxt->info_req_seen) {
|
||||
debug3("userauth_kbdint: disable: no info_req_seen");
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
|
||||
return 0;
|
||||
|
|
|
|||
Loading…
Reference in New Issue