X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/3165286982a9ab28fd80125b2fb2608716fb37db..dc11a83afe9daca9d29ef753205ad8479550b750:/auth1.c diff --git a/auth1.c b/auth1.c index 34dcf626..1801661f 100644 --- a/auth1.c +++ b/auth1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth1.c,v 1.70 2006/08/03 03:34:41 deraadt Exp $ */ +/* $OpenBSD: auth1.c,v 1.73 2008/07/04 23:30:16 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -14,11 +14,13 @@ #include +#include #include #include #include #include +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "rsa.h" #include "ssh1.h" @@ -282,6 +284,8 @@ do_authloop(Authctxt *authctxt) type != SSH_CMSG_AUTH_TIS_RESPONSE) abandon_challenge_response(authctxt); + if (authctxt->failures >= options.max_authtries) + goto skip; if ((meth = lookup_authmethod1(type)) == NULL) { logit("Unknown message during authentication: " "type %d", type); @@ -314,15 +318,7 @@ do_authloop(Authctxt *authctxt) } #endif /* _UNICOS */ -#ifdef HAVE_CYGWIN - if (authenticated && - !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, - authctxt->pw)) { - packet_disconnect("Authentication rejected for uid %d.", - authctxt->pw == NULL ? -1 : authctxt->pw->pw_uid); - authenticated = 0; - } -#else +#ifndef HAVE_CYGWIN /* Special handling for root */ if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed(meth->name)) { @@ -350,7 +346,7 @@ do_authloop(Authctxt *authctxt) msg[len] = '\0'; else msg = "Access denied."; - packet_disconnect(msg); + packet_disconnect("%s", msg); } #endif @@ -366,7 +362,7 @@ do_authloop(Authctxt *authctxt) if (authenticated) return; - if (authctxt->failures++ > options.max_authtries) { + if (++authctxt->failures >= options.max_authtries) { #ifdef SSH_AUDIT_EVENTS PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); #endif