- djm@cvs.openbsd.org 2008/07/04 23:08:25
[packet.c]
handle EINTR in packet_write_poll()l ok dtucker@
+ - djm@cvs.openbsd.org 2008/07/04 23:30:16
+ [auth1.c auth2.c]
+ Make protocol 1 MaxAuthTries logic match protocol 2's.
+ Do not treat the first protocol 2 authentication attempt as
+ a failure IFF it is for method "none".
+ Makes MaxAuthTries' user-visible behaviour identical for
+ protocol 1 vs 2.
+ ok dtucker@
20080704
- (dtucker) OpenBSD CVS Sync
-/* $OpenBSD: auth1.c,v 1.72 2008/05/08 12:02:23 djm Exp $ */
+/* $OpenBSD: auth1.c,v 1.73 2008/07/04 23:30:16 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
type != SSH_CMSG_AUTH_TIS_RESPONSE)
abandon_challenge_response(authctxt);
+ if (authctxt->failures >= options.max_authtries)
+ goto skip;
if ((meth = lookup_authmethod1(type)) == NULL) {
logit("Unknown message during authentication: "
"type %d", type);
if (authenticated)
return;
- if (authctxt->failures++ > options.max_authtries) {
+ if (++authctxt->failures >= options.max_authtries) {
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
#endif
-/* $OpenBSD: auth2.c,v 1.118 2008/07/02 13:30:34 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.119 2008/07/04 23:30:16 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
#include <unistd.h>
#include "xmalloc.h"
+#include "atomicio.h"
#include "ssh2.h"
#include "packet.h"
#include "log.h"
/* now we can break out */
authctxt->success = 1;
} else {
- if (++authctxt->failures >= options.max_authtries) {
+
+ /* Allow initial try of "none" auth without failure penalty */
+ if (authctxt->attempt > 1 || strcmp(method, "none") != 0)
+ authctxt->failures++;
+ if (authctxt->failures >= options.max_authtries) {
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
#endif