diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2016-07-18 09:33:25 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2016-07-18 09:33:25 +1000 |
| commit | 01558b7b07af43da774d3a11a5c51fa9c310849d (patch) | |
| tree | 97052332089b01018034206d1dcd683c4177f787 /auth-pam.h | |
| parent | 65c6c6b567ab5ab12945a5ad8e0ab3a8c26119cc (diff) | |
Handle PAM_MAXTRIES from modules.
bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer
password and keyboard-interative authentication methods. Should prevent
"sshd ignoring max retries" warnings in the log. ok djm@
It probably won't trigger with keyboard-interactive in the default
configuration because the retry counter is stored in module-private
storage which goes away with the sshd PAM process (see bz#688). On the
other hand, those cases probably won't log a warning either.
Diffstat (limited to 'auth-pam.h')
| -rw-r--r-- | auth-pam.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/auth-pam.h b/auth-pam.h index a1a2b52d8..2e9a0c0a3 100644 --- a/auth-pam.h +++ b/auth-pam.h | |||
| @@ -45,6 +45,8 @@ void free_pam_environment(char **); | |||
| 45 | void sshpam_thread_cleanup(void); | 45 | void sshpam_thread_cleanup(void); |
| 46 | void sshpam_cleanup(void); | 46 | void sshpam_cleanup(void); |
| 47 | int sshpam_auth_passwd(Authctxt *, const char *); | 47 | int sshpam_auth_passwd(Authctxt *, const char *); |
| 48 | int sshpam_get_maxtries_reached(void); | ||
| 49 | void sshpam_set_maxtries_reached(int); | ||
| 48 | int is_pam_session_open(void); | 50 | int is_pam_session_open(void); |
| 49 | 51 | ||
| 50 | #endif /* USE_PAM */ | 52 | #endif /* USE_PAM */ |