upstream commit

don't count partial authentication success as a failure against MaxAuthTries; ok deraadt@
author: djm@openbsd.org <djm@openbsd.org> 2014-12-18 23:58:04 +0000
committer: Damien Miller <djm@mindrot.org> 2014-12-22 09:31:19 +1100
commit: 058f839fe15c51be8b3a844a76ab9a8db550be4f (patch)
tree: d533f30b21a08a4b686a716db9fdf22ff206fa03 /auth2.c
parent: c7219f4f54d64d6dde66dbcf7a2699daa782d2a1 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/auth2.c b/auth2.c
index d9b440ae3..3a803e697 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.132 2014/07/15 15:54:14 millert Exp $ */
+/* $OpenBSD: auth2.c,v 1.133 2014/12/18 23:58:04 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -356,7 +356,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
        } else {
                /* Allow initial try of "none" auth without failure penalty */
-                if (!authctxt->server_caused_failure &&
+                if (!partial && !authctxt->server_caused_failure &&
                    (authctxt->attempt > 1 || strcmp(method, "none") != 0))
                        authctxt->failures++;
                if (authctxt->failures >= options.max_authtries) {
author	djm@openbsd.org <djm@openbsd.org>	2014-12-18 23:58:04 +0000
committer	Damien Miller <djm@mindrot.org>	2014-12-22 09:31:19 +1100
commit	058f839fe15c51be8b3a844a76ab9a8db550be4f (patch)
tree	d533f30b21a08a4b686a716db9fdf22ff206fa03 /auth2.c
parent	c7219f4f54d64d6dde66dbcf7a2699daa782d2a1 (diff)

diff --git a/auth2.c b/auth2.c index d9b440ae3..3a803e697 100644 --- a/auth2.c +++ b/auth2.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: auth2.c,v 1.132 2014/07/15 15:54:14 millert Exp $ */	1	/* $OpenBSD: auth2.c,v 1.133 2014/12/18 23:58:04 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	*	4	*
@@ -356,7 +356,7 @@ userauth_finish(Authctxt authctxt, int authenticated, const char method,
356	} else {	356	} else {
357		357
358	/* Allow initial try of "none" auth without failure penalty */	358	/* Allow initial try of "none" auth without failure penalty */
359	if (!authctxt->server_caused_failure &&	359	if (!partial && !authctxt->server_caused_failure &&
360	(authctxt->attempt > 1 \|\| strcmp(method, "none") != 0))	360	(authctxt->attempt > 1 \|\| strcmp(method, "none") != 0))
361	authctxt->failures++;	361	authctxt->failures++;
362	if (authctxt->failures >= options.max_authtries) {	362	if (authctxt->failures >= options.max_authtries) {