import openssh-5.2p1-gsskex-all-20090726.patch

1 files changed, 13 insertions, 2 deletions

diff --git a/auth2.c b/auth2.c
index 3ee44014d..31ae31e0c 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.119 2008/07/04 23:30:16 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.120 2008/11/04 08:22:12 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -72,6 +72,9 @@ extern Authmethod method_hostbased;
 extern Authmethod method_gsskeyex;
 extern Authmethod method_gssapi;
 #endif
+#ifdef JPAKE
+extern Authmethod method_jpake;
+#endif
 
 Authmethod *authmethods[] = {
         &method_none,
@@ -80,6 +83,9 @@ Authmethod *authmethods[] = {
         &method_gsskeyex,
         &method_gssapi,
 #endif
+#ifdef JPAKE
+        &method_jpake,
+#endif
         &method_passwd,
         &method_kbdint,
         &method_hostbased,
@@ -259,8 +265,12 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
         }
         /* reset state */
         auth2_challenge_stop(authctxt);
+#ifdef JPAKE
+        auth2_jpake_stop(authctxt);
+#endif
 
 #ifdef GSSAPI
+        /* XXX move to auth2_gssapi_stop() */
         dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
         dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
 #endif
@@ -339,7 +349,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
         } else {
 
                 /* Allow initial try of "none" auth without failure penalty */
-                if (authctxt->attempt > 1 || strcmp(method, "none") != 0)
+                if (!authctxt->server_caused_failure &&
+                    (authctxt->attempt > 1 || strcmp(method, "none") != 0))
                         authctxt->failures++;
                 if (authctxt->failures >= options.max_authtries) {
 #ifdef SSH_AUDIT_EVENTS