summaryrefslogtreecommitdiff
path: root/auth2.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2011-05-05 14:04:11 +1000
committerDamien Miller <djm@mindrot.org>2011-05-05 14:04:11 +1000
commit3fcdfd55a3a3a16342a4f110f2dc1ba998526e47 (patch)
tree196bccd2c94acf3023ec513cf0ebe6cf40d215b0 /auth2.c
parentf22019bdbfb986daf24428a9d37f9fe9bb3ff7ad (diff)
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/03/10 02:52:57 [auth2-gss.c auth2.c] allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
Diffstat (limited to 'auth2.c')
-rw-r--r--auth2.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/auth2.c b/auth2.c
index 95820f96f..c06c95f06 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2.c,v 1.122 2010/08/31 09:58:37 djm Exp $ */ 1/* $OpenBSD: auth2.c,v 1.123 2011/03/10 02:52:57 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -274,6 +274,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
274#endif 274#endif
275 275
276 authctxt->postponed = 0; 276 authctxt->postponed = 0;
277 authctxt->server_caused_failure = 0;
277 278
278 /* try to authenticate user */ 279 /* try to authenticate user */
279 m = authmethod_lookup(method); 280 m = authmethod_lookup(method);
@@ -346,7 +347,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
346 } else { 347 } else {
347 348
348 /* Allow initial try of "none" auth without failure penalty */ 349 /* Allow initial try of "none" auth without failure penalty */
349 if (authctxt->attempt > 1 || strcmp(method, "none") != 0) 350 if (!authctxt->server_caused_failure &&
351 (authctxt->attempt > 1 || strcmp(method, "none") != 0))
350 authctxt->failures++; 352 authctxt->failures++;
351 if (authctxt->failures >= options.max_authtries) { 353 if (authctxt->failures >= options.max_authtries) {
352#ifdef SSH_AUDIT_EVENTS 354#ifdef SSH_AUDIT_EVENTS