diff options
author | Damien Miller <djm@mindrot.org> | 2011-05-05 14:04:11 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2011-05-05 14:04:11 +1000 |
commit | 3fcdfd55a3a3a16342a4f110f2dc1ba998526e47 (patch) | |
tree | 196bccd2c94acf3023ec513cf0ebe6cf40d215b0 /auth2.c | |
parent | f22019bdbfb986daf24428a9d37f9fe9bb3ff7ad (diff) |
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/03/10 02:52:57
[auth2-gss.c auth2.c]
allow GSSAPI authentication to detect when a server-side failure causes
authentication failure and don't count such failures against MaxAuthTries;
bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
Diffstat (limited to 'auth2.c')
-rw-r--r-- | auth2.c | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2.c,v 1.122 2010/08/31 09:58:37 djm Exp $ */ | 1 | /* $OpenBSD: auth2.c,v 1.123 2011/03/10 02:52:57 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -274,6 +274,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) | |||
274 | #endif | 274 | #endif |
275 | 275 | ||
276 | authctxt->postponed = 0; | 276 | authctxt->postponed = 0; |
277 | authctxt->server_caused_failure = 0; | ||
277 | 278 | ||
278 | /* try to authenticate user */ | 279 | /* try to authenticate user */ |
279 | m = authmethod_lookup(method); | 280 | m = authmethod_lookup(method); |
@@ -346,7 +347,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) | |||
346 | } else { | 347 | } else { |
347 | 348 | ||
348 | /* Allow initial try of "none" auth without failure penalty */ | 349 | /* Allow initial try of "none" auth without failure penalty */ |
349 | if (authctxt->attempt > 1 || strcmp(method, "none") != 0) | 350 | if (!authctxt->server_caused_failure && |
351 | (authctxt->attempt > 1 || strcmp(method, "none") != 0)) | ||
350 | authctxt->failures++; | 352 | authctxt->failures++; |
351 | if (authctxt->failures >= options.max_authtries) { | 353 | if (authctxt->failures >= options.max_authtries) { |
352 | #ifdef SSH_AUDIT_EVENTS | 354 | #ifdef SSH_AUDIT_EVENTS |