summaryrefslogtreecommitdiff
path: root/regress/.cvsignore
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2008-07-02 22:56:09 +1000
committerDarren Tucker <dtucker@zip.com.au>2008-07-02 22:56:09 +1000
commit4230a5dc305d1b39bc118befcc1ccfe933281b75 (patch)
tree68bd413a4e590c6aae5ea8e0b90c76baf933a7e6 /regress/.cvsignore
parent33c787f23c0267c679ad3e3f8bc4679c6ced5ea3 (diff)
- djm@cvs.openbsd.org 2008/07/02 12:36:39
[auth2-none.c auth2.c] Make protocol 2 MaxAuthTries behaviour a little more sensible: Check whether client has exceeded MaxAuthTries before running an authentication method and skip it if they have, previously it would always allow one try (for "none" auth). Preincrement failure count before post-auth test - previously this checked and postincremented, also to allow one "none" try. Together, these two changes always count the "none" auth method which could be skipped by a malicious client (e.g. an SSH worm) to get an extra attempt at a real auth method. They also make MaxAuthTries=0 a useful way to block users entirely (esp. in a sshd_config Match block). Also, move sending of any preauth banner from "none" auth method to the first call to input_userauth_request(), so worms that skip the "none" method get to see it too.
Diffstat (limited to 'regress/.cvsignore')
0 files changed, 0 insertions, 0 deletions