diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2019-01-04 03:27:50 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-01-04 14:29:37 +1100 |
| commit | 4a526941d328fc3d97068c6a4cbd9b71b70fe5e1 (patch) | |
| tree | 4b622c692639d3a64e644bc0a0c6e258f65373d3 /sshconnect2.c | |
| parent | 8a8183474c41bd6cebaa917346b549af2239ba2f (diff) | |
upstream: eliminate function-static attempt counters for
passwd/kbdint authmethods by moving them to the client authctxt; Patch from
Markus Schmidt, ok markus@
OpenBSD-Commit-ID: 4df4404a5d5416eb056f68e0e2f4fa91ba3b3f7f
Diffstat (limited to 'sshconnect2.c')
| -rw-r--r-- | sshconnect2.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 19caebabc..0e8f323d6 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshconnect2.c,v 1.291 2018/12/27 03:25:25 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.292 2019/01/04 03:27:50 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
| @@ -264,7 +264,6 @@ struct cauthctxt { | |||
| 264 | struct cauthmethod *method; | 264 | struct cauthmethod *method; |
| 265 | sig_atomic_t success; | 265 | sig_atomic_t success; |
| 266 | char *authlist; | 266 | char *authlist; |
| 267 | int attempt; | ||
| 268 | /* pubkey */ | 267 | /* pubkey */ |
| 269 | struct idlist keys; | 268 | struct idlist keys; |
| 270 | int agent_fd; | 269 | int agent_fd; |
| @@ -274,6 +273,9 @@ struct cauthctxt { | |||
| 274 | const char *active_ktype; | 273 | const char *active_ktype; |
| 275 | /* kbd-interactive */ | 274 | /* kbd-interactive */ |
| 276 | int info_req_seen; | 275 | int info_req_seen; |
| 276 | int attempt_kbdint; | ||
| 277 | /* password */ | ||
| 278 | int attempt_passwd; | ||
| 277 | /* generic */ | 279 | /* generic */ |
| 278 | void *methoddata; | 280 | void *methoddata; |
| 279 | }; | 281 | }; |
| @@ -385,6 +387,8 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, | |||
| 385 | authctxt.sensitive = sensitive; | 387 | authctxt.sensitive = sensitive; |
| 386 | authctxt.active_ktype = authctxt.oktypes = authctxt.ktypes = NULL; | 388 | authctxt.active_ktype = authctxt.oktypes = authctxt.ktypes = NULL; |
| 387 | authctxt.info_req_seen = 0; | 389 | authctxt.info_req_seen = 0; |
| 390 | authctxt.attempt_kbdint = 0; | ||
| 391 | authctxt.attempt_passwd = 0; | ||
| 388 | authctxt.agent_fd = -1; | 392 | authctxt.agent_fd = -1; |
| 389 | pubkey_prepare(&authctxt); | 393 | pubkey_prepare(&authctxt); |
| 390 | if (authctxt.method == NULL) { | 394 | if (authctxt.method == NULL) { |
| @@ -954,16 +958,15 @@ int | |||
| 954 | userauth_passwd(Authctxt *authctxt) | 958 | userauth_passwd(Authctxt *authctxt) |
| 955 | { | 959 | { |
| 956 | struct ssh *ssh = active_state; /* XXX */ | 960 | struct ssh *ssh = active_state; /* XXX */ |
| 957 | static int attempt = 0; | ||
| 958 | char *password, *prompt = NULL; | 961 | char *password, *prompt = NULL; |
| 959 | const char *host = options.host_key_alias ? options.host_key_alias : | 962 | const char *host = options.host_key_alias ? options.host_key_alias : |
| 960 | authctxt->host; | 963 | authctxt->host; |
| 961 | int r; | 964 | int r; |
| 962 | 965 | ||
| 963 | if (attempt++ >= options.number_of_password_prompts) | 966 | if (authctxt->attempt_passwd++ >= options.number_of_password_prompts) |
| 964 | return 0; | 967 | return 0; |
| 965 | 968 | ||
| 966 | if (attempt != 1) | 969 | if (authctxt->attempt_passwd != 1) |
| 967 | error("Permission denied, please try again."); | 970 | error("Permission denied, please try again."); |
| 968 | 971 | ||
| 969 | xasprintf(&prompt, "%s@%s's password: ", authctxt->server_user, host); | 972 | xasprintf(&prompt, "%s@%s's password: ", authctxt->server_user, host); |
| @@ -1705,13 +1708,12 @@ int | |||
| 1705 | userauth_kbdint(Authctxt *authctxt) | 1708 | userauth_kbdint(Authctxt *authctxt) |
| 1706 | { | 1709 | { |
| 1707 | struct ssh *ssh = active_state; /* XXX */ | 1710 | struct ssh *ssh = active_state; /* XXX */ |
| 1708 | static int attempt = 0; | ||
| 1709 | int r; | 1711 | int r; |
| 1710 | 1712 | ||
| 1711 | if (attempt++ >= options.number_of_password_prompts) | 1713 | if (authctxt->attempt_kbdint++ >= options.number_of_password_prompts) |
| 1712 | return 0; | 1714 | return 0; |
| 1713 | /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */ | 1715 | /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */ |
| 1714 | if (attempt > 1 && !authctxt->info_req_seen) { | 1716 | if (authctxt->attempt_kbdint > 1 && !authctxt->info_req_seen) { |
| 1715 | debug3("userauth_kbdint: disable: no info_req_seen"); | 1717 | debug3("userauth_kbdint: disable: no info_req_seen"); |
| 1716 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, NULL); | 1718 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, NULL); |
| 1717 | return 0; | 1719 | return 0; |