diff options
-rw-r--r-- | ChangeLog | 10 | ||||
-rw-r--r-- | auth1.c | 6 | ||||
-rw-r--r-- | auth2.c | 9 |
3 files changed, 20 insertions, 5 deletions
@@ -9,6 +9,14 @@ | |||
9 | - djm@cvs.openbsd.org 2008/07/04 23:08:25 | 9 | - djm@cvs.openbsd.org 2008/07/04 23:08:25 |
10 | [packet.c] | 10 | [packet.c] |
11 | handle EINTR in packet_write_poll()l ok dtucker@ | 11 | handle EINTR in packet_write_poll()l ok dtucker@ |
12 | - djm@cvs.openbsd.org 2008/07/04 23:30:16 | ||
13 | [auth1.c auth2.c] | ||
14 | Make protocol 1 MaxAuthTries logic match protocol 2's. | ||
15 | Do not treat the first protocol 2 authentication attempt as | ||
16 | a failure IFF it is for method "none". | ||
17 | Makes MaxAuthTries' user-visible behaviour identical for | ||
18 | protocol 1 vs 2. | ||
19 | ok dtucker@ | ||
12 | 20 | ||
13 | 20080704 | 21 | 20080704 |
14 | - (dtucker) OpenBSD CVS Sync | 22 | - (dtucker) OpenBSD CVS Sync |
@@ -4582,4 +4590,4 @@ | |||
4582 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 4590 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
4583 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 4591 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
4584 | 4592 | ||
4585 | $Id: ChangeLog,v 1.5061 2008/07/04 23:40:56 djm Exp $ | 4593 | $Id: ChangeLog,v 1.5062 2008/07/04 23:44:53 djm Exp $ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth1.c,v 1.72 2008/05/08 12:02:23 djm Exp $ */ | 1 | /* $OpenBSD: auth1.c,v 1.73 2008/07/04 23:30:16 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -284,6 +284,8 @@ do_authloop(Authctxt *authctxt) | |||
284 | type != SSH_CMSG_AUTH_TIS_RESPONSE) | 284 | type != SSH_CMSG_AUTH_TIS_RESPONSE) |
285 | abandon_challenge_response(authctxt); | 285 | abandon_challenge_response(authctxt); |
286 | 286 | ||
287 | if (authctxt->failures >= options.max_authtries) | ||
288 | goto skip; | ||
287 | if ((meth = lookup_authmethod1(type)) == NULL) { | 289 | if ((meth = lookup_authmethod1(type)) == NULL) { |
288 | logit("Unknown message during authentication: " | 290 | logit("Unknown message during authentication: " |
289 | "type %d", type); | 291 | "type %d", type); |
@@ -368,7 +370,7 @@ do_authloop(Authctxt *authctxt) | |||
368 | if (authenticated) | 370 | if (authenticated) |
369 | return; | 371 | return; |
370 | 372 | ||
371 | if (authctxt->failures++ > options.max_authtries) { | 373 | if (++authctxt->failures >= options.max_authtries) { |
372 | #ifdef SSH_AUDIT_EVENTS | 374 | #ifdef SSH_AUDIT_EVENTS |
373 | PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); | 375 | PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); |
374 | #endif | 376 | #endif |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2.c,v 1.118 2008/07/02 13:30:34 djm Exp $ */ | 1 | /* $OpenBSD: auth2.c,v 1.119 2008/07/04 23:30:16 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -36,6 +36,7 @@ | |||
36 | #include <unistd.h> | 36 | #include <unistd.h> |
37 | 37 | ||
38 | #include "xmalloc.h" | 38 | #include "xmalloc.h" |
39 | #include "atomicio.h" | ||
39 | #include "ssh2.h" | 40 | #include "ssh2.h" |
40 | #include "packet.h" | 41 | #include "packet.h" |
41 | #include "log.h" | 42 | #include "log.h" |
@@ -333,7 +334,11 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) | |||
333 | /* now we can break out */ | 334 | /* now we can break out */ |
334 | authctxt->success = 1; | 335 | authctxt->success = 1; |
335 | } else { | 336 | } else { |
336 | if (++authctxt->failures >= options.max_authtries) { | 337 | |
338 | /* Allow initial try of "none" auth without failure penalty */ | ||
339 | if (authctxt->attempt > 1 || strcmp(method, "none") != 0) | ||
340 | authctxt->failures++; | ||
341 | if (authctxt->failures >= options.max_authtries) { | ||
337 | #ifdef SSH_AUDIT_EVENTS | 342 | #ifdef SSH_AUDIT_EVENTS |
338 | PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); | 343 | PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); |
339 | #endif | 344 | #endif |