1 files changed, 7 insertions, 2 deletions
diff --git a/auth2.c b/auth2.c
index 4b96c652f..a835abfc6 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.118 2008/07/02 13:30:34 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.119 2008/07/04 23:30:16 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -36,6 +36,7 @@
 #include <unistd.h>
 #include "xmalloc.h"
+#include "atomicio.h"
 #include "ssh2.h"
 #include "packet.h"
 #include "log.h"
@@ -333,7 +334,11 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
                /* now we can break out */
                authctxt->success = 1;
        } else {
-                if (++authctxt->failures >= options.max_authtries) {
+                /* Allow initial try of "none" auth without failure penalty */
+                if (authctxt->attempt > 1 || strcmp(method, "none") != 0)
+                        authctxt->failures++;
+                if (authctxt->failures >= options.max_authtries) {
 #ifdef SSH_AUDIT_EVENTS
                        PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
 #endif

diff --git a/auth2.c b/auth2.c index 4b96c652f..a835abfc6 100644 --- a/auth2.c +++ b/auth2.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: auth2.c,v 1.118 2008/07/02 13:30:34 djm Exp $ */	1	/* $OpenBSD: auth2.c,v 1.119 2008/07/04 23:30:16 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	*	4	*
@@ -36,6 +36,7 @@
36	#include <unistd.h>	36	#include <unistd.h>
37		37
38	#include "xmalloc.h"	38	#include "xmalloc.h"
		39	#include "atomicio.h"
39	#include "ssh2.h"	40	#include "ssh2.h"
40	#include "packet.h"	41	#include "packet.h"
41	#include "log.h"	42	#include "log.h"
@@ -333,7 +334,11 @@ userauth_finish(Authctxt authctxt, int authenticated, char method)
333	/* now we can break out */	334	/* now we can break out */
334	authctxt->success = 1;	335	authctxt->success = 1;
335	} else {	336	} else {
336	if (++authctxt->failures >= options.max_authtries) {	337
		338	/* Allow initial try of "none" auth without failure penalty */
		339	if (authctxt->attempt > 1 \|\| strcmp(method, "none") != 0)
		340	authctxt->failures++;
		341	if (authctxt->failures >= options.max_authtries) {
337	#ifdef SSH_AUDIT_EVENTS	342	#ifdef SSH_AUDIT_EVENTS
338	PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));	343	PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
339	#endif	344	#endif