summaryrefslogtreecommitdiff
path: root/auth2.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth2.c')
-rw-r--r--auth2.c21
1 files changed, 9 insertions, 12 deletions
diff --git a/auth2.c b/auth2.c
index a0e6d577e..4880b736e 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth2.c,v 1.23 2000/12/19 23:17:55 markus Exp $"); 26RCSID("$OpenBSD: auth2.c,v 1.24 2000/12/28 14:25:51 markus Exp $");
27 27
28#ifdef HAVE_OSF_SIA 28#ifdef HAVE_OSF_SIA
29# include <sia.h> 29# include <sia.h>
@@ -124,6 +124,7 @@ do_authentication2()
124 memset(authctxt, 'a', sizeof(*authctxt)); 124 memset(authctxt, 'a', sizeof(*authctxt));
125 authctxt->valid = 0; 125 authctxt->valid = 0;
126 authctxt->attempt = 0; 126 authctxt->attempt = 0;
127 authctxt->failures = 0;
127 authctxt->success = 0; 128 authctxt->success = 0;
128 x_authctxt = authctxt; /*XXX*/ 129 x_authctxt = authctxt; /*XXX*/
129 130
@@ -190,21 +191,14 @@ input_userauth_request(int type, int plen, void *ctxt)
190 191
191 if (authctxt == NULL) 192 if (authctxt == NULL)
192 fatal("input_userauth_request: no authctxt"); 193 fatal("input_userauth_request: no authctxt");
193 if (authctxt->attempt++ >= AUTH_FAIL_MAX) {
194#ifdef WITH_AIXAUTHENTICATE
195 loginfailed(authctxt->user?authctxt->user:"NOUSER",
196 get_canonical_hostname(), "ssh");
197#endif /* WITH_AIXAUTHENTICATE */
198 packet_disconnect("too many failed userauth_requests");
199 }
200 194
201 user = packet_get_string(NULL); 195 user = packet_get_string(NULL);
202 service = packet_get_string(NULL); 196 service = packet_get_string(NULL);
203 method = packet_get_string(NULL); 197 method = packet_get_string(NULL);
204 debug("userauth-request for user %s service %s method %s", user, service, method); 198 debug("userauth-request for user %s service %s method %s", user, service, method);
205 debug("attempt #%d", authctxt->attempt); 199 debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
206 200
207 if (authctxt->attempt == 1) { 201 if (authctxt->attempt++ == 0) {
208 /* setup auth context */ 202 /* setup auth context */
209 struct passwd *pw = NULL; 203 struct passwd *pw = NULL;
210 setproctitle("%s", user); 204 setproctitle("%s", user);
@@ -273,7 +267,7 @@ userauth_log(Authctxt *authctxt, int authenticated, char *method)
273 /* Raise logging level */ 267 /* Raise logging level */
274 if (authenticated == 1 || 268 if (authenticated == 1 ||
275 !authctxt->valid || 269 !authctxt->valid ||
276 authctxt->attempt >= AUTH_FAIL_LOG || 270 authctxt->failures >= AUTH_FAIL_LOG ||
277 strcmp(method, "password") == 0) 271 strcmp(method, "password") == 0)
278 authlog = log; 272 authlog = log;
279 273
@@ -302,6 +296,7 @@ userauth_log(Authctxt *authctxt, int authenticated, char *method)
302void 296void
303userauth_reply(Authctxt *authctxt, int authenticated) 297userauth_reply(Authctxt *authctxt, int authenticated)
304{ 298{
299 char *methods;
305 /* XXX todo: check if multiple auth methods are needed */ 300 /* XXX todo: check if multiple auth methods are needed */
306 if (authenticated == 1) { 301 if (authenticated == 1) {
307#ifdef WITH_AIXAUTHENTICATE 302#ifdef WITH_AIXAUTHENTICATE
@@ -318,7 +313,9 @@ userauth_reply(Authctxt *authctxt, int authenticated)
318 /* now we can break out */ 313 /* now we can break out */
319 authctxt->success = 1; 314 authctxt->success = 1;
320 } else if (authenticated == 0) { 315 } else if (authenticated == 0) {
321 char *methods = authmethods_get(); 316 if (authctxt->failures++ >= AUTH_FAIL_MAX)
317 packet_disconnect("too many failed userauth_requests");
318 methods = authmethods_get();
322 packet_start(SSH2_MSG_USERAUTH_FAILURE); 319 packet_start(SSH2_MSG_USERAUTH_FAILURE);
323 packet_put_cstring(methods); 320 packet_put_cstring(methods);
324 packet_put_char(0); /* XXX partial success, unused */ 321 packet_put_char(0); /* XXX partial success, unused */
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-20 00:09:03 +0000