diff options
Diffstat (limited to 'auth2.c')
-rw-r--r-- | auth2.c | 21 |
1 files changed, 9 insertions, 12 deletions
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth2.c,v 1.23 2000/12/19 23:17:55 markus Exp $"); | 26 | RCSID("$OpenBSD: auth2.c,v 1.24 2000/12/28 14:25:51 markus Exp $"); |
27 | 27 | ||
28 | #ifdef HAVE_OSF_SIA | 28 | #ifdef HAVE_OSF_SIA |
29 | # include <sia.h> | 29 | # include <sia.h> |
@@ -124,6 +124,7 @@ do_authentication2() | |||
124 | memset(authctxt, 'a', sizeof(*authctxt)); | 124 | memset(authctxt, 'a', sizeof(*authctxt)); |
125 | authctxt->valid = 0; | 125 | authctxt->valid = 0; |
126 | authctxt->attempt = 0; | 126 | authctxt->attempt = 0; |
127 | authctxt->failures = 0; | ||
127 | authctxt->success = 0; | 128 | authctxt->success = 0; |
128 | x_authctxt = authctxt; /*XXX*/ | 129 | x_authctxt = authctxt; /*XXX*/ |
129 | 130 | ||
@@ -190,21 +191,14 @@ input_userauth_request(int type, int plen, void *ctxt) | |||
190 | 191 | ||
191 | if (authctxt == NULL) | 192 | if (authctxt == NULL) |
192 | fatal("input_userauth_request: no authctxt"); | 193 | fatal("input_userauth_request: no authctxt"); |
193 | if (authctxt->attempt++ >= AUTH_FAIL_MAX) { | ||
194 | #ifdef WITH_AIXAUTHENTICATE | ||
195 | loginfailed(authctxt->user?authctxt->user:"NOUSER", | ||
196 | get_canonical_hostname(), "ssh"); | ||
197 | #endif /* WITH_AIXAUTHENTICATE */ | ||
198 | packet_disconnect("too many failed userauth_requests"); | ||
199 | } | ||
200 | 194 | ||
201 | user = packet_get_string(NULL); | 195 | user = packet_get_string(NULL); |
202 | service = packet_get_string(NULL); | 196 | service = packet_get_string(NULL); |
203 | method = packet_get_string(NULL); | 197 | method = packet_get_string(NULL); |
204 | debug("userauth-request for user %s service %s method %s", user, service, method); | 198 | debug("userauth-request for user %s service %s method %s", user, service, method); |
205 | debug("attempt #%d", authctxt->attempt); | 199 | debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); |
206 | 200 | ||
207 | if (authctxt->attempt == 1) { | 201 | if (authctxt->attempt++ == 0) { |
208 | /* setup auth context */ | 202 | /* setup auth context */ |
209 | struct passwd *pw = NULL; | 203 | struct passwd *pw = NULL; |
210 | setproctitle("%s", user); | 204 | setproctitle("%s", user); |
@@ -273,7 +267,7 @@ userauth_log(Authctxt *authctxt, int authenticated, char *method) | |||
273 | /* Raise logging level */ | 267 | /* Raise logging level */ |
274 | if (authenticated == 1 || | 268 | if (authenticated == 1 || |
275 | !authctxt->valid || | 269 | !authctxt->valid || |
276 | authctxt->attempt >= AUTH_FAIL_LOG || | 270 | authctxt->failures >= AUTH_FAIL_LOG || |
277 | strcmp(method, "password") == 0) | 271 | strcmp(method, "password") == 0) |
278 | authlog = log; | 272 | authlog = log; |
279 | 273 | ||
@@ -302,6 +296,7 @@ userauth_log(Authctxt *authctxt, int authenticated, char *method) | |||
302 | void | 296 | void |
303 | userauth_reply(Authctxt *authctxt, int authenticated) | 297 | userauth_reply(Authctxt *authctxt, int authenticated) |
304 | { | 298 | { |
299 | char *methods; | ||
305 | /* XXX todo: check if multiple auth methods are needed */ | 300 | /* XXX todo: check if multiple auth methods are needed */ |
306 | if (authenticated == 1) { | 301 | if (authenticated == 1) { |
307 | #ifdef WITH_AIXAUTHENTICATE | 302 | #ifdef WITH_AIXAUTHENTICATE |
@@ -318,7 +313,9 @@ userauth_reply(Authctxt *authctxt, int authenticated) | |||
318 | /* now we can break out */ | 313 | /* now we can break out */ |
319 | authctxt->success = 1; | 314 | authctxt->success = 1; |
320 | } else if (authenticated == 0) { | 315 | } else if (authenticated == 0) { |
321 | char *methods = authmethods_get(); | 316 | if (authctxt->failures++ >= AUTH_FAIL_MAX) |
317 | packet_disconnect("too many failed userauth_requests"); | ||
318 | methods = authmethods_get(); | ||
322 | packet_start(SSH2_MSG_USERAUTH_FAILURE); | 319 | packet_start(SSH2_MSG_USERAUTH_FAILURE); |
323 | packet_put_cstring(methods); | 320 | packet_put_cstring(methods); |
324 | packet_put_char(0); /* XXX partial success, unused */ | 321 | packet_put_char(0); /* XXX partial success, unused */ |