From 3fcdfd55a3a3a16342a4f110f2dc1ba998526e47 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Thu, 5 May 2011 14:04:11 +1000
Subject:  - OpenBSD CVS Sync    - djm@cvs.openbsd.org 2011/03/10 02:52:57     
 [auth2-gss.c auth2.c]      allow GSSAPI authentication to detect when a
 server-side failure causes      authentication failure and don't count such
 failures against MaxAuthTries;      bz#1244 from simon AT sxw.org.uk; ok
 markus@ before lock

---
 auth2.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'auth2.c')

diff --git a/auth2.c b/auth2.c
index 95820f96f..c06c95f06 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.122 2010/08/31 09:58:37 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.123 2011/03/10 02:52:57 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -274,6 +274,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
 #endif
 
 	authctxt->postponed = 0;
+	authctxt->server_caused_failure = 0;
 
 	/* try to authenticate user */
 	m = authmethod_lookup(method);
@@ -346,7 +347,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
 	} else {
 
 		/* Allow initial try of "none" auth without failure penalty */
-		if (authctxt->attempt > 1 || strcmp(method, "none") != 0)
+		if (!authctxt->server_caused_failure &&
+		    (authctxt->attempt > 1 || strcmp(method, "none") != 0))
 			authctxt->failures++;
 		if (authctxt->failures >= options.max_authtries) {
 #ifdef SSH_AUDIT_EVENTS
-- 
cgit v1.2.3