Handle PAM_MAXTRIES from modules.

bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer password and keyboard-interative authentication methods. Should prevent "sshd ignoring max retries" warnings in the log. ok djm@ It probably won't trigger with keyboard-interactive in the default configuration because the retry counter is stored in module-private storage which goes away with the sshd PAM process (see bz#688). On the other hand, those cases probably won't log a warning either.
author: Darren Tucker <dtucker@zip.com.au> 2016-07-18 09:33:25 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2016-07-18 09:33:25 +1000
commit: 01558b7b07af43da774d3a11a5c51fa9c310849d (patch)
tree: 97052332089b01018034206d1dcd683c4177f787 /auth-pam.h
parent: 65c6c6b567ab5ab12945a5ad8e0ab3a8c26119cc (diff)
download: openssh-git-01558b7b07af43da774d3a11a5c51fa9c310849d.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/auth-pam.h b/auth-pam.h
index a1a2b52d..2e9a0c0a 100644
--- a/auth-pam.h
+++ b/auth-pam.h
@@ -45,6 +45,8 @@ void free_pam_environment(char **);
 void sshpam_thread_cleanup(void);
 void sshpam_cleanup(void);
 int sshpam_auth_passwd(Authctxt *, const char *);
+int sshpam_get_maxtries_reached(void);
+void sshpam_set_maxtries_reached(int);
 int is_pam_session_open(void);
 
 #endif /* USE_PAM */
author	Darren Tucker <dtucker@zip.com.au>	2016-07-18 09:33:25 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2016-07-18 09:33:25 +1000
commit	01558b7b07af43da774d3a11a5c51fa9c310849d (patch)
tree	97052332089b01018034206d1dcd683c4177f787 /auth-pam.h
parent	65c6c6b567ab5ab12945a5ad8e0ab3a8c26119cc (diff)
download	openssh-git-01558b7b07af43da774d3a11a5c51fa9c310849d.tar.gz