From 01558b7b07af43da774d3a11a5c51fa9c310849d Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Mon, 18 Jul 2016 09:33:25 +1000
Subject: Handle PAM_MAXTRIES from modules.

bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer
password and keyboard-interative authentication methods.  Should prevent
"sshd ignoring max retries" warnings in the log.  ok djm@

It probably won't trigger with keyboard-interactive in the default
configuration because the retry counter is stored in module-private
storage which goes away with the sshd PAM process (see bz#688).  On the
other hand, those cases probably won't log a warning either.
---
 auth-pam.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'auth-pam.h')

diff --git a/auth-pam.h b/auth-pam.h
index a1a2b52d..2e9a0c0a 100644
--- a/auth-pam.h
+++ b/auth-pam.h
@@ -45,6 +45,8 @@ void free_pam_environment(char **);
 void sshpam_thread_cleanup(void);
 void sshpam_cleanup(void);
 int sshpam_auth_passwd(Authctxt *, const char *);
+int sshpam_get_maxtries_reached(void);
+void sshpam_set_maxtries_reached(int);
 int is_pam_session_open(void);
 
 #endif /* USE_PAM */
-- 
cgit v1.2.1