- djm@cvs.openbsd.org 2008/07/04 23:30:16

[auth1.c auth2.c] Make protocol 1 MaxAuthTries logic match protocol 2's. Do not treat the first protocol 2 authentication attempt as a failure IFF it is for method "none". Makes MaxAuthTries' user-visible behaviour identical for protocol 1 vs 2. ok dtucker@
author: djm <djm> 2008-07-04 23:44:53 +0000
committer: djm <djm> 2008-07-04 23:44:53 +0000
commit: 07de296d34ba951cd787411d350aefb997457fe2 (patch)
tree: 4b8115cde4329ca590eb6fe69386e349b261d64b /auth1.c
parent: ca1ffcdb1060e5d59a0c9e9e4a05547da8082153 (diff)
download: openssh-07de296d34ba951cd787411d350aefb997457fe2.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/auth1.c b/auth1.c
index b5798f63..834ef045 100644
--- a/auth1.c
+++ b/auth1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth1.c,v 1.72 2008/05/08 12:02:23 djm Exp $ */
+/* $OpenBSD: auth1.c,v 1.73 2008/07/04 23:30:16 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -284,6 +284,8 @@ do_authloop(Authctxt *authctxt)
 		    type != SSH_CMSG_AUTH_TIS_RESPONSE)
 			abandon_challenge_response(authctxt);
 
+		if (authctxt->failures >= options.max_authtries)
+			goto skip;
 		if ((meth = lookup_authmethod1(type)) == NULL) {
 			logit("Unknown message during authentication: "
 			    "type %d", type);
@@ -368,7 +370,7 @@ do_authloop(Authctxt *authctxt)
 		if (authenticated)
 			return;
 
-		if (authctxt->failures++ > options.max_authtries) {
+		if (++authctxt->failures >= options.max_authtries) {
 #ifdef SSH_AUDIT_EVENTS
 			PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
 #endif
author	djm <djm>	2008-07-04 23:44:53 +0000
committer	djm <djm>	2008-07-04 23:44:53 +0000
commit	07de296d34ba951cd787411d350aefb997457fe2 (patch)
tree	4b8115cde4329ca590eb6fe69386e349b261d64b /auth1.c
parent	ca1ffcdb1060e5d59a0c9e9e4a05547da8082153 (diff)
download	openssh-07de296d34ba951cd787411d350aefb997457fe2.tar.gz