diff options
author | djm <djm> | 2011-05-05 04:04:11 +0000 |
---|---|---|
committer | djm <djm> | 2011-05-05 04:04:11 +0000 |
commit | f2977107dbdbf3b4d19b6667f13c9b7c7686aeca (patch) | |
tree | 68551f407b947183476b830f3c7e66ce410cd04d /auth2.c | |
parent | 042761cdd0ee5f76ecd62ee1e9ae984cfbcda8e1 (diff) | |
download | openssh-f2977107dbdbf3b4d19b6667f13c9b7c7686aeca.tar.gz |
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/03/10 02:52:57
[auth2-gss.c auth2.c]
allow GSSAPI authentication to detect when a server-side failure causes
authentication failure and don't count such failures against MaxAuthTries;
bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
Diffstat (limited to 'auth2.c')
-rw-r--r-- | auth2.c | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.122 2010/08/31 09:58:37 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.123 2011/03/10 02:52:57 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -274,6 +274,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) #endif authctxt->postponed = 0; + authctxt->server_caused_failure = 0; /* try to authenticate user */ m = authmethod_lookup(method); @@ -346,7 +347,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) } else { /* Allow initial try of "none" auth without failure penalty */ - if (authctxt->attempt > 1 || strcmp(method, "none") != 0) + if (!authctxt->server_caused_failure && + (authctxt->attempt > 1 || strcmp(method, "none") != 0)) authctxt->failures++; if (authctxt->failures >= options.max_authtries) { #ifdef SSH_AUDIT_EVENTS |