summaryrefslogtreecommitdiff
path: root/auth2.c
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2000-12-28 16:40:05 +0000
committerBen Lindstrom <mouring@eviladmin.org>2000-12-28 16:40:05 +0000
commit4dccfa5fb73853e6c9281beac2c42a31391acdc7 (patch)
tree2a64c6b1e096010f2b5fd45a08f9878cac5d400e /auth2.c
parent42717bf8fff94146edf43ea266113f1a54456c62 (diff)
- (bal) OpenBSD CVS Update
- markus@cvs.openbsd.org 2000/12/28 14:25:51 [auth.h auth2.c] count authentication failures only - markus@cvs.openbsd.org 2000/12/28 14:25:03 [sshconnect.c] fingerprint for MITM attacks, too. - markus@cvs.openbsd.org 2000/12/28 12:03:57 [sshd.8 sshd.c] document -D - markus@cvs.openbsd.org 2000/12/27 14:19:21 [serverloop.c] less chatty - markus@cvs.openbsd.org 2000/12/27 12:34 [auth1.c sshconnect2.c sshd.c] typo - markus@cvs.openbsd.org 2000/12/27 12:30:19 [readconf.c readconf.h ssh.1 sshconnect.c] new option: HostKeyAlias: allow the user to record the host key under a different name. This is useful for ssh tunneling over forwarded connections or if you run multiple sshd's on different ports on the same machine. - markus@cvs.openbsd.org 2000/12/27 11:51:53 [ssh.1 ssh.c] multiple -t force pty allocation, document ORIGINAL_COMMAND - markus@cvs.openbsd.org 2000/12/27 11:41:31 [sshd.8] update for ssh-2
Diffstat (limited to 'auth2.c')
-rw-r--r--auth2.c21
1 files changed, 9 insertions, 12 deletions
diff --git a/auth2.c b/auth2.c
index a0e6d577..4880b736 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.23 2000/12/19 23:17:55 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.24 2000/12/28 14:25:51 markus Exp $");
#ifdef HAVE_OSF_SIA
# include <sia.h>
@@ -124,6 +124,7 @@ do_authentication2()
memset(authctxt, 'a', sizeof(*authctxt));
authctxt->valid = 0;
authctxt->attempt = 0;
+ authctxt->failures = 0;
authctxt->success = 0;
x_authctxt = authctxt; /*XXX*/
@@ -190,21 +191,14 @@ input_userauth_request(int type, int plen, void *ctxt)
if (authctxt == NULL)
fatal("input_userauth_request: no authctxt");
- if (authctxt->attempt++ >= AUTH_FAIL_MAX) {
-#ifdef WITH_AIXAUTHENTICATE
- loginfailed(authctxt->user?authctxt->user:"NOUSER",
- get_canonical_hostname(), "ssh");
-#endif /* WITH_AIXAUTHENTICATE */
- packet_disconnect("too many failed userauth_requests");
- }
user = packet_get_string(NULL);
service = packet_get_string(NULL);
method = packet_get_string(NULL);
debug("userauth-request for user %s service %s method %s", user, service, method);
- debug("attempt #%d", authctxt->attempt);
+ debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
- if (authctxt->attempt == 1) {
+ if (authctxt->attempt++ == 0) {
/* setup auth context */
struct passwd *pw = NULL;
setproctitle("%s", user);
@@ -273,7 +267,7 @@ userauth_log(Authctxt *authctxt, int authenticated, char *method)
/* Raise logging level */
if (authenticated == 1 ||
!authctxt->valid ||
- authctxt->attempt >= AUTH_FAIL_LOG ||
+ authctxt->failures >= AUTH_FAIL_LOG ||
strcmp(method, "password") == 0)
authlog = log;
@@ -302,6 +296,7 @@ userauth_log(Authctxt *authctxt, int authenticated, char *method)
void
userauth_reply(Authctxt *authctxt, int authenticated)
{
+ char *methods;
/* XXX todo: check if multiple auth methods are needed */
if (authenticated == 1) {
#ifdef WITH_AIXAUTHENTICATE
@@ -318,7 +313,9 @@ userauth_reply(Authctxt *authctxt, int authenticated)
/* now we can break out */
authctxt->success = 1;
} else if (authenticated == 0) {
- char *methods = authmethods_get();
+ if (authctxt->failures++ >= AUTH_FAIL_MAX)
+ packet_disconnect("too many failed userauth_requests");
+ methods = authmethods_get();
packet_start(SSH2_MSG_USERAUTH_FAILURE);
packet_put_cstring(methods);
packet_put_char(0); /* XXX partial success, unused */