diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2000-12-28 14:25:52 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2000-12-28 14:25:52 +0000 |
commit | 1edd9b601ff2a6c5adc28bcf24505588dba3ff38 (patch) | |
tree | d6a88a8b502202f9221b902f71ffbfda6212a121 /usr.bin | |
parent | 2b829e4616bee60f9d853b6fde9040cee82f20cf (diff) |
count authentication failures only
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/ssh/auth.h | 3 | ||||
-rw-r--r-- | usr.bin/ssh/auth2.c | 16 |
2 files changed, 11 insertions, 8 deletions
diff --git a/usr.bin/ssh/auth.h b/usr.bin/ssh/auth.h index 721d763ec08..3c2e00c0719 100644 --- a/usr.bin/ssh/auth.h +++ b/usr.bin/ssh/auth.h @@ -21,7 +21,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $OpenBSD: auth.h,v 1.7 2000/10/16 09:38:44 djm Exp $ + * $OpenBSD: auth.h,v 1.8 2000/12/28 14:25:51 markus Exp $ */ #ifndef AUTH_H #define AUTH_H @@ -31,6 +31,7 @@ struct Authctxt { int success; int valid; int attempt; + int failures; char *user; char *service; struct passwd *pw; diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c index 8abe1006f0a..844d39a81f4 100644 --- a/usr.bin/ssh/auth2.c +++ b/usr.bin/ssh/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.23 2000/12/19 23:17:55 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.24 2000/12/28 14:25:51 markus Exp $"); #include <openssl/dsa.h> #include <openssl/rsa.h> @@ -111,6 +111,7 @@ do_authentication2() memset(authctxt, 'a', sizeof(*authctxt)); authctxt->valid = 0; authctxt->attempt = 0; + authctxt->failures = 0; authctxt->success = 0; x_authctxt = authctxt; /*XXX*/ @@ -177,16 +178,14 @@ input_userauth_request(int type, int plen, void *ctxt) if (authctxt == NULL) fatal("input_userauth_request: no authctxt"); - if (authctxt->attempt++ >= AUTH_FAIL_MAX) - packet_disconnect("too many failed userauth_requests"); user = packet_get_string(NULL); service = packet_get_string(NULL); method = packet_get_string(NULL); debug("userauth-request for user %s service %s method %s", user, service, method); - debug("attempt #%d", authctxt->attempt); + debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); - if (authctxt->attempt == 1) { + if (authctxt->attempt++ == 0) { /* setup auth context */ struct passwd *pw = NULL; setproctitle("%s", user); @@ -247,7 +246,7 @@ userauth_log(Authctxt *authctxt, int authenticated, char *method) /* Raise logging level */ if (authenticated == 1 || !authctxt->valid || - authctxt->attempt >= AUTH_FAIL_LOG || + authctxt->failures >= AUTH_FAIL_LOG || strcmp(method, "password") == 0) authlog = log; @@ -276,6 +275,7 @@ userauth_log(Authctxt *authctxt, int authenticated, char *method) void userauth_reply(Authctxt *authctxt, int authenticated) { + char *methods; /* XXX todo: check if multiple auth methods are needed */ if (authenticated == 1) { /* turn off userauth */ @@ -286,7 +286,9 @@ userauth_reply(Authctxt *authctxt, int authenticated) /* now we can break out */ authctxt->success = 1; } else if (authenticated == 0) { - char *methods = authmethods_get(); + if (authctxt->failures++ >= AUTH_FAIL_MAX) + packet_disconnect("too many failed userauth_requests"); + methods = authmethods_get(); packet_start(SSH2_MSG_USERAUTH_FAILURE); packet_put_cstring(methods); packet_put_char(0); /* XXX partial success, unused */ |