summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2000-12-28 14:25:52 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2000-12-28 14:25:52 +0000
commit1edd9b601ff2a6c5adc28bcf24505588dba3ff38 (patch)
treed6a88a8b502202f9221b902f71ffbfda6212a121 /usr.bin
parent2b829e4616bee60f9d853b6fde9040cee82f20cf (diff)
count authentication failures only
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/ssh/auth.h3
-rw-r--r--usr.bin/ssh/auth2.c16
2 files changed, 11 insertions, 8 deletions
diff --git a/usr.bin/ssh/auth.h b/usr.bin/ssh/auth.h
index 721d763ec08..3c2e00c0719 100644
--- a/usr.bin/ssh/auth.h
+++ b/usr.bin/ssh/auth.h
@@ -21,7 +21,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $OpenBSD: auth.h,v 1.7 2000/10/16 09:38:44 djm Exp $
+ * $OpenBSD: auth.h,v 1.8 2000/12/28 14:25:51 markus Exp $
*/
#ifndef AUTH_H
#define AUTH_H
@@ -31,6 +31,7 @@ struct Authctxt {
int success;
int valid;
int attempt;
+ int failures;
char *user;
char *service;
struct passwd *pw;
diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c
index 8abe1006f0a..844d39a81f4 100644
--- a/usr.bin/ssh/auth2.c
+++ b/usr.bin/ssh/auth2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.23 2000/12/19 23:17:55 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.24 2000/12/28 14:25:51 markus Exp $");
#include <openssl/dsa.h>
#include <openssl/rsa.h>
@@ -111,6 +111,7 @@ do_authentication2()
memset(authctxt, 'a', sizeof(*authctxt));
authctxt->valid = 0;
authctxt->attempt = 0;
+ authctxt->failures = 0;
authctxt->success = 0;
x_authctxt = authctxt; /*XXX*/
@@ -177,16 +178,14 @@ input_userauth_request(int type, int plen, void *ctxt)
if (authctxt == NULL)
fatal("input_userauth_request: no authctxt");
- if (authctxt->attempt++ >= AUTH_FAIL_MAX)
- packet_disconnect("too many failed userauth_requests");
user = packet_get_string(NULL);
service = packet_get_string(NULL);
method = packet_get_string(NULL);
debug("userauth-request for user %s service %s method %s", user, service, method);
- debug("attempt #%d", authctxt->attempt);
+ debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
- if (authctxt->attempt == 1) {
+ if (authctxt->attempt++ == 0) {
/* setup auth context */
struct passwd *pw = NULL;
setproctitle("%s", user);
@@ -247,7 +246,7 @@ userauth_log(Authctxt *authctxt, int authenticated, char *method)
/* Raise logging level */
if (authenticated == 1 ||
!authctxt->valid ||
- authctxt->attempt >= AUTH_FAIL_LOG ||
+ authctxt->failures >= AUTH_FAIL_LOG ||
strcmp(method, "password") == 0)
authlog = log;
@@ -276,6 +275,7 @@ userauth_log(Authctxt *authctxt, int authenticated, char *method)
void
userauth_reply(Authctxt *authctxt, int authenticated)
{
+ char *methods;
/* XXX todo: check if multiple auth methods are needed */
if (authenticated == 1) {
/* turn off userauth */
@@ -286,7 +286,9 @@ userauth_reply(Authctxt *authctxt, int authenticated)
/* now we can break out */
authctxt->success = 1;
} else if (authenticated == 0) {
- char *methods = authmethods_get();
+ if (authctxt->failures++ >= AUTH_FAIL_MAX)
+ packet_disconnect("too many failed userauth_requests");
+ methods = authmethods_get();
packet_start(SSH2_MSG_USERAUTH_FAILURE);
packet_put_cstring(methods);
packet_put_char(0); /* XXX partial success, unused */