diff options
author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2008-08-01 02:48:36 +0000 |
---|---|---|
committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2008-08-01 02:48:36 +0000 |
commit | d4af9e693f15f5155095f38c7650b24fe74ae351 (patch) | |
tree | ed813bdf7d8dbee35f19092d185e1a2793885204 /crypto/openssh/auth1.c | |
parent | b0f9661dfbf75198259c7128685d06cd91a18d61 (diff) | |
parent | bf2dc2ac25811c5fe81e4fd0837ef3c92a0c9c00 (diff) | |
download | src-d4af9e693f15f5155095f38c7650b24fe74ae351.tar.gz src-d4af9e693f15f5155095f38c7650b24fe74ae351.zip |
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.
MFC after: 6 weeks
Notes
Notes:
svn path=/head/; revision=181111
Diffstat (limited to 'crypto/openssh/auth1.c')
-rw-r--r-- | crypto/openssh/auth1.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/crypto/openssh/auth1.c b/crypto/openssh/auth1.c index b9d6b1115f4f..b8a255872327 100644 --- a/crypto/openssh/auth1.c +++ b/crypto/openssh/auth1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth1.c,v 1.70 2006/08/03 03:34:41 deraadt Exp $ */ +/* $OpenBSD: auth1.c,v 1.73 2008/07/04 23:30:16 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -20,6 +20,7 @@ #include <unistd.h> #include <pwd.h> +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "rsa.h" #include "ssh1.h" @@ -283,6 +284,8 @@ do_authloop(Authctxt *authctxt) type != SSH_CMSG_AUTH_TIS_RESPONSE) abandon_challenge_response(authctxt); + if (authctxt->failures >= options.max_authtries) + goto skip; if ((meth = lookup_authmethod1(type)) == NULL) { logit("Unknown message during authentication: " "type %d", type); @@ -351,7 +354,7 @@ do_authloop(Authctxt *authctxt) msg[len] = '\0'; else msg = "Access denied."; - packet_disconnect(msg); + packet_disconnect("%s", msg); } #endif @@ -367,7 +370,7 @@ do_authloop(Authctxt *authctxt) if (authenticated) return; - if (authctxt->failures++ > options.max_authtries) { + if (++authctxt->failures >= options.max_authtries) { #ifdef SSH_AUDIT_EVENTS PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); #endif |