tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: eliminate function-static attempt counters for 

passwd/kbdint authmethods by moving them to the client authctxt; Patch from
Markus Schmidt, ok markus@

OpenBSD-Commit-ID: 4df4404a5d5416eb056f68e0e2f4fa91ba3b3f7f
This commit is contained in:
djm@openbsd.org 2019-01-04 03:27:50 +00:00 committed by Damien Miller
parent 8a8183474c
commit 4a526941d3
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
sshconnect2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect2.c,v 1.291 2018/12/27 03:25:25 djm Exp $ */ /* $OpenBSD: sshconnect2.c,v 1.292 2019/01/04 03:27:50 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved.
@ -264,7 +264,6 @@ struct cauthctxt {
struct cauthmethod *method; struct cauthmethod *method;
sig_atomic_t success; sig_atomic_t success;
char *authlist; char *authlist;
int attempt;
/* pubkey */ /* pubkey */
struct idlist keys; struct idlist keys;
int agent_fd; int agent_fd;
@ -274,6 +273,9 @@ struct cauthctxt {
const char *active_ktype; const char *active_ktype;
/* kbd-interactive */ /* kbd-interactive */
int info_req_seen; int info_req_seen;
int attempt_kbdint;
/* password */
int attempt_passwd;
/* generic */ /* generic */
void *methoddata; void *methoddata;
}; };
@ -385,6 +387,8 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
authctxt.sensitive = sensitive; authctxt.sensitive = sensitive;
authctxt.active_ktype = authctxt.oktypes = authctxt.ktypes = NULL; authctxt.active_ktype = authctxt.oktypes = authctxt.ktypes = NULL;
authctxt.info_req_seen = 0; authctxt.info_req_seen = 0;
authctxt.attempt_kbdint = 0;
authctxt.attempt_passwd = 0;
authctxt.agent_fd = -1; authctxt.agent_fd = -1;
pubkey_prepare(&authctxt); pubkey_prepare(&authctxt);
if (authctxt.method == NULL) { if (authctxt.method == NULL) {
@ -954,16 +958,15 @@ int
userauth_passwd(Authctxt *authctxt) userauth_passwd(Authctxt *authctxt)
{ {
struct ssh *ssh = active_state; /* XXX */ struct ssh *ssh = active_state; /* XXX */
static int attempt = 0;
char *password, *prompt = NULL; char *password, *prompt = NULL;
const char *host = options.host_key_alias ? options.host_key_alias : const char *host = options.host_key_alias ? options.host_key_alias :
authctxt->host; authctxt->host;
int r; int r;
if (attempt++ >= options.number_of_password_prompts) if (authctxt->attempt_passwd++ >= options.number_of_password_prompts)
return 0; return 0;
if (attempt != 1) if (authctxt->attempt_passwd != 1)
error("Permission denied, please try again."); error("Permission denied, please try again.");
xasprintf(&prompt, "%s@%s's password: ", authctxt->server_user, host); xasprintf(&prompt, "%s@%s's password: ", authctxt->server_user, host);
@ -1705,13 +1708,12 @@ int
userauth_kbdint(Authctxt *authctxt) userauth_kbdint(Authctxt *authctxt)
{ {
struct ssh *ssh = active_state; /* XXX */ struct ssh *ssh = active_state; /* XXX */
static int attempt = 0;
int r; int r;
if (attempt++ >= options.number_of_password_prompts) if (authctxt->attempt_kbdint++ >= options.number_of_password_prompts)
return 0; return 0;
/* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */ /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
if (attempt > 1 && !authctxt->info_req_seen) { if (authctxt->attempt_kbdint > 1 && !authctxt->info_req_seen) {
debug3("userauth_kbdint: disable: no info_req_seen"); debug3("userauth_kbdint: disable: no info_req_seen");
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, NULL); ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
return 0; return 0;