diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2019-01-04 04:27:50 +0100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-01-04 04:29:37 +0100 |
| commit | 4a526941d328fc3d97068c6a4cbd9b71b70fe5e1 (patch) | |
| tree | 4b622c692639d3a64e644bc0a0c6e258f65373d3 | |
| parent | upstream: fix memory leak of ciphercontext when rekeying; bz#2942 (diff) | |
| download | openssh-4a526941d328fc3d97068c6a4cbd9b71b70fe5e1.tar.xz openssh-4a526941d328fc3d97068c6a4cbd9b71b70fe5e1.zip | |
upstream: eliminate function-static attempt counters for
passwd/kbdint authmethods by moving them to the client authctxt; Patch from
Markus Schmidt, ok markus@
OpenBSD-Commit-ID: 4df4404a5d5416eb056f68e0e2f4fa91ba3b3f7f
| -rw-r--r-- | sshconnect2.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 19caebabc..0e8f323d6 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.291 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.292 2019/01/04 03:27:50 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -264,7 +264,6 @@ struct cauthctxt { struct cauthmethod *method; sig_atomic_t success; char *authlist; - int attempt; /* pubkey */ struct idlist keys; int agent_fd; @@ -274,6 +273,9 @@ struct cauthctxt { const char *active_ktype; /* kbd-interactive */ int info_req_seen; + int attempt_kbdint; + /* password */ + int attempt_passwd; /* generic */ void *methoddata; }; @@ -385,6 +387,8 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, authctxt.sensitive = sensitive; authctxt.active_ktype = authctxt.oktypes = authctxt.ktypes = NULL; authctxt.info_req_seen = 0; + authctxt.attempt_kbdint = 0; + authctxt.attempt_passwd = 0; authctxt.agent_fd = -1; pubkey_prepare(&authctxt); if (authctxt.method == NULL) { @@ -954,16 +958,15 @@ int userauth_passwd(Authctxt *authctxt) { struct ssh *ssh = active_state; /* XXX */ - static int attempt = 0; char *password, *prompt = NULL; const char *host = options.host_key_alias ? options.host_key_alias : authctxt->host; int r; - if (attempt++ >= options.number_of_password_prompts) + if (authctxt->attempt_passwd++ >= options.number_of_password_prompts) return 0; - if (attempt != 1) + if (authctxt->attempt_passwd != 1) error("Permission denied, please try again."); xasprintf(&prompt, "%s@%s's password: ", authctxt->server_user, host); @@ -1705,13 +1708,12 @@ int userauth_kbdint(Authctxt *authctxt) { struct ssh *ssh = active_state; /* XXX */ - static int attempt = 0; int r; - if (attempt++ >= options.number_of_password_prompts) + if (authctxt->attempt_kbdint++ >= options.number_of_password_prompts) return 0; /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */ - if (attempt > 1 && !authctxt->info_req_seen) { + if (authctxt->attempt_kbdint > 1 && !authctxt->info_req_seen) { debug3("userauth_kbdint: disable: no info_req_seen"); ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, NULL); return 0; |