Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 4230a5dc305d1b39bc118befcc1ccfe933281b75
commit4230a5dc305d1b39bc118befcc1ccfe933281b75[log] [tgz]
authorDarren Tucker <dtucker@zip.com.au>Wed Jul 02 22:56:09 2008 +1000
committerDarren Tucker <dtucker@zip.com.au>Wed Jul 02 22:56:09 2008 +1000
tree68bd413a4e590c6aae5ea8e0b90c76baf933a7e6
parent33c787f23c0267c679ad3e3f8bc4679c6ced5ea3 [diff]
   - djm@cvs.openbsd.org 2008/07/02 12:36:39
     [auth2-none.c auth2.c]
     Make protocol 2 MaxAuthTries behaviour a little more sensible:
     Check whether client has exceeded MaxAuthTries before running
     an authentication method and skip it if they have, previously it
     would always allow one try (for "none" auth).
     Preincrement failure count before post-auth test - previously this
     checked and postincremented, also to allow one "none" try.
     Together, these two changes always count the "none" auth method
     which could be skipped by a malicious client (e.g. an SSH worm)
     to get an extra attempt at a real auth method. They also make
     MaxAuthTries=0 a useful way to block users entirely (esp. in a
     sshd_config Match block).
     Also, move sending of any preauth banner from "none" auth method
     to the first call to input_userauth_request(), so worms that skip
     the "none" method get to see it too.
3 files changed
tree: 68bd413a4e590c6aae5ea8e0b90c76baf933a7e6
  1. contrib/
  2. openbsd-compat/
  3. regress/
  4. scard/
  5. .cvsignore
  6. aclocal.m4
  7. acss.c
  8. acss.h
  9. addrmatch.c
  10. atomicio.c
  11. atomicio.h
  12. audit-bsm.c
  13. audit.c
  14. audit.h
  15. auth-bsdauth.c
  16. auth-chall.c
  17. auth-krb5.c
  18. auth-options.c
  19. auth-options.h
  20. auth-pam.c
  21. auth-pam.h
  22. auth-passwd.c
  23. auth-rh-rsa.c
  24. auth-rhosts.c
  25. auth-rsa.c
  26. auth-shadow.c
  27. auth-sia.c
  28. auth-sia.h
  29. auth-skey.c
  30. auth.c
  31. auth.h
  32. auth1.c
  33. auth2-chall.c
  34. auth2-gss.c
  35. auth2-hostbased.c
  36. auth2-kbdint.c
  37. auth2-none.c
  38. auth2-passwd.c
  39. auth2-pubkey.c
  40. auth2.c
  41. authfd.c
  42. authfd.h
  43. authfile.c
  44. authfile.h
  45. bufaux.c
  46. bufbn.c
  47. buffer.c
  48. buffer.h
  49. buildpkg.sh.in
  50. canohost.c
  51. canohost.h
  52. ChangeLog
  53. channels.c
  54. channels.h
  55. cipher-3des1.c
  56. cipher-acss.c
  57. cipher-aes.c
  58. cipher-bf1.c
  59. cipher-ctr.c
  60. cipher.c
  61. cipher.h
  62. cleanup.c
  63. clientloop.c
  64. clientloop.h
  65. compat.c
  66. compat.h
  67. compress.c
  68. compress.h
  69. config.guess
  70. config.sub
  71. configure.ac
  72. crc32.c
  73. crc32.h
  74. CREDITS
  75. deattack.c
  76. deattack.h
  77. defines.h
  78. dh.c
  79. dh.h
  80. dispatch.c
  81. dispatch.h
  82. dns.c
  83. dns.h
  84. entropy.c
  85. entropy.h
  86. fatal.c
  87. fixpaths
  88. fixprogs
  89. groupaccess.c
  90. groupaccess.h
  91. gss-genr.c
  92. gss-serv-krb5.c
  93. gss-serv.c
  94. hostfile.c
  95. hostfile.h
  96. includes.h
  97. INSTALL
  98. install-sh
  99. kex.c
  100. kex.h
  101. kexdh.c
  102. kexdhc.c
  103. kexdhs.c
  104. kexgex.c
  105. kexgexc.c
  106. kexgexs.c
  107. key.c
  108. key.h
  109. LICENCE
  110. log.c
  111. log.h
  112. loginrec.c
  113. loginrec.h
  114. logintest.c
  115. mac.c
  116. mac.h
  117. Makefile.in
  118. match.c
  119. match.h
  120. md-sha256.c
  121. md5crypt.c
  122. md5crypt.h
  123. mdoc2man.awk
  124. misc.c
  125. misc.h
  126. mkinstalldirs
  127. moduli
  128. moduli.5
  129. moduli.c
  130. monitor.c
  131. monitor.h
  132. monitor_fdpass.c
  133. monitor_fdpass.h
  134. monitor_mm.c
  135. monitor_mm.h
  136. monitor_wrap.c
  137. monitor_wrap.h
  138. msg.c
  139. msg.h
  140. mux.c
  141. myproposal.h
  142. nchan.c
  143. nchan.ms
  144. nchan2.ms
  145. openssh.xml.in
  146. opensshd.init.in
  147. OVERVIEW
  148. packet.c
  149. packet.h
  150. pathnames.h
  151. platform.c
  152. platform.h
  153. progressmeter.c
  154. progressmeter.h
  155. PROTOCOL
  156. PROTOCOL.agent
  157. readconf.c
  158. readconf.h
  159. README
  160. README.dns
  161. README.platform
  162. README.privsep
  163. README.smartcard
  164. README.tun
  165. readpass.c
  166. rijndael.c
  167. rijndael.h
  168. rsa.c
  169. rsa.h
  170. scard-opensc.c
  171. scard.c
  172. scard.h
  173. scp.1
  174. scp.c
  175. servconf.c
  176. servconf.h
  177. serverloop.c
  178. serverloop.h
  179. session.c
  180. session.h
  181. sftp-client.c
  182. sftp-client.h
  183. sftp-common.c
  184. sftp-common.h
  185. sftp-glob.c
  186. sftp-server-main.c
  187. sftp-server.8
  188. sftp-server.c
  189. sftp.1
  190. sftp.c
  191. sftp.h
  192. ssh-add.1
  193. ssh-add.c
  194. ssh-agent.1
  195. ssh-agent.c
  196. ssh-dss.c
  197. ssh-gss.h
  198. ssh-keygen.1
  199. ssh-keygen.c
  200. ssh-keyscan.1
  201. ssh-keyscan.c
  202. ssh-keysign.8
  203. ssh-keysign.c
  204. ssh-rand-helper.8
  205. ssh-rand-helper.c
  206. ssh-rsa.c
  207. ssh.1
  208. ssh.c
  209. ssh.h
  210. ssh1.h
  211. ssh2.h
  212. ssh_config
  213. ssh_config.5
  214. ssh_prng_cmds.in
  215. sshconnect.c
  216. sshconnect.h
  217. sshconnect1.c
  218. sshconnect2.c
  219. sshd.8
  220. sshd.c
  221. sshd_config
  222. sshd_config.5
  223. sshlogin.c
  224. sshlogin.h
  225. sshpty.c
  226. sshpty.h
  227. sshtty.c
  228. survey.sh.in
  229. TODO
  230. ttymodes.c
  231. ttymodes.h
  232. uidswap.c
  233. uidswap.h
  234. umac.c
  235. umac.h
  236. uuencode.c
  237. uuencode.h
  238. version.h
  239. WARNING.RNG
  240. xmalloc.c
  241. xmalloc.h