From 0b4d48ba74cca40e983d96ba13e66908cf5b5666 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sat, 5 Jul 2008 09:44:53 +1000
Subject:    - djm@cvs.openbsd.org 2008/07/04 23:30:16      [auth1.c auth2.c]  
    Make protocol 1 MaxAuthTries logic match protocol 2's.      Do not treat
 the first protocol 2 authentication attempt as      a failure IFF it is for
 method "none".      Makes MaxAuthTries' user-visible behaviour identical for 
     protocol 1 vs 2.      ok dtucker@

---
 auth1.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'auth1.c')

diff --git a/auth1.c b/auth1.c
index b5798f63..834ef045 100644
--- a/auth1.c
+++ b/auth1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth1.c,v 1.72 2008/05/08 12:02:23 djm Exp $ */
+/* $OpenBSD: auth1.c,v 1.73 2008/07/04 23:30:16 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -284,6 +284,8 @@ do_authloop(Authctxt *authctxt)
 		    type != SSH_CMSG_AUTH_TIS_RESPONSE)
 			abandon_challenge_response(authctxt);
 
+		if (authctxt->failures >= options.max_authtries)
+			goto skip;
 		if ((meth = lookup_authmethod1(type)) == NULL) {
 			logit("Unknown message during authentication: "
 			    "type %d", type);
@@ -368,7 +370,7 @@ do_authloop(Authctxt *authctxt)
 		if (authenticated)
 			return;
 
-		if (authctxt->failures++ > options.max_authtries) {
+		if (++authctxt->failures >= options.max_authtries) {
 #ifdef SSH_AUDIT_EVENTS
 			PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
 #endif
-- 
cgit v1.2.3