Bugzilla – Attachment 1196 Details for
Bug 1244
Detect auth configuration failures and don't count them against the client
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to add support for noting server caused failures
openssh-servercaused.patch (text/plain), 1.77 KB, created by
Simon Wilkinson
on 2006-10-03 05:08:39 AEST
(
hide
)
Description:
Patch to add support for noting server caused failures
Filename:
MIME Type:
Creator:
Simon Wilkinson
Created:
2006-10-03 05:08:39 AEST
Size:
1.77 KB
patch
obsolete
>Index: auth.h >=================================================================== >RCS file: /cvs/openssh/auth.h,v >retrieving revision 1.76 >diff -u -r1.76 auth.h >--- auth.h 18 Aug 2006 14:32:46 -0000 1.76 >+++ auth.h 2 Oct 2006 18:34:50 -0000 >@@ -53,6 +53,7 @@ > int valid; /* user exists and is allowed to login */ > int attempt; > int failures; >+ int server_caused_failure; > int force_pwchange; > char *user; /* username sent by the client */ > char *service; >Index: auth2-gss.c >=================================================================== >RCS file: /cvs/openssh/auth2-gss.c,v >retrieving revision 1.18 >diff -u -r1.18 auth2-gss.c >--- auth2-gss.c 1 Sep 2006 05:38:36 -0000 1.18 >+++ auth2-gss.c 2 Oct 2006 18:34:50 -0000 >@@ -102,6 +102,7 @@ > > if (!present) { > xfree(doid); >+ authctxt->server_caused_failure = 1; > return (0); > } > >@@ -109,6 +110,7 @@ > if (ctxt != NULL) > ssh_gssapi_delete_ctx(&ctxt); > xfree(doid); >+ authctxt->server_caused_failure = 1; > return (0); > } > >Index: auth2.c >=================================================================== >RCS file: /cvs/openssh/auth2.c,v >retrieving revision 1.142 >diff -u -r1.142 auth2.c >--- auth2.c 5 Aug 2006 02:39:39 -0000 1.142 >+++ auth2.c 2 Oct 2006 18:34:51 -0000 >@@ -199,6 +199,7 @@ > #endif > > authctxt->postponed = 0; >+ authctxt->server_caused_failure = 0; > > /* try to authenticate user */ > m = authmethod_lookup(method); >@@ -269,7 +270,9 @@ > /* now we can break out */ > authctxt->success = 1; > } else { >- if (authctxt->failures++ > options.max_authtries) { >+ /* Dont count server configuration issues against the client */ >+ if (!authctxt->server_caused_failure && >+ authctxt->failures++ > options.max_authtries) { > #ifdef SSH_AUDIT_EVENTS > PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); > #endif
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1196">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1244
: 1196