Attachment #382 for bug #561

Lines 170-176 auth_log(Authctxt *authctxt, int authent Link Here

(-)auth.c (-1 / +1 lines)
170	/* Raise logging level */	170	/* Raise logging level */
171	if (authenticated == 1 \|\|	171	if (authenticated == 1 \|\|
172	!authctxt->valid \|\|	172	!authctxt->valid \|\|
173	authctxt->failures >= AUTH_FAIL_LOG \|\|	173	authctxt->failures >= options.max_authtries / 2 \|\|
174	strcmp(method, "password") == 0)	174	strcmp(method, "password") == 0)
175	authlog = logit;	175	authlog = logit;
176		176

Lines 172-179 void auth_debug_reset(void); Link Here

(-)auth.h (-2 lines)
172		172
173	struct passwd *fakepw(void);	173	struct passwd *fakepw(void);
174		174
175	#define AUTH_FAIL_MAX 6
176	#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2)
177	#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"	175	#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
178		176
179	#define SKEY_PROMPT "\nS/Key Password: "	177	#define SKEY_PROMPT "\nS/Key Password: "

Lines 222-228 do_authloop(Authctxt *authctxt) Link Here

(-)auth1.c (-1 / +1 lines)
222	if (authenticated)	222	if (authenticated)
223	return;	223	return;
224		224
225	if (authctxt->failures++ > AUTH_FAIL_MAX)	225	if (authctxt->failures++ > options.max_authtries)
226	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);	226	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
227		227
228	packet_start(SSH_SMSG_FAILURE);	228	packet_start(SSH_SMSG_FAILURE);

Lines 232-238 userauth_finish(Authctxt *authctxt, int Link Here

(-)auth2.c (-1 / +1 lines)
232	/* now we can break out */	232	/* now we can break out */
233	authctxt->success = 1;	233	authctxt->success = 1;
234	} else {	234	} else {
235	if (authctxt->failures++ > AUTH_FAIL_MAX)	235	if (authctxt->failures++ > options.max_authtries)
236	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);	236	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
237	methods = authmethods_get();	237	methods = authmethods_get();
238	packet_start(SSH2_MSG_USERAUTH_FAILURE);	238	packet_start(SSH2_MSG_USERAUTH_FAILURE);

Lines 89-94 initialize_server_options(ServerOptions Link Here

(-)servconf.c (-1 / +10 lines)
89	options->max_startups_begin = -1;	89	options->max_startups_begin = -1;
90	options->max_startups_rate = -1;	90	options->max_startups_rate = -1;
91	options->max_startups = -1;	91	options->max_startups = -1;
		92	options->max_authtries = -1;
92	options->banner = NULL;	93	options->banner = NULL;
93	options->use_dns = -1;	94	options->use_dns = -1;
94	options->client_alive_interval = -1;	95	options->client_alive_interval = -1;
Lines 199-204 fill_default_server_options(ServerOption Link Here
199	options->max_startups_rate = 100; /* 100% */	200	options->max_startups_rate = 100; /* 100% */
200	if (options->max_startups_begin == -1)	201	if (options->max_startups_begin == -1)
201	options->max_startups_begin = options->max_startups;	202	options->max_startups_begin = options->max_startups;
		203	if (options->max_authtries == -1)
		204	options->max_authtries = 6;
202	if (options->use_dns == -1)	205	if (options->use_dns == -1)
203	options->use_dns = 1;	206	options->use_dns = 1;
204	if (options->client_alive_interval == -1)	207	if (options->client_alive_interval == -1)
Lines 235-241 typedef enum { Link Here
235	sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,	238	sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
236	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,	239	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
237	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,	240	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
238	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,	241	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,
		242	sMaxStartups, sMaxAuthTries,
239	sBanner, sUseDNS, sHostbasedAuthentication,	243	sBanner, sUseDNS, sHostbasedAuthentication,
240	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,	244	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
241	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,	245	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
Lines 315-320 static struct { Link Here
315	{ "gatewayports", sGatewayPorts },	319	{ "gatewayports", sGatewayPorts },
316	{ "subsystem", sSubsystem },	320	{ "subsystem", sSubsystem },
317	{ "maxstartups", sMaxStartups },	321	{ "maxstartups", sMaxStartups },
		322	{ "maxauthtries", sMaxAuthTries },
318	{ "banner", sBanner },	323	{ "banner", sBanner },
319	{ "usedns", sUseDNS },	324	{ "usedns", sUseDNS },
320	{ "verifyreversemapping", sDeprecated },	325	{ "verifyreversemapping", sDeprecated },
Lines 815-820 parse_flag: Link Here
815	else	820	else
816	options->max_startups = options->max_startups_begin;	821	options->max_startups = options->max_startups_begin;
817	break;	822	break;
		823
		824	case sMaxAuthTries:
		825	intptr = &options->max_authtries;
		826	goto parse_int;
818		827
819	case sBanner:	828	case sBanner:
820	charptr = &options->banner;	829	charptr = &options->banner;

Lines 108-113 typedef struct { Link Here

(-)servconf.h (+1 lines)
108	int max_startups_begin;	108	int max_startups_begin;
109	int max_startups_rate;	109	int max_startups_rate;
110	int max_startups;	110	int max_startups;
		111	int max_authtries;
111	char banner; / SSH-2 banner message */	112	char banner; / SSH-2 banner message */
112	int use_dns;	113	int use_dns;
113	int client_alive_interval; /*	114	int client_alive_interval; /*

Return to bug 561