In sshconnect2.c the userauth_passwd() and userauth_kbdint() functions
have a static int variable to count the password attempts.
I think these should be placed into the authentication-context
(Authctxt) instead.
Also, in the cauthctxt struct, there is an unused structure member named
attempt.
Markus
diff --git a/sshconnect2.c b/sshconnect2.c
index 1675f39..757e25e 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -268,7 +268,6 @@ struct cauthctxt {
struct cauthmethod *method;
sig_atomic_t success;
char *authlist;
- int attempt;
/* pubkey */
struct idlist keys;
int agent_fd;
@@ -278,6 +277,9 @@ struct cauthctxt {
const char *active_ktype;
/* kbd-interactive */
int info_req_seen;
+ int attempt_kbdint;
+ /* password */
+ int attempt_passwd;
/* generic */
void *methoddata;
};
@@ -391,6 +393,8 @@ ssh_userauth2(const char *local_user, const char
*server_user, char *host,
authctxt.sensitive = sensitive;
authctxt.active_ktype = authctxt.oktypes = authctxt.ktypes = NULL;
authctxt.info_req_seen = 0;
+ authctxt.attempt_kbdint = 0;
+ authctxt.attempt_passwd = 0;
authctxt.agent_fd = -1;
if (authctxt.method == NULL)
fatal("ssh_userauth2: internal error: cannot send userauth none
request");
@@ -957,17 +961,16 @@ int
userauth_passwd(Authctxt *authctxt)
{
struct ssh *ssh = active_state; /* XXX */
- static int attempt = 0;
char prompt[256];
char *password;
const char *host = options.host_key_alias ? options.host_key_alias :
authctxt->host;
int r;
- if (attempt++ >= options.number_of_password_prompts)
+ if (authctxt->attempt_passwd++ >= options.number_of_password_prompts)
return 0;
- if (attempt != 1)
+ if (authctxt->attempt_passwd != 1)
error("Permission denied, please try again.");
snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
@@ -1707,13 +1710,12 @@ int
userauth_kbdint(Authctxt *authctxt)
{
struct ssh *ssh = active_state; /* XXX */
- static int attempt = 0;
int r;
- if (attempt++ >= options.number_of_password_prompts)
+ if (authctxt->attempt_kbdint++ >= options.number_of_password_prompts)
return 0;
/* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
- if (attempt > 1 && !authctxt->info_req_seen) {
+ if (authctxt->attempt_kbdint > 1 && !authctxt->info_req_seen) {
debug3("userauth_kbdint: disable: no info_req_seen");
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
return 0;
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev