Rivoreo Source Code Repositories
src.rivoreo.one / security / openssh-library / 4230a5dc305d1b39bc118befcc1ccfe933281b75
commit4230a5dc305d1b39bc118befcc1ccfe933281b75[log] [download]
authorDarren Tucker <dtucker@zip.com.au>Wed Jul 02 22:56:09 2008 +1000
committerDarren Tucker <dtucker@zip.com.au>Wed Jul 02 22:56:09 2008 +1000
tree68bd413a4e590c6aae5ea8e0b90c76baf933a7e6
parent33c787f23c0267c679ad3e3f8bc4679c6ced5ea3 [diff]
   - djm@cvs.openbsd.org 2008/07/02 12:36:39
     [auth2-none.c auth2.c]
     Make protocol 2 MaxAuthTries behaviour a little more sensible:
     Check whether client has exceeded MaxAuthTries before running
     an authentication method and skip it if they have, previously it
     would always allow one try (for "none" auth).
     Preincrement failure count before post-auth test - previously this
     checked and postincremented, also to allow one "none" try.
     Together, these two changes always count the "none" auth method
     which could be skipped by a malicious client (e.g. an SSH worm)
     to get an extra attempt at a real auth method. They also make
     MaxAuthTries=0 a useful way to block users entirely (esp. in a
     sshd_config Match block).
     Also, move sending of any preauth banner from "none" auth method
     to the first call to input_userauth_request(), so worms that skip
     the "none" method get to see it too.
3 files changed
tree: 68bd413a4e590c6aae5ea8e0b90c76baf933a7e6
  1. .cvsignore
  2. CREDITS
  3. ChangeLog
  4. INSTALL
  5. LICENCE
  6. Makefile.in
  7. OVERVIEW
  8. PROTOCOL
  9. PROTOCOL.agent
  10. README
  11. README.dns
  12. README.platform
  13. README.privsep
  14. README.smartcard
  15. README.tun
  16. TODO
  17. WARNING.RNG
  18. aclocal.m4
  19. acss.c
  20. acss.h
  21. addrmatch.c
  22. atomicio.c
  23. atomicio.h
  24. audit-bsm.c
  25. audit.c
  26. audit.h
  27. auth-bsdauth.c
  28. auth-chall.c
  29. auth-krb5.c
  30. auth-options.c
  31. auth-options.h
  32. auth-pam.c
  33. auth-pam.h
  34. auth-passwd.c
  35. auth-rh-rsa.c
  36. auth-rhosts.c
  37. auth-rsa.c
  38. auth-shadow.c
  39. auth-sia.c
  40. auth-sia.h
  41. auth-skey.c
  42. auth.c
  43. auth.h
  44. auth1.c
  45. auth2-chall.c
  46. auth2-gss.c
  47. auth2-hostbased.c
  48. auth2-kbdint.c
  49. auth2-none.c
  50. auth2-passwd.c
  51. auth2-pubkey.c
  52. auth2.c
  53. authfd.c
  54. authfd.h
  55. authfile.c
  56. authfile.h
  57. bufaux.c
  58. bufbn.c
  59. buffer.c
  60. buffer.h
  61. buildpkg.sh.in
  62. canohost.c
  63. canohost.h
  64. channels.c
  65. channels.h
  66. cipher-3des1.c
  67. cipher-acss.c
  68. cipher-aes.c
  69. cipher-bf1.c
  70. cipher-ctr.c
  71. cipher.c
  72. cipher.h
  73. cleanup.c
  74. clientloop.c
  75. clientloop.h
  76. compat.c
  77. compat.h
  78. compress.c
  79. compress.h
  80. config.guess
  81. config.sub
  82. configure.ac
  83. contrib/
  84. crc32.c
  85. crc32.h
  86. deattack.c
  87. deattack.h
  88. defines.h
  89. dh.c
  90. dh.h
  91. dispatch.c
  92. dispatch.h
  93. dns.c
  94. dns.h
  95. entropy.c
  96. entropy.h
  97. fatal.c
  98. fixpaths
  99. fixprogs
  100. groupaccess.c
  101. groupaccess.h
  102. gss-genr.c
  103. gss-serv-krb5.c
  104. gss-serv.c
  105. hostfile.c
  106. hostfile.h
  107. includes.h
  108. install-sh
  109. kex.c
  110. kex.h
  111. kexdh.c
  112. kexdhc.c
  113. kexdhs.c
  114. kexgex.c
  115. kexgexc.c
  116. kexgexs.c
  117. key.c
  118. key.h
  119. log.c
  120. log.h
  121. loginrec.c
  122. loginrec.h
  123. logintest.c
  124. mac.c
  125. mac.h
  126. match.c
  127. match.h
  128. md-sha256.c
  129. md5crypt.c
  130. md5crypt.h
  131. mdoc2man.awk
  132. misc.c
  133. misc.h
  134. mkinstalldirs
  135. moduli
  136. moduli.5
  137. moduli.c
  138. monitor.c
  139. monitor.h
  140. monitor_fdpass.c
  141. monitor_fdpass.h
  142. monitor_mm.c
  143. monitor_mm.h
  144. monitor_wrap.c
  145. monitor_wrap.h
  146. msg.c
  147. msg.h
  148. mux.c
  149. myproposal.h
  150. nchan.c
  151. nchan.ms
  152. nchan2.ms
  153. openbsd-compat/
  154. openssh.xml.in
  155. opensshd.init.in
  156. packet.c
  157. packet.h
  158. pathnames.h
  159. platform.c
  160. platform.h
  161. progressmeter.c
  162. progressmeter.h
  163. readconf.c
  164. readconf.h
  165. readpass.c
  166. regress/
  167. rijndael.c
  168. rijndael.h
  169. rsa.c
  170. rsa.h
  171. scard-opensc.c
  172. scard.c
  173. scard.h
  174. scard/
  175. scp.1
  176. scp.c
  177. servconf.c
  178. servconf.h
  179. serverloop.c
  180. serverloop.h
  181. session.c
  182. session.h
  183. sftp-client.c
  184. sftp-client.h
  185. sftp-common.c
  186. sftp-common.h
  187. sftp-glob.c
  188. sftp-server-main.c
  189. sftp-server.8
  190. sftp-server.c
  191. sftp.1
  192. sftp.c
  193. sftp.h
  194. ssh-add.1
  195. ssh-add.c
  196. ssh-agent.1
  197. ssh-agent.c
  198. ssh-dss.c
  199. ssh-gss.h
  200. ssh-keygen.1
  201. ssh-keygen.c
  202. ssh-keyscan.1
  203. ssh-keyscan.c
  204. ssh-keysign.8
  205. ssh-keysign.c
  206. ssh-rand-helper.8
  207. ssh-rand-helper.c
  208. ssh-rsa.c
  209. ssh.1
  210. ssh.c
  211. ssh.h
  212. ssh1.h
  213. ssh2.h
  214. ssh_config
  215. ssh_config.5
  216. ssh_prng_cmds.in
  217. sshconnect.c
  218. sshconnect.h
  219. sshconnect1.c
  220. sshconnect2.c
  221. sshd.8
  222. sshd.c
  223. sshd_config
  224. sshd_config.5
  225. sshlogin.c
  226. sshlogin.h
  227. sshpty.c
  228. sshpty.h
  229. sshtty.c
  230. survey.sh.in
  231. ttymodes.c
  232. ttymodes.h
  233. uidswap.c
  234. uidswap.h
  235. umac.c
  236. umac.h
  237. uuencode.c
  238. uuencode.h
  239. version.h
  240. xmalloc.c
  241. xmalloc.h