1c1
< /* $OpenBSD: auth2.c,v 1.113 2006/08/03 03:34:41 deraadt Exp $ */
---
> /* $OpenBSD: auth2.c,v 1.119 2008/07/04 23:30:16 djm Exp $ */
27c27
< __RCSID("$FreeBSD: head/crypto/openssh/auth2.c 181097 2008-08-01 01:13:41Z des $");
---
> __RCSID("$FreeBSD: head/crypto/openssh/auth2.c 181111 2008-08-01 02:48:36Z des $");
29a30,31
> #include <sys/stat.h>
> #include <sys/uio.h>
30a33
> #include <fcntl.h>
33a37
> #include <unistd.h>
35a40
> #include "atomicio.h"
92d96
< int user_key_allowed(struct passwd *, Key *);
93a98,162
> char *
> auth2_read_banner(void)
> {
> struct stat st;
> char *banner = NULL;
> size_t len, n;
> int fd;
>
> if ((fd = open(options.banner, O_RDONLY)) == -1)
> return (NULL);
> if (fstat(fd, &st) == -1) {
> close(fd);
> return (NULL);
> }
> if (st.st_size > 1*1024*1024) {
> close(fd);
> return (NULL);
> }
>
> len = (size_t)st.st_size; /* truncate */
> banner = xmalloc(len + 1);
> n = atomicio(read, fd, banner, len);
> close(fd);
>
> if (n != len) {
> xfree(banner);
> return (NULL);
> }
> banner[n] = '\0';
>
> return (banner);
> }
>
> void
> userauth_send_banner(const char *msg)
> {
> if (datafellows & SSH_BUG_BANNER)
> return;
>
> packet_start(SSH2_MSG_USERAUTH_BANNER);
> packet_put_cstring(msg);
> packet_put_cstring(""); /* language, unused */
> packet_send();
> debug("%s: sent", __func__);
> }
>
> static void
> userauth_banner(void)
> {
> char *banner = NULL;
>
> if (options.banner == NULL ||
> strcasecmp(options.banner, "none") == 0 ||
> (datafellows & SSH_BUG_BANNER) != 0)
> return;
>
> if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
> goto done;
> userauth_send_banner(banner);
>
> done:
> if (banner)
> xfree(banner);
> }
>
97d165
<
101,104d168
< /* challenge-response is implemented via keyboard interactive */
< if (options.challenge_response_authentication)
< options.kbd_interactive_authentication = 1;
<
195a260
> userauth_banner();
235c300
< if (m != NULL) {
---
> if (m != NULL && authctxt->failures < options.max_authtries) {
302c367,371
< if (authctxt->failures++ > options.max_authtries) {
---
>
> /* Allow initial try of "none" auth without failure penalty */
> if (authctxt->attempt > 1 || strcmp(method, "none") != 0)
> authctxt->failures++;
> if (authctxt->failures >= options.max_authtries) {
318,319d386
< #define DELIM ","
<
359a427
>
< /* $OpenBSD: auth2.c,v 1.113 2006/08/03 03:34:41 deraadt Exp $ */
---
> /* $OpenBSD: auth2.c,v 1.119 2008/07/04 23:30:16 djm Exp $ */
27c27
< __RCSID("$FreeBSD: head/crypto/openssh/auth2.c 181097 2008-08-01 01:13:41Z des $");
---
> __RCSID("$FreeBSD: head/crypto/openssh/auth2.c 181111 2008-08-01 02:48:36Z des $");
29a30,31
> #include <sys/stat.h>
> #include <sys/uio.h>
30a33
> #include <fcntl.h>
33a37
> #include <unistd.h>
35a40
> #include "atomicio.h"
92d96
< int user_key_allowed(struct passwd *, Key *);
93a98,162
> char *
> auth2_read_banner(void)
> {
> struct stat st;
> char *banner = NULL;
> size_t len, n;
> int fd;
>
> if ((fd = open(options.banner, O_RDONLY)) == -1)
> return (NULL);
> if (fstat(fd, &st) == -1) {
> close(fd);
> return (NULL);
> }
> if (st.st_size > 1*1024*1024) {
> close(fd);
> return (NULL);
> }
>
> len = (size_t)st.st_size; /* truncate */
> banner = xmalloc(len + 1);
> n = atomicio(read, fd, banner, len);
> close(fd);
>
> if (n != len) {
> xfree(banner);
> return (NULL);
> }
> banner[n] = '\0';
>
> return (banner);
> }
>
> void
> userauth_send_banner(const char *msg)
> {
> if (datafellows & SSH_BUG_BANNER)
> return;
>
> packet_start(SSH2_MSG_USERAUTH_BANNER);
> packet_put_cstring(msg);
> packet_put_cstring(""); /* language, unused */
> packet_send();
> debug("%s: sent", __func__);
> }
>
> static void
> userauth_banner(void)
> {
> char *banner = NULL;
>
> if (options.banner == NULL ||
> strcasecmp(options.banner, "none") == 0 ||
> (datafellows & SSH_BUG_BANNER) != 0)
> return;
>
> if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
> goto done;
> userauth_send_banner(banner);
>
> done:
> if (banner)
> xfree(banner);
> }
>
97d165
<
101,104d168
< /* challenge-response is implemented via keyboard interactive */
< if (options.challenge_response_authentication)
< options.kbd_interactive_authentication = 1;
<
195a260
> userauth_banner();
235c300
< if (m != NULL) {
---
> if (m != NULL && authctxt->failures < options.max_authtries) {
302c367,371
< if (authctxt->failures++ > options.max_authtries) {
---
>
> /* Allow initial try of "none" auth without failure penalty */
> if (authctxt->attempt > 1 || strcmp(method, "none") != 0)
> authctxt->failures++;
> if (authctxt->failures >= options.max_authtries) {
318,319d386
< #define DELIM ","
<
359a427
>