auth*.c

mandar at webchat.chatsystems.com mandar at webchat.chatsystems.com
Wed Dec 26 11:34:36 EST 2001


Folks,

During testing, we found a couple of issues with openssh3.0.2p1:

1. In userauth_finish() in auth2.c (as well as in do_authloop in auth1.c),
the foll. check:

  if (authctxt->failures++ > AUTH_FAIL_MAX)

is never satisfied and thus packet_disconnect() never gets called. I
suspect the code just drops out of the dispatch_run function list instead.
This should be an == instead of >. While looking at the debug output
when deliberately entering wrong passwords, I noticed one try for none,
three for password, and then three for keyboard-interactive, at which point
authctxt->failures is 6, and then the loop completes.

2. I'd like to move loginfailed() within the #ifdef WITH_AIXAUTHENTICATE
of auth1.c and auth2.c to auth_log() instead, and call it on every
password method failure, as well as an overall authctxt->failures ==
AUTH_FAIL_MAX check for the other methods. This should clean up the code a
bit, and should fix the issue of the unsuccessful login counter not being
incremented on each unsucessful try.


Please let me know if I should go ahead and submit cdiffs for auth.c,
auth1.c and auth2.c through bugzilla, or if these problems are already
known/assigned/resolved, or if I've missed something..thanks.

- Mandar





More information about the openssh-unix-dev mailing list