From abf999a8097b318394f084daf70a9c1b87985763 Mon Sep 17 00:00:00 2001 From: Jacob Nevins Date: Sat, 20 Nov 2004 17:11:38 +0000 Subject: [PATCH] As a result of the policy allowing changes of username to reset the authentication state, a failed `password' authentication in SSH-2 was sending us back to trying `none' and `keyboard-interactive' each time round, which uses up OpenSSH's quota of authentication attempts rather quickly. Added a check for `cfg.change_username' to the logic which sends us back to the start. [originally from svn r4849] --- ssh.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ssh.c b/ssh.c index ee5a0894..461ade68 100644 --- a/ssh.c +++ b/ssh.c @@ -5003,7 +5003,8 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) * Additionally, if we'd just tried password * authentication, we should break out of this * whole loop so as to go back to the username - * prompt. + * prompt (iff we're configured to allow + * username change attempts). */ if (s->type == AUTH_TYPE_NONE) { /* do nothing */ @@ -5017,7 +5018,8 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) } else { c_write_str(ssh, "Access denied\r\n"); logevent("Access denied"); - if (s->type == AUTH_TYPE_PASSWORD) { + if (s->type == AUTH_TYPE_PASSWORD && + ssh->cfg.change_username) { s->we_are_in = FALSE; break; }