summaryrefslogtreecommitdiffstats
path: root/auth-pam.h
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2016-07-18 01:33:25 +0200
committerDarren Tucker <dtucker@zip.com.au>2016-07-18 01:33:25 +0200
commit01558b7b07af43da774d3a11a5c51fa9c310849d (patch)
tree97052332089b01018034206d1dcd683c4177f787 /auth-pam.h
parentupstream commit (diff)
downloadopenssh-01558b7b07af43da774d3a11a5c51fa9c310849d.tar.xz
openssh-01558b7b07af43da774d3a11a5c51fa9c310849d.zip
Handle PAM_MAXTRIES from modules.
bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer password and keyboard-interative authentication methods. Should prevent "sshd ignoring max retries" warnings in the log. ok djm@ It probably won't trigger with keyboard-interactive in the default configuration because the retry counter is stored in module-private storage which goes away with the sshd PAM process (see bz#688). On the other hand, those cases probably won't log a warning either.
Diffstat (limited to 'auth-pam.h')
-rw-r--r--auth-pam.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/auth-pam.h b/auth-pam.h
index a1a2b52d8..2e9a0c0a3 100644
--- a/auth-pam.h
+++ b/auth-pam.h
@@ -45,6 +45,8 @@ void free_pam_environment(char **);
void sshpam_thread_cleanup(void);
void sshpam_cleanup(void);
int sshpam_auth_passwd(Authctxt *, const char *);
+int sshpam_get_maxtries_reached(void);
+void sshpam_set_maxtries_reached(int);
int is_pam_session_open(void);
#endif /* USE_PAM */