diff options
author | Darren Tucker <dtucker@zip.com.au> | 2016-07-18 01:33:25 +0200 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2016-07-18 01:33:25 +0200 |
commit | 01558b7b07af43da774d3a11a5c51fa9c310849d (patch) | |
tree | 97052332089b01018034206d1dcd683c4177f787 /auth-pam.h | |
parent | upstream commit (diff) | |
download | openssh-01558b7b07af43da774d3a11a5c51fa9c310849d.tar.xz openssh-01558b7b07af43da774d3a11a5c51fa9c310849d.zip |
Handle PAM_MAXTRIES from modules.
bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer
password and keyboard-interative authentication methods. Should prevent
"sshd ignoring max retries" warnings in the log. ok djm@
It probably won't trigger with keyboard-interactive in the default
configuration because the retry counter is stored in module-private
storage which goes away with the sshd PAM process (see bz#688). On the
other hand, those cases probably won't log a warning either.
Diffstat (limited to 'auth-pam.h')
-rw-r--r-- | auth-pam.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/auth-pam.h b/auth-pam.h index a1a2b52d8..2e9a0c0a3 100644 --- a/auth-pam.h +++ b/auth-pam.h @@ -45,6 +45,8 @@ void free_pam_environment(char **); void sshpam_thread_cleanup(void); void sshpam_cleanup(void); int sshpam_auth_passwd(Authctxt *, const char *); +int sshpam_get_maxtries_reached(void); +void sshpam_set_maxtries_reached(int); int is_pam_session_open(void); #endif /* USE_PAM */ |