===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/auth2.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- src/usr.bin/ssh/auth2.c	2000/12/19 23:17:55	1.23
+++ src/usr.bin/ssh/auth2.c	2000/12/28 14:25:51	1.24
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.23 2000/12/19 23:17:55 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.24 2000/12/28 14:25:51 markus Exp $");
 
 #include <openssl/dsa.h>
 #include <openssl/rsa.h>
@@ -111,6 +111,7 @@
 	memset(authctxt, 'a', sizeof(*authctxt));
 	authctxt->valid = 0;
 	authctxt->attempt = 0;
+	authctxt->failures = 0;
 	authctxt->success = 0;
 	x_authctxt = authctxt;		/*XXX*/
 
@@ -177,16 +178,14 @@
 
 	if (authctxt == NULL)
 		fatal("input_userauth_request: no authctxt");
-	if (authctxt->attempt++ >= AUTH_FAIL_MAX)
-		packet_disconnect("too many failed userauth_requests");
 
 	user = packet_get_string(NULL);
 	service = packet_get_string(NULL);
 	method = packet_get_string(NULL);
 	debug("userauth-request for user %s service %s method %s", user, service, method);
-	debug("attempt #%d", authctxt->attempt);
+	debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
 
-	if (authctxt->attempt == 1) { 
+	if (authctxt->attempt++ == 0) { 
 		/* setup auth context */
 		struct passwd *pw = NULL;
 		setproctitle("%s", user);
@@ -247,7 +246,7 @@
 	/* Raise logging level */
 	if (authenticated == 1 ||
 	    !authctxt->valid ||
-	    authctxt->attempt >= AUTH_FAIL_LOG ||
+	    authctxt->failures >= AUTH_FAIL_LOG ||
 	    strcmp(method, "password") == 0)
 		authlog = log;
 
@@ -276,6 +275,7 @@
 void   
 userauth_reply(Authctxt *authctxt, int authenticated)
 {
+	char *methods;
 	/* XXX todo: check if multiple auth methods are needed */
 	if (authenticated == 1) {
 		/* turn off userauth */
@@ -286,7 +286,9 @@
 		/* now we can break out */
 		authctxt->success = 1;
 	} else if (authenticated == 0) {
-		char *methods = authmethods_get();
+		if (authctxt->failures++ >= AUTH_FAIL_MAX)
+			packet_disconnect("too many failed userauth_requests");
+		methods = authmethods_get();
 		packet_start(SSH2_MSG_USERAUTH_FAILURE);
 		packet_put_cstring(methods);
 		packet_put_char(0);	/* XXX partial success, unused */