Simplify how we count the password tries

diff --git a/plugins/sudoers/auth/sudo_auth.c b/plugins/sudoers/auth/sudo_auth.c
index 21e5c7d0bd19f97dfd36446e0f8ce92ca6d3c5c5..2012e7ae6791b065c19caea4382e570a3f383b86 100644 (file)
--- a/plugins/sudoers/auth/sudo_auth.c
+++ b/plugins/sudoers/auth/sudo_auth.c
@@ -190,9 +190,8 @@ user_interrupted(void)
 int
 verify_user(struct passwd *pw, char *prompt, int validated)
 {
-    unsigned int counter = def_passwd_tries + 1;
-    int success = AUTH_FAILURE;
-    int status, rval;
+    unsigned int ntries;
+    int rval, status, success = AUTH_FAILURE;
     char *p;
     sudo_auth *auth;
     sigset_t mask, omask;
@@ -226,14 +225,14 @@ verify_user(struct passwd *pw, char *prompt, int validated)
     sigaddset(&mask, SIGQUIT);
     (void) sigprocmask(SIG_BLOCK, &mask, &omask);
 
-    while (--counter) {
+    for (ntries = 0; ntries < def_passwd_tries; ntries++) {
        int num_methods = 0;
 
        /* If user attempted to interrupt password verify, quit now. */
        if (user_interrupted())
            goto done;
 
-       if (counter != def_passwd_tries)
+       if (ntries != 0)
            pass_warn();
 
        /* Do any per-method setup and unconfigure the method if needed */
@@ -293,9 +292,9 @@ done:
            break;
        case AUTH_INTR:
        case AUTH_FAILURE:
-           if (counter != def_passwd_tries)
+           if (ntries != 0)
                validated |= FLAG_BAD_PASSWORD;
-           log_auth_failure(validated, def_passwd_tries - counter);
+           log_auth_failure(validated, ntries);
            rval = false;
            break;
        case AUTH_FATAL: