From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sat, 27 Sep 2014 16:17:21 +0000 (-0600)
Subject: Simplify how we count the password tries
X-Git-Tag: SUDO_1_8_12^2~178
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b7444e0f830572ac8bd7c51cbafd6f77e9c5b56d;p=sudo

Simplify how we count the password tries
---

diff --git a/plugins/sudoers/auth/sudo_auth.c b/plugins/sudoers/auth/sudo_auth.c
index 21e5c7d0b..2012e7ae6 100644
--- a/plugins/sudoers/auth/sudo_auth.c
+++ b/plugins/sudoers/auth/sudo_auth.c
@@ -190,9 +190,8 @@ user_interrupted(void)
 int
 verify_user(struct passwd *pw, char *prompt, int validated)
 {
-    unsigned int counter = def_passwd_tries + 1;
-    int success = AUTH_FAILURE;
-    int status, rval;
+    unsigned int ntries;
+    int rval, status, success = AUTH_FAILURE;
     char *p;
     sudo_auth *auth;
     sigset_t mask, omask;
@@ -226,14 +225,14 @@ verify_user(struct passwd *pw, char *prompt, int validated)
     sigaddset(&mask, SIGQUIT);
     (void) sigprocmask(SIG_BLOCK, &mask, &omask);
 
-    while (--counter) {
+    for (ntries = 0; ntries < def_passwd_tries; ntries++) {
 	int num_methods = 0;
 
 	/* If user attempted to interrupt password verify, quit now. */
 	if (user_interrupted())
 	    goto done;
 
-	if (counter != def_passwd_tries)
+	if (ntries != 0)
 	    pass_warn();
 
 	/* Do any per-method setup and unconfigure the method if needed */
@@ -293,9 +292,9 @@ done:
 	    break;
 	case AUTH_INTR:
 	case AUTH_FAILURE:
-	    if (counter != def_passwd_tries)
+	    if (ntries != 0)
 		validated |= FLAG_BAD_PASSWORD;
-	    log_auth_failure(validated, def_passwd_tries - counter);
+	    log_auth_failure(validated, ntries);
 	    rval = false;
 	    break;
 	case AUTH_FATAL: