From b1c3f1cd9bafd150996bcf4baa35eb092bf57e76 Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <grigorescu@gmail.com>
Date: Fri, 7 Oct 2016 16:39:05 -0500
Subject: [PATCH] Revert "Fixing duplicate SSH authentication failure events."

This reverts commit 176d9f23be753c21936b28889d507719f3059c78.
---
 src/analyzer/protocol/ssh/SSH.cc | 14 +++++---------
 src/analyzer/protocol/ssh/SSH.h  |  6 ++----
 2 files changed, 7 insertions(+), 13 deletions(-)

diff --git a/src/analyzer/protocol/ssh/SSH.cc b/src/analyzer/protocol/ssh/SSH.cc
index 55f424344b..f1f8857e03 100644
--- a/src/analyzer/protocol/ssh/SSH.cc
+++ b/src/analyzer/protocol/ssh/SSH.cc
@@ -16,7 +16,7 @@ SSH_Analyzer::SSH_Analyzer(Connection* c)
 	{
 	interp = new binpac::SSH::SSH_Conn(this);
 	had_gap = false;
-	auth_decision = AUTH_UNKNOWN;
+	auth_decision_made = false;
 	skipped_banner = false;
 	service_accept_size = 0;
 	userauth_failure_size = 0;
@@ -60,7 +60,7 @@ void SSH_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
 			BifEvent::generate_ssh_encrypted_packet(interp->bro_analyzer(), interp->bro_analyzer()->Conn(),
 				orig, len);
 
-		if ( auth_decision != AUTH_SUCCESS )
+		if ( ! auth_decision_made )
 			ProcessEncrypted(len, orig);
 
 		return;
@@ -105,10 +105,9 @@ void SSH_Analyzer::ProcessEncrypted(int len, bool orig)
 		// -16.
 		if ( ! userauth_failure_size && (len + 16 == service_accept_size) )
 			{
+			auth_decision_made = true;
 			if ( ssh_auth_successful )
 				BifEvent::generate_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), true);
-
-			auth_decision = AUTH_SUCCESS;
 			return;
 			}
 
@@ -132,20 +131,17 @@ void SSH_Analyzer::ProcessEncrypted(int len, bool orig)
 		// another packet of the same size.
 		if ( len == userauth_failure_size )
 			{
-			if ( ssh_auth_failed && auth_decision != AUTH_FAILURE )
+			if ( ssh_auth_failed )
 				BifEvent::generate_ssh_auth_failed(interp->bro_analyzer(), interp->bro_analyzer()->Conn());
-
-			auth_decision = AUTH_FAILURE;
 			return;
 			}
 
 		// ...or a success packet.
 		if ( len - service_accept_size == -16 )
 			{
+			auth_decision_made = true;
 			if ( ssh_auth_successful )
 				BifEvent::generate_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), false);
-
-			auth_decision = AUTH_SUCCESS;
 			return;
 			}
 		}
diff --git a/src/analyzer/protocol/ssh/SSH.h b/src/analyzer/protocol/ssh/SSH.h
index 89668f93d1..dc3a7c5e39 100644
--- a/src/analyzer/protocol/ssh/SSH.h
+++ b/src/analyzer/protocol/ssh/SSH.h
@@ -35,14 +35,12 @@ namespace analyzer {
 			bool had_gap;
 
 			// Packet analysis stuff
+			bool auth_decision_made;
 			bool skipped_banner;
+
 			int service_accept_size;
 			int userauth_failure_size;
 
-			enum AuthDecision {
-				AUTH_UNKNOWN, AUTH_FAILURE, AUTH_SUCCESS
-			} auth_decision;
-
 			};
 
 		}