OpenWrt – Blame information for rev 1
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 1 | office | 1 | From 46b22e57d91e33a591d0fba97da52672af4d6ed2 Mon Sep 17 00:00:00 2001 |
| 2 | From: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> |
||
| 3 | Date: Mon, 29 May 2017 10:25:09 +0100 |
||
| 4 | Subject: [PATCH] dropbear server: support -T max auth tries |
||
| 5 | |||
| 6 | Add support for '-T n' for a run-time specification for maximum number |
||
| 7 | of authentication attempts where 'n' is between 1 and compile time |
||
| 8 | option MAX_AUTH_TRIES. |
||
| 9 | |||
| 10 | A default number of tries can be specified at compile time using |
||
| 11 | 'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for |
||
| 12 | backwards compatibility. |
||
| 13 | |||
| 14 | Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> |
||
| 15 | --- |
||
| 16 | options.h | 7 +++++++ |
||
| 17 | runopts.h | 1 + |
||
| 18 | svr-auth.c | 2 +- |
||
| 19 | svr-runopts.c | 17 +++++++++++++++++ |
||
| 20 | 4 files changed, 26 insertions(+), 1 deletion(-) |
||
| 21 | |||
| 22 | diff --git a/options.h b/options.h |
||
| 23 | index 0c51bb1..4d22704 100644 |
||
| 24 | --- a/options.h |
||
| 25 | +++ b/options.h |
||
| 26 | @@ -284,6 +284,13 @@ Homedir is prepended unless path begins with / */ |
||
| 27 | #define MAX_AUTH_TRIES 10 |
||
| 28 | #endif |
||
| 29 | |||
| 30 | +/* Default maximum number of failed authentication tries. |
||
| 31 | + * defaults to MAX_AUTH_TRIES */ |
||
| 32 | + |
||
| 33 | +#ifndef DEFAULT_AUTH_TRIES |
||
| 34 | +#define DEFAULT_AUTH_TRIES MAX_AUTH_TRIES |
||
| 35 | +#endif |
||
| 36 | + |
||
| 37 | /* The default file to store the daemon's process ID, for shutdown |
||
| 38 | scripts etc. This can be overridden with the -P flag */ |
||
| 39 | #ifndef DROPBEAR_PIDFILE |
||
| 40 | diff --git a/runopts.h b/runopts.h |
||
| 41 | index f7c869d..2f7da63 100644 |
||
| 42 | --- a/runopts.h |
||
| 43 | +++ b/runopts.h |
||
| 44 | @@ -96,6 +96,7 @@ typedef struct svr_runopts { |
||
| 45 | int noauthpass; |
||
| 46 | int norootpass; |
||
| 47 | int allowblankpass; |
||
| 48 | + unsigned int maxauthtries; |
||
| 49 | |||
| 50 | #ifdef ENABLE_SVR_REMOTETCPFWD |
||
| 51 | int noremotetcp; |
||
| 52 | diff --git a/svr-auth.c b/svr-auth.c |
||
| 53 | index 577ea88..6a7ce0b 100644 |
||
| 54 | --- a/svr-auth.c |
||
| 55 | +++ b/svr-auth.c |
||
| 56 | @@ -362,7 +362,7 @@ void send_msg_userauth_failure(int partial, int incrfail) { |
||
| 57 | ses.authstate.failcount++; |
||
| 58 | } |
||
| 59 | |||
| 60 | - if (ses.authstate.failcount >= MAX_AUTH_TRIES) { |
||
| 61 | + if (ses.authstate.failcount >= svr_opts.maxauthtries) { |
||
| 62 | char * userstr; |
||
| 63 | /* XXX - send disconnect ? */ |
||
| 64 | TRACE(("Max auth tries reached, exiting")) |
||
| 65 | diff --git a/svr-runopts.c b/svr-runopts.c |
||
| 66 | index 8f60059..1e7440f 100644 |
||
| 67 | --- a/svr-runopts.c |
||
| 68 | +++ b/svr-runopts.c |
||
| 69 | @@ -73,6 +73,7 @@ static void printhelp(const char * progname) { |
||
| 70 | "-g Disable password logins for root\n" |
||
| 71 | "-B Allow blank password logins\n" |
||
| 72 | #endif |
||
| 73 | + "-T <1 to %d> Maximum authentication tries (default %d)\n" |
||
| 74 | #ifdef ENABLE_SVR_LOCALTCPFWD |
||
| 75 | "-j Disable local port forwarding\n" |
||
| 76 | #endif |
||
| 77 | @@ -106,6 +107,7 @@ static void printhelp(const char * progname) { |
||
| 78 | #ifdef DROPBEAR_ECDSA |
||
| 79 | ECDSA_PRIV_FILENAME, |
||
| 80 | #endif |
||
| 81 | + MAX_AUTH_TRIES, DEFAULT_AUTH_TRIES, |
||
| 82 | DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, |
||
| 83 | DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); |
||
| 84 | } |
||
| 85 | @@ -118,6 +120,7 @@ void svr_getopts(int argc, char ** argv) { |
||
| 86 | char* recv_window_arg = NULL; |
||
| 87 | char* keepalive_arg = NULL; |
||
| 88 | char* idle_timeout_arg = NULL; |
||
| 89 | + char* maxauthtries_arg = NULL; |
||
| 90 | char* keyfile = NULL; |
||
| 91 | char c; |
||
| 92 | |||
| 93 | @@ -130,6 +133,7 @@ void svr_getopts(int argc, char ** argv) { |
||
| 94 | svr_opts.noauthpass = 0; |
||
| 95 | svr_opts.norootpass = 0; |
||
| 96 | svr_opts.allowblankpass = 0; |
||
| 97 | + svr_opts.maxauthtries = DEFAULT_AUTH_TRIES; |
||
| 98 | svr_opts.inetdmode = 0; |
||
| 99 | svr_opts.portcount = 0; |
||
| 100 | svr_opts.hostkey = NULL; |
||
| 101 | @@ -234,6 +238,9 @@ void svr_getopts(int argc, char ** argv) { |
||
| 102 | case 'I': |
||
| 103 | next = &idle_timeout_arg; |
||
| 104 | break; |
||
| 105 | + case 'T': |
||
| 106 | + next = &maxauthtries_arg; |
||
| 107 | + break; |
||
| 108 | #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) |
||
| 109 | case 's': |
||
| 110 | svr_opts.noauthpass = 1; |
||
| 111 | @@ -330,6 +337,16 @@ void svr_getopts(int argc, char ** argv) { |
||
| 112 | dropbear_exit("Bad recv window '%s'", recv_window_arg); |
||
| 113 | } |
||
| 114 | } |
||
| 115 | + |
||
| 116 | + if (maxauthtries_arg) { |
||
| 117 | + unsigned int val = 0; |
||
| 118 | + if (m_str_to_uint(maxauthtries_arg, &val) == DROPBEAR_FAILURE || |
||
| 119 | + val == 0 || val > MAX_AUTH_TRIES) { |
||
| 120 | + dropbear_exit("Bad maxauthtries '%s'", maxauthtries_arg); |
||
| 121 | + } |
||
| 122 | + svr_opts.maxauthtries = val; |
||
| 123 | + } |
||
| 124 | + |
||
| 125 | |||
| 126 | if (keepalive_arg) { |
||
| 127 | unsigned int val; |
||
| 128 | -- |
||
| 129 | 2.7.4 |
||
| 130 |