diff options
| author | Tiago Cunha <tcunha@gmx.com> | 2009-09-03 20:44:38 +0000 |
|---|---|---|
| committer | Tiago Cunha <tcunha@gmx.com> | 2009-09-03 20:44:38 +0000 |
| commit | f796336a12e2d3c487a53854fdf28c096481a34a (patch) | |
| tree | a276b6aa0d020ffcfd4040ff18c31938c06da17c | |
| parent | 3b944fe7e847ee5e5741582ed34b702273f0b9ef (diff) | |
| download | rtmux-f796336a12e2d3c487a53854fdf28c096481a34a.tar.gz rtmux-f796336a12e2d3c487a53854fdf28c096481a34a.tar.bz2 rtmux-f796336a12e2d3c487a53854fdf28c096481a34a.zip | |
Sync OpenBSD patchset 308:
When incorrect passwords are entered, behave similarly to login(1) and backoff
for a bit. Based on a diff from martynas@.
| -rw-r--r-- | server-fn.c | 43 | ||||
| -rw-r--r-- | server-msg.c | 11 | ||||
| -rw-r--r-- | tmux.1 | 7 | ||||
| -rw-r--r-- | tmux.c | 4 | ||||
| -rw-r--r-- | tmux.h | 4 |
5 files changed, 60 insertions, 9 deletions
diff --git a/server-fn.c b/server-fn.c index 3d599a75..b0ea65ae 100644 --- a/server-fn.c +++ b/server-fn.c @@ -1,4 +1,4 @@ -/* $Id: server-fn.c,v 1.83 2009-09-02 00:55:49 tcunha Exp $ */ +/* $Id: server-fn.c,v 1.84 2009-09-03 20:44:38 tcunha Exp $ */ /* * Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net> @@ -18,6 +18,8 @@ #include <sys/types.h> +#include <login_cap.h> +#include <pwd.h> #include <string.h> #include <time.h> #include <unistd.h> @@ -159,12 +161,20 @@ server_status_window(struct window *w) void server_lock(void) { - struct client *c; - u_int i; + struct client *c; + static struct passwd *pw, pwstore; + static char pwbuf[_PW_BUF_LEN]; + u_int i; if (server_locked) return; + if (getpwuid_r(getuid(), &pwstore, pwbuf, sizeof pwbuf, &pw) != 0) { + server_locked_pw = NULL; + return; + } + server_locked_pw = pw; + for (i = 0; i < ARRAY_LENGTH(&clients); i++) { c = ARRAY_ITEM(&clients, i); if (c == NULL || c->session == NULL) @@ -175,6 +185,7 @@ server_lock(void) "Password:", server_lock_callback, NULL, c, PROMPT_HIDDEN); server_redraw_client(c); } + server_locked = 1; } @@ -188,12 +199,16 @@ int server_unlock(const char *s) { struct client *c; + login_cap_t *lc; u_int i; char *out; + u_int failures, tries, backoff; - if (!server_locked) + if (!server_locked || server_locked_pw == NULL) return (0); server_activity = time(NULL); + if (server_activity < password_backoff) + return (-2); if (server_password != NULL) { if (s == NULL) @@ -214,10 +229,13 @@ server_unlock(const char *s) server_locked = 0; password_failures = 0; + password_backoff = 0; return (0); wrong: + password_backoff = server_activity; password_failures++; + for (i = 0; i < ARRAY_LENGTH(&clients); i++) { c = ARRAY_ITEM(&clients, i); if (c == NULL || c->prompt_buffer == NULL) @@ -228,6 +246,23 @@ wrong: server_redraw_client(c); } + /* + * Start slowing down after "login-backoff" attempts and reset every + * "login-tries" attempts. + */ + lc = login_getclass(server_locked_pw->pw_class); + if (lc != NULL) { + tries = login_getcapnum(lc, (char *) "login-tries", 10, 10); + backoff = login_getcapnum(lc, (char *) "login-backoff", 3, 3); + } else { + tries = 10; + backoff = 3; + } + failures = password_failures % tries; + if (failures > backoff) { + password_backoff += ((failures - backoff) * tries / 2); + return (-2); + } return (-1); } diff --git a/server-msg.c b/server-msg.c index 9e20a6b1..dcb42623 100644 --- a/server-msg.c +++ b/server-msg.c @@ -1,4 +1,4 @@ -/* $Id: server-msg.c,v 1.82 2009-08-24 16:24:18 tcunha Exp $ */ +/* $Id: server-msg.c,v 1.83 2009-09-03 20:44:38 tcunha Exp $ */ /* * Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net> @@ -99,8 +99,15 @@ server_msg_dispatch(struct client *c) memcpy(&unlockdata, imsg.data, sizeof unlockdata); unlockdata.pass[(sizeof unlockdata.pass) - 1] = '\0'; - if (server_unlock(unlockdata.pass) != 0) + switch (server_unlock(unlockdata.pass)) { + case -1: server_write_error(c, "bad password"); + break; + case -2: + server_write_error(c, + "too many bad passwords, sleeping"); + break; + } memset(&unlockdata, 0, sizeof unlockdata); server_write_client(c, MSG_EXIT, NULL, 0); break; @@ -1,4 +1,4 @@ -.\" $Id: tmux.1,v 1.162 2009-09-02 22:45:17 tcunha Exp $ +.\" $Id: tmux.1,v 1.163 2009-09-03 20:44:38 tcunha Exp $ .\" .\" Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net> .\" @@ -1209,6 +1209,11 @@ seconds of inactivity. The default is off (set to 0). This has no effect as a session option; it must be set as a global option using .Fl g . +When passwords are entered incorrectly, +.Nm +follows the behaviour of +.Xr login 1 +and ignores further password attempts for an increasing timeout. .It Ic message-attr Ar attributes Set status line message attributes, where .Ar attributes @@ -1,4 +1,4 @@ -/* $Id: tmux.c,v 1.168 2009-09-02 01:02:44 tcunha Exp $ */ +/* $Id: tmux.c,v 1.169 2009-09-03 20:44:38 tcunha Exp $ */ /* * Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net> @@ -52,7 +52,9 @@ struct options global_w_options; /* window options */ struct environ global_environ; int server_locked; +struct passwd *server_locked_pw; u_int password_failures; +time_t password_backoff; char *server_password; time_t server_activity; @@ -1,4 +1,4 @@ -/* $Id: tmux.h,v 1.434 2009-09-02 22:45:17 tcunha Exp $ */ +/* $Id: tmux.h,v 1.435 2009-09-03 20:44:38 tcunha Exp $ */ /* * Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net> @@ -1106,7 +1106,9 @@ extern struct options global_w_options; extern struct environ global_environ; extern char *cfg_file; extern int server_locked; +extern struct passwd *server_locked_pw; extern u_int password_failures; +extern time_t password_backoff; extern char *server_password; extern time_t server_activity; extern int debug_level; |