diff options
| author | Tiago Cunha <tcunha@gmx.com> | 2009-09-03 20:44:38 +0000 |
|---|---|---|
| committer | Tiago Cunha <tcunha@gmx.com> | 2009-09-03 20:44:38 +0000 |
| commit | f796336a12e2d3c487a53854fdf28c096481a34a (patch) | |
| tree | a276b6aa0d020ffcfd4040ff18c31938c06da17c /server-fn.c | |
| parent | 3b944fe7e847ee5e5741582ed34b702273f0b9ef (diff) | |
| download | rtmux-f796336a12e2d3c487a53854fdf28c096481a34a.tar.gz rtmux-f796336a12e2d3c487a53854fdf28c096481a34a.tar.bz2 rtmux-f796336a12e2d3c487a53854fdf28c096481a34a.zip | |
Sync OpenBSD patchset 308:
When incorrect passwords are entered, behave similarly to login(1) and backoff
for a bit. Based on a diff from martynas@.
Diffstat (limited to 'server-fn.c')
| -rw-r--r-- | server-fn.c | 43 |
1 files changed, 39 insertions, 4 deletions
diff --git a/server-fn.c b/server-fn.c index 3d599a75..b0ea65ae 100644 --- a/server-fn.c +++ b/server-fn.c @@ -1,4 +1,4 @@ -/* $Id: server-fn.c,v 1.83 2009-09-02 00:55:49 tcunha Exp $ */ +/* $Id: server-fn.c,v 1.84 2009-09-03 20:44:38 tcunha Exp $ */ /* * Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net> @@ -18,6 +18,8 @@ #include <sys/types.h> +#include <login_cap.h> +#include <pwd.h> #include <string.h> #include <time.h> #include <unistd.h> @@ -159,12 +161,20 @@ server_status_window(struct window *w) void server_lock(void) { - struct client *c; - u_int i; + struct client *c; + static struct passwd *pw, pwstore; + static char pwbuf[_PW_BUF_LEN]; + u_int i; if (server_locked) return; + if (getpwuid_r(getuid(), &pwstore, pwbuf, sizeof pwbuf, &pw) != 0) { + server_locked_pw = NULL; + return; + } + server_locked_pw = pw; + for (i = 0; i < ARRAY_LENGTH(&clients); i++) { c = ARRAY_ITEM(&clients, i); if (c == NULL || c->session == NULL) @@ -175,6 +185,7 @@ server_lock(void) "Password:", server_lock_callback, NULL, c, PROMPT_HIDDEN); server_redraw_client(c); } + server_locked = 1; } @@ -188,12 +199,16 @@ int server_unlock(const char *s) { struct client *c; + login_cap_t *lc; u_int i; char *out; + u_int failures, tries, backoff; - if (!server_locked) + if (!server_locked || server_locked_pw == NULL) return (0); server_activity = time(NULL); + if (server_activity < password_backoff) + return (-2); if (server_password != NULL) { if (s == NULL) @@ -214,10 +229,13 @@ server_unlock(const char *s) server_locked = 0; password_failures = 0; + password_backoff = 0; return (0); wrong: + password_backoff = server_activity; password_failures++; + for (i = 0; i < ARRAY_LENGTH(&clients); i++) { c = ARRAY_ITEM(&clients, i); if (c == NULL || c->prompt_buffer == NULL) @@ -228,6 +246,23 @@ wrong: server_redraw_client(c); } + /* + * Start slowing down after "login-backoff" attempts and reset every + * "login-tries" attempts. + */ + lc = login_getclass(server_locked_pw->pw_class); + if (lc != NULL) { + tries = login_getcapnum(lc, (char *) "login-tries", 10, 10); + backoff = login_getcapnum(lc, (char *) "login-backoff", 3, 3); + } else { + tries = 10; + backoff = 3; + } + failures = password_failures % tries; + if (failures > backoff) { + password_backoff += ((failures - backoff) * tries / 2); + return (-2); + } return (-1); } |