From c5ac2579bac08f46f68ee7b9b9e47b6123e83bd2 Mon Sep 17 00:00:00 2001
From: Nicholas Marriott <nicm@openbsd.org>
Date: Wed, 2 Sep 2009 16:38:35 +0000
Subject: When incorrect passwords are entered, behave similarly to login(1)
 and backoff for a bit. Based on a diff from martynas@.

---
 server-msg.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'server-msg.c')

diff --git a/server-msg.c b/server-msg.c
index 54bd2439..8c50339d 100644
--- a/server-msg.c
+++ b/server-msg.c
@@ -99,8 +99,15 @@ server_msg_dispatch(struct client *c)
 			memcpy(&unlockdata, imsg.data, sizeof unlockdata);
 
 			unlockdata.pass[(sizeof unlockdata.pass) - 1] = '\0';
-			if (server_unlock(unlockdata.pass) != 0)
+			switch (server_unlock(unlockdata.pass)) {
+			case -1:
 				server_write_error(c, "bad password");
+				break;
+			case -2:
+				server_write_error(c,
+				    "too many bad passwords, sleeping");
+				break;
+			}
 			memset(&unlockdata, 0, sizeof unlockdata);
 			server_write_client(c, MSG_EXIT, NULL, 0);
 			break;
-- 
cgit