Mercurial > dropbear
comparison svr-runopts.c @ 1442:517c67cbcd31
dropbear server: support -T max auth tries
Add support for '-T n' for a run-time specification for maximum number
of authentication attempts where 'n' is between 1 and compile time
option MAX_AUTH_TRIES.
A default number of tries can be specified at compile time using
'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for
backwards compatibility.
Signed-off-by: Kevin Darbyshire-Bryant <[email protected]>
| author | Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> |
|---|---|
| date | Mon, 29 May 2017 10:25:09 +0100 |
| parents | e8f67918fdc9 |
| children | a3a96dbf9a58 |
comparison
equal
deleted
inserted
replaced
| 1438:4f8eb331174f | 1442:517c67cbcd31 |
|---|---|
| 71 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH | 71 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH |
| 72 "-s Disable password logins\n" | 72 "-s Disable password logins\n" |
| 73 "-g Disable password logins for root\n" | 73 "-g Disable password logins for root\n" |
| 74 "-B Allow blank password logins\n" | 74 "-B Allow blank password logins\n" |
| 75 #endif | 75 #endif |
| 76 "-T <1 to %d> Maximum authentication tries (default %d)\n" | |
| 76 #if DROPBEAR_SVR_LOCALTCPFWD | 77 #if DROPBEAR_SVR_LOCALTCPFWD |
| 77 "-j Disable local port forwarding\n" | 78 "-j Disable local port forwarding\n" |
| 78 #endif | 79 #endif |
| 79 #if DROPBEAR_SVR_REMOTETCPFWD | 80 #if DROPBEAR_SVR_REMOTETCPFWD |
| 80 "-k Disable remote port forwarding\n" | 81 "-k Disable remote port forwarding\n" |
| 105 RSA_PRIV_FILENAME, | 106 RSA_PRIV_FILENAME, |
| 106 #endif | 107 #endif |
| 107 #if DROPBEAR_ECDSA | 108 #if DROPBEAR_ECDSA |
| 108 ECDSA_PRIV_FILENAME, | 109 ECDSA_PRIV_FILENAME, |
| 109 #endif | 110 #endif |
| 111 MAX_AUTH_TRIES, DEFAULT_AUTH_TRIES, | |
| 110 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, | 112 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, |
| 111 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); | 113 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); |
| 112 } | 114 } |
| 113 | 115 |
| 114 void svr_getopts(int argc, char ** argv) { | 116 void svr_getopts(int argc, char ** argv) { |
| 117 char ** next = NULL; | 119 char ** next = NULL; |
| 118 int nextisport = 0; | 120 int nextisport = 0; |
| 119 char* recv_window_arg = NULL; | 121 char* recv_window_arg = NULL; |
| 120 char* keepalive_arg = NULL; | 122 char* keepalive_arg = NULL; |
| 121 char* idle_timeout_arg = NULL; | 123 char* idle_timeout_arg = NULL; |
| 124 char* maxauthtries_arg = NULL; | |
| 122 char* keyfile = NULL; | 125 char* keyfile = NULL; |
| 123 char c; | 126 char c; |
| 124 | 127 |
| 125 | 128 |
| 126 /* see printhelp() for options */ | 129 /* see printhelp() for options */ |
| 130 svr_opts.forkbg = 1; | 133 svr_opts.forkbg = 1; |
| 131 svr_opts.norootlogin = 0; | 134 svr_opts.norootlogin = 0; |
| 132 svr_opts.noauthpass = 0; | 135 svr_opts.noauthpass = 0; |
| 133 svr_opts.norootpass = 0; | 136 svr_opts.norootpass = 0; |
| 134 svr_opts.allowblankpass = 0; | 137 svr_opts.allowblankpass = 0; |
| 138 svr_opts.maxauthtries = DEFAULT_AUTH_TRIES; | |
| 135 svr_opts.inetdmode = 0; | 139 svr_opts.inetdmode = 0; |
| 136 svr_opts.portcount = 0; | 140 svr_opts.portcount = 0; |
| 137 svr_opts.hostkey = NULL; | 141 svr_opts.hostkey = NULL; |
| 138 svr_opts.delay_hostkey = 0; | 142 svr_opts.delay_hostkey = 0; |
| 139 svr_opts.pidfile = DROPBEAR_PIDFILE; | 143 svr_opts.pidfile = DROPBEAR_PIDFILE; |
| 232 case 'K': | 236 case 'K': |
| 233 next = &keepalive_arg; | 237 next = &keepalive_arg; |
| 234 break; | 238 break; |
| 235 case 'I': | 239 case 'I': |
| 236 next = &idle_timeout_arg; | 240 next = &idle_timeout_arg; |
| 241 break; | |
| 242 case 'T': | |
| 243 next = &maxauthtries_arg; | |
| 237 break; | 244 break; |
| 238 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH | 245 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH |
| 239 case 's': | 246 case 's': |
| 240 svr_opts.noauthpass = 1; | 247 svr_opts.noauthpass = 1; |
| 241 break; | 248 break; |
| 329 opts.recv_window = atol(recv_window_arg); | 336 opts.recv_window = atol(recv_window_arg); |
| 330 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { | 337 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { |
| 331 dropbear_exit("Bad recv window '%s'", recv_window_arg); | 338 dropbear_exit("Bad recv window '%s'", recv_window_arg); |
| 332 } | 339 } |
| 333 } | 340 } |
| 341 | |
| 342 if (maxauthtries_arg) { | |
| 343 unsigned int val = 0; | |
| 344 if (m_str_to_uint(maxauthtries_arg, &val) == DROPBEAR_FAILURE || | |
| 345 val == 0 || val > MAX_AUTH_TRIES) { | |
| 346 dropbear_exit("Bad maxauthtries '%s'", maxauthtries_arg); | |
| 347 } | |
| 348 svr_opts.maxauthtries = val; | |
| 349 } | |
| 350 | |
| 334 | 351 |
| 335 if (keepalive_arg) { | 352 if (keepalive_arg) { |
| 336 unsigned int val; | 353 unsigned int val; |
| 337 if (m_str_to_uint(keepalive_arg, &val) == DROPBEAR_FAILURE) { | 354 if (m_str_to_uint(keepalive_arg, &val) == DROPBEAR_FAILURE) { |
| 338 dropbear_exit("Bad keepalive '%s'", keepalive_arg); | 355 dropbear_exit("Bad keepalive '%s'", keepalive_arg); |