comparison svr-runopts.c @ 1442:517c67cbcd31

dropbear server: support -T max auth tries Add support for '-T n' for a run-time specification for maximum number of authentication attempts where 'n' is between 1 and compile time option MAX_AUTH_TRIES. A default number of tries can be specified at compile time using 'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for backwards compatibility. Signed-off-by: Kevin Darbyshire-Bryant <[email protected]>
author Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
date Mon, 29 May 2017 10:25:09 +0100
parents e8f67918fdc9
children a3a96dbf9a58
comparison
equal deleted inserted replaced
1438:4f8eb331174f 1442:517c67cbcd31
71 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH 71 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH
72 "-s Disable password logins\n" 72 "-s Disable password logins\n"
73 "-g Disable password logins for root\n" 73 "-g Disable password logins for root\n"
74 "-B Allow blank password logins\n" 74 "-B Allow blank password logins\n"
75 #endif 75 #endif
76 "-T <1 to %d> Maximum authentication tries (default %d)\n"
76 #if DROPBEAR_SVR_LOCALTCPFWD 77 #if DROPBEAR_SVR_LOCALTCPFWD
77 "-j Disable local port forwarding\n" 78 "-j Disable local port forwarding\n"
78 #endif 79 #endif
79 #if DROPBEAR_SVR_REMOTETCPFWD 80 #if DROPBEAR_SVR_REMOTETCPFWD
80 "-k Disable remote port forwarding\n" 81 "-k Disable remote port forwarding\n"
105 RSA_PRIV_FILENAME, 106 RSA_PRIV_FILENAME,
106 #endif 107 #endif
107 #if DROPBEAR_ECDSA 108 #if DROPBEAR_ECDSA
108 ECDSA_PRIV_FILENAME, 109 ECDSA_PRIV_FILENAME,
109 #endif 110 #endif
111 MAX_AUTH_TRIES, DEFAULT_AUTH_TRIES,
110 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, 112 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE,
111 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); 113 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
112 } 114 }
113 115
114 void svr_getopts(int argc, char ** argv) { 116 void svr_getopts(int argc, char ** argv) {
117 char ** next = NULL; 119 char ** next = NULL;
118 int nextisport = 0; 120 int nextisport = 0;
119 char* recv_window_arg = NULL; 121 char* recv_window_arg = NULL;
120 char* keepalive_arg = NULL; 122 char* keepalive_arg = NULL;
121 char* idle_timeout_arg = NULL; 123 char* idle_timeout_arg = NULL;
124 char* maxauthtries_arg = NULL;
122 char* keyfile = NULL; 125 char* keyfile = NULL;
123 char c; 126 char c;
124 127
125 128
126 /* see printhelp() for options */ 129 /* see printhelp() for options */
130 svr_opts.forkbg = 1; 133 svr_opts.forkbg = 1;
131 svr_opts.norootlogin = 0; 134 svr_opts.norootlogin = 0;
132 svr_opts.noauthpass = 0; 135 svr_opts.noauthpass = 0;
133 svr_opts.norootpass = 0; 136 svr_opts.norootpass = 0;
134 svr_opts.allowblankpass = 0; 137 svr_opts.allowblankpass = 0;
138 svr_opts.maxauthtries = DEFAULT_AUTH_TRIES;
135 svr_opts.inetdmode = 0; 139 svr_opts.inetdmode = 0;
136 svr_opts.portcount = 0; 140 svr_opts.portcount = 0;
137 svr_opts.hostkey = NULL; 141 svr_opts.hostkey = NULL;
138 svr_opts.delay_hostkey = 0; 142 svr_opts.delay_hostkey = 0;
139 svr_opts.pidfile = DROPBEAR_PIDFILE; 143 svr_opts.pidfile = DROPBEAR_PIDFILE;
232 case 'K': 236 case 'K':
233 next = &keepalive_arg; 237 next = &keepalive_arg;
234 break; 238 break;
235 case 'I': 239 case 'I':
236 next = &idle_timeout_arg; 240 next = &idle_timeout_arg;
241 break;
242 case 'T':
243 next = &maxauthtries_arg;
237 break; 244 break;
238 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH 245 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH
239 case 's': 246 case 's':
240 svr_opts.noauthpass = 1; 247 svr_opts.noauthpass = 1;
241 break; 248 break;
329 opts.recv_window = atol(recv_window_arg); 336 opts.recv_window = atol(recv_window_arg);
330 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { 337 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) {
331 dropbear_exit("Bad recv window '%s'", recv_window_arg); 338 dropbear_exit("Bad recv window '%s'", recv_window_arg);
332 } 339 }
333 } 340 }
341
342 if (maxauthtries_arg) {
343 unsigned int val = 0;
344 if (m_str_to_uint(maxauthtries_arg, &val) == DROPBEAR_FAILURE ||
345 val == 0 || val > MAX_AUTH_TRIES) {
346 dropbear_exit("Bad maxauthtries '%s'", maxauthtries_arg);
347 }
348 svr_opts.maxauthtries = val;
349 }
350
334 351
335 if (keepalive_arg) { 352 if (keepalive_arg) {
336 unsigned int val; 353 unsigned int val;
337 if (m_str_to_uint(keepalive_arg, &val) == DROPBEAR_FAILURE) { 354 if (m_str_to_uint(keepalive_arg, &val) == DROPBEAR_FAILURE) {
338 dropbear_exit("Bad keepalive '%s'", keepalive_arg); 355 dropbear_exit("Bad keepalive '%s'", keepalive_arg);