Mercurial > dropbear
comparison svr-runopts.c @ 1442:517c67cbcd31
dropbear server: support -T max auth tries
Add support for '-T n' for a run-time specification for maximum number
of authentication attempts where 'n' is between 1 and compile time
option MAX_AUTH_TRIES.
A default number of tries can be specified at compile time using
'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for
backwards compatibility.
Signed-off-by: Kevin Darbyshire-Bryant <[email protected]>
author | Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> |
---|---|
date | Mon, 29 May 2017 10:25:09 +0100 |
parents | e8f67918fdc9 |
children | a3a96dbf9a58 |
comparison
equal
deleted
inserted
replaced
1438:4f8eb331174f | 1442:517c67cbcd31 |
---|---|
71 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH | 71 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH |
72 "-s Disable password logins\n" | 72 "-s Disable password logins\n" |
73 "-g Disable password logins for root\n" | 73 "-g Disable password logins for root\n" |
74 "-B Allow blank password logins\n" | 74 "-B Allow blank password logins\n" |
75 #endif | 75 #endif |
76 "-T <1 to %d> Maximum authentication tries (default %d)\n" | |
76 #if DROPBEAR_SVR_LOCALTCPFWD | 77 #if DROPBEAR_SVR_LOCALTCPFWD |
77 "-j Disable local port forwarding\n" | 78 "-j Disable local port forwarding\n" |
78 #endif | 79 #endif |
79 #if DROPBEAR_SVR_REMOTETCPFWD | 80 #if DROPBEAR_SVR_REMOTETCPFWD |
80 "-k Disable remote port forwarding\n" | 81 "-k Disable remote port forwarding\n" |
105 RSA_PRIV_FILENAME, | 106 RSA_PRIV_FILENAME, |
106 #endif | 107 #endif |
107 #if DROPBEAR_ECDSA | 108 #if DROPBEAR_ECDSA |
108 ECDSA_PRIV_FILENAME, | 109 ECDSA_PRIV_FILENAME, |
109 #endif | 110 #endif |
111 MAX_AUTH_TRIES, DEFAULT_AUTH_TRIES, | |
110 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, | 112 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, |
111 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); | 113 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); |
112 } | 114 } |
113 | 115 |
114 void svr_getopts(int argc, char ** argv) { | 116 void svr_getopts(int argc, char ** argv) { |
117 char ** next = NULL; | 119 char ** next = NULL; |
118 int nextisport = 0; | 120 int nextisport = 0; |
119 char* recv_window_arg = NULL; | 121 char* recv_window_arg = NULL; |
120 char* keepalive_arg = NULL; | 122 char* keepalive_arg = NULL; |
121 char* idle_timeout_arg = NULL; | 123 char* idle_timeout_arg = NULL; |
124 char* maxauthtries_arg = NULL; | |
122 char* keyfile = NULL; | 125 char* keyfile = NULL; |
123 char c; | 126 char c; |
124 | 127 |
125 | 128 |
126 /* see printhelp() for options */ | 129 /* see printhelp() for options */ |
130 svr_opts.forkbg = 1; | 133 svr_opts.forkbg = 1; |
131 svr_opts.norootlogin = 0; | 134 svr_opts.norootlogin = 0; |
132 svr_opts.noauthpass = 0; | 135 svr_opts.noauthpass = 0; |
133 svr_opts.norootpass = 0; | 136 svr_opts.norootpass = 0; |
134 svr_opts.allowblankpass = 0; | 137 svr_opts.allowblankpass = 0; |
138 svr_opts.maxauthtries = DEFAULT_AUTH_TRIES; | |
135 svr_opts.inetdmode = 0; | 139 svr_opts.inetdmode = 0; |
136 svr_opts.portcount = 0; | 140 svr_opts.portcount = 0; |
137 svr_opts.hostkey = NULL; | 141 svr_opts.hostkey = NULL; |
138 svr_opts.delay_hostkey = 0; | 142 svr_opts.delay_hostkey = 0; |
139 svr_opts.pidfile = DROPBEAR_PIDFILE; | 143 svr_opts.pidfile = DROPBEAR_PIDFILE; |
232 case 'K': | 236 case 'K': |
233 next = &keepalive_arg; | 237 next = &keepalive_arg; |
234 break; | 238 break; |
235 case 'I': | 239 case 'I': |
236 next = &idle_timeout_arg; | 240 next = &idle_timeout_arg; |
241 break; | |
242 case 'T': | |
243 next = &maxauthtries_arg; | |
237 break; | 244 break; |
238 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH | 245 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH |
239 case 's': | 246 case 's': |
240 svr_opts.noauthpass = 1; | 247 svr_opts.noauthpass = 1; |
241 break; | 248 break; |
329 opts.recv_window = atol(recv_window_arg); | 336 opts.recv_window = atol(recv_window_arg); |
330 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { | 337 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { |
331 dropbear_exit("Bad recv window '%s'", recv_window_arg); | 338 dropbear_exit("Bad recv window '%s'", recv_window_arg); |
332 } | 339 } |
333 } | 340 } |
341 | |
342 if (maxauthtries_arg) { | |
343 unsigned int val = 0; | |
344 if (m_str_to_uint(maxauthtries_arg, &val) == DROPBEAR_FAILURE || | |
345 val == 0 || val > MAX_AUTH_TRIES) { | |
346 dropbear_exit("Bad maxauthtries '%s'", maxauthtries_arg); | |
347 } | |
348 svr_opts.maxauthtries = val; | |
349 } | |
350 | |
334 | 351 |
335 if (keepalive_arg) { | 352 if (keepalive_arg) { |
336 unsigned int val; | 353 unsigned int val; |
337 if (m_str_to_uint(keepalive_arg, &val) == DROPBEAR_FAILURE) { | 354 if (m_str_to_uint(keepalive_arg, &val) == DROPBEAR_FAILURE) { |
338 dropbear_exit("Bad keepalive '%s'", keepalive_arg); | 355 dropbear_exit("Bad keepalive '%s'", keepalive_arg); |