Mercurial > dropbear
comparison svr-auth.c @ 573:d3ea8b9672f0
- Test for pam_fail_delay() function in configure
- Recognise "username:" as a PAM prompt
- Add some randomness to the auth-failure delay
- Fix wrongly committed options.h/debug.h
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 08 Sep 2009 14:53:53 +0000 |
| parents | d58c478bd399 |
| children | a98a2138364a |
comparison
equal
deleted
inserted
replaced
| 572:8fd0ac8c8cab | 573:d3ea8b9672f0 |
|---|---|
| 31 #include "buffer.h" | 31 #include "buffer.h" |
| 32 #include "ssh.h" | 32 #include "ssh.h" |
| 33 #include "packet.h" | 33 #include "packet.h" |
| 34 #include "auth.h" | 34 #include "auth.h" |
| 35 #include "runopts.h" | 35 #include "runopts.h" |
| 36 #include "random.h" | |
| 36 | 37 |
| 37 static void authclear(); | 38 static void authclear(); |
| 38 static int checkusername(unsigned char *username, unsigned int userlen); | 39 static int checkusername(unsigned char *username, unsigned int userlen); |
| 39 static void send_msg_userauth_banner(); | 40 static void send_msg_userauth_banner(); |
| 40 | 41 |
| 335 | 336 |
| 336 buf_putbyte(ses.writepayload, partial ? 1 : 0); | 337 buf_putbyte(ses.writepayload, partial ? 1 : 0); |
| 337 encrypt_packet(); | 338 encrypt_packet(); |
| 338 | 339 |
| 339 if (incrfail) { | 340 if (incrfail) { |
| 340 usleep(300000); /* XXX improve this */ | 341 unsigned int delay; |
| 342 genrandom((unsigned char*)&delay, sizeof(delay)); | |
| 343 /* We delay for 300ms +- 50ms, 0.1ms granularity */ | |
| 344 delay = 250000 + (delay % 1000)*100; | |
| 345 usleep(delay); | |
| 346 dropbear_log(LOG_INFO, "delay is %d", delay); | |
| 341 ses.authstate.failcount++; | 347 ses.authstate.failcount++; |
| 342 } | 348 } |
| 343 | 349 |
| 344 if (ses.authstate.failcount >= MAX_AUTH_TRIES) { | 350 if (ses.authstate.failcount >= MAX_AUTH_TRIES) { |
| 345 char * userstr; | 351 char * userstr; |