# HG changeset patch # User Matt Johnston # Date 1498573238 -28800 # Node ID a3a96dbf9a5838dbbfb33bed1f941e10e56bfa41 # Parent bfed37d12d901801c2aa7725a06e52939d8a737e Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range diff -r bfed37d12d90 -r a3a96dbf9a58 default_options.h --- a/default_options.h Tue Jun 27 22:18:18 2017 +0800 +++ b/default_options.h Tue Jun 27 22:20:38 2017 +0800 @@ -380,17 +380,12 @@ #define MAX_UNAUTH_CLIENTS 30 #endif -/* Maximum number of failed authentication tries (server option) */ +/* Default maximum number of failed authentication tries (server option) */ +/* -T runtime option overrides */ #ifndef MAX_AUTH_TRIES #define MAX_AUTH_TRIES 10 #endif -/* Default maximum number of failed authentication tries. - * defaults to MAX_AUTH_TRIES */ -#ifndef DEFAULT_AUTH_TRIES -#define DEFAULT_AUTH_TRIES MAX_AUTH_TRIES -#endif - /* The default file to store the daemon's process ID, for shutdown scripts etc. This can be overridden with the -P flag */ #ifndef DROPBEAR_PIDFILE diff -r bfed37d12d90 -r a3a96dbf9a58 default_options.h.in --- a/default_options.h.in Tue Jun 27 22:18:18 2017 +0800 +++ b/default_options.h.in Tue Jun 27 22:20:38 2017 +0800 @@ -258,13 +258,10 @@ * come from many IPs */ #define MAX_UNAUTH_CLIENTS 30 -/* Maximum number of failed authentication tries (server option) */ +/* Default maximum number of failed authentication tries (server option) */ +/* -T server option overrides */ #define MAX_AUTH_TRIES 10 -/* Default maximum number of failed authentication tries. - * defaults to MAX_AUTH_TRIES */ -#define DEFAULT_AUTH_TRIES MAX_AUTH_TRIES - /* The default file to store the daemon's process ID, for shutdown scripts etc. This can be overridden with the -P flag */ #define DROPBEAR_PIDFILE "/var/run/dropbear.pid" diff -r bfed37d12d90 -r a3a96dbf9a58 dropbear.8 --- a/dropbear.8 Tue Jun 27 22:18:18 2017 +0800 +++ b/dropbear.8 Tue Jun 27 22:20:38 2017 +0800 @@ -92,7 +92,7 @@ Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds. .TP .B \-T \fImax_authentication_attempts -Disconnect the session if number of authentication attempts is exceeded. default is set at compile time to DEFAULT_AUTH_TRIES which itself defaults to MAX_AUTH_TRIES (10) +Set the number of authentication attempts allowed per connection. If unspecified the default is 10 (MAX_AUTH_TRIES) .TP .B \-c \fIforced_command Disregard the command provided by the user and always run \fIforced_command\fR. This also diff -r bfed37d12d90 -r a3a96dbf9a58 svr-runopts.c --- a/svr-runopts.c Tue Jun 27 22:18:18 2017 +0800 +++ b/svr-runopts.c Tue Jun 27 22:20:38 2017 +0800 @@ -73,7 +73,7 @@ "-g Disable password logins for root\n" "-B Allow blank password logins\n" #endif - "-T <1 to %d> Maximum authentication tries (default %d)\n" + "-T Maximum authentication tries (default %d)\n" #if DROPBEAR_SVR_LOCALTCPFWD "-j Disable local port forwarding\n" #endif @@ -108,7 +108,7 @@ #if DROPBEAR_ECDSA ECDSA_PRIV_FILENAME, #endif - MAX_AUTH_TRIES, DEFAULT_AUTH_TRIES, + MAX_AUTH_TRIES, DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); } @@ -135,7 +135,7 @@ svr_opts.noauthpass = 0; svr_opts.norootpass = 0; svr_opts.allowblankpass = 0; - svr_opts.maxauthtries = DEFAULT_AUTH_TRIES; + svr_opts.maxauthtries = MAX_AUTH_TRIES; svr_opts.inetdmode = 0; svr_opts.portcount = 0; svr_opts.hostkey = NULL; @@ -341,8 +341,8 @@ if (maxauthtries_arg) { unsigned int val = 0; - if (m_str_to_uint(maxauthtries_arg, &val) == DROPBEAR_FAILURE || - val == 0 || val > MAX_AUTH_TRIES) { + if (m_str_to_uint(maxauthtries_arg, &val) == DROPBEAR_FAILURE + || val == 0) { dropbear_exit("Bad maxauthtries '%s'", maxauthtries_arg); } svr_opts.maxauthtries = val;