changeset 1445:a3a96dbf9a58

Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
author Matt Johnston <matt@ucc.asn.au>
date Tue, 27 Jun 2017 22:20:38 +0800
parents bfed37d12d90
children b8764eee6bdb
files default_options.h default_options.h.in dropbear.8 svr-runopts.c
diffstat 4 files changed, 10 insertions(+), 18 deletions(-) [+]
line wrap: on
line diff
--- a/default_options.h	Tue Jun 27 22:18:18 2017 +0800
+++ b/default_options.h	Tue Jun 27 22:20:38 2017 +0800
@@ -380,17 +380,12 @@
 #define MAX_UNAUTH_CLIENTS 30
 #endif
 
-/* Maximum number of failed authentication tries (server option) */
+/* Default maximum number of failed authentication tries (server option) */
+/* -T runtime option overrides */
 #ifndef MAX_AUTH_TRIES
 #define MAX_AUTH_TRIES 10
 #endif
 
-/* Default maximum number of failed authentication tries.
- * defaults to MAX_AUTH_TRIES */
-#ifndef DEFAULT_AUTH_TRIES
-#define DEFAULT_AUTH_TRIES MAX_AUTH_TRIES
-#endif
-
 /* The default file to store the daemon's process ID, for shutdown
    scripts etc. This can be overridden with the -P flag */
 #ifndef DROPBEAR_PIDFILE
--- a/default_options.h.in	Tue Jun 27 22:18:18 2017 +0800
+++ b/default_options.h.in	Tue Jun 27 22:20:38 2017 +0800
@@ -258,13 +258,10 @@
  * come from many IPs */
 #define MAX_UNAUTH_CLIENTS 30
 
-/* Maximum number of failed authentication tries (server option) */
+/* Default maximum number of failed authentication tries (server option) */
+/* -T server option overrides */
 #define MAX_AUTH_TRIES 10
 
-/* Default maximum number of failed authentication tries.
- * defaults to MAX_AUTH_TRIES */
-#define DEFAULT_AUTH_TRIES MAX_AUTH_TRIES
-
 /* The default file to store the daemon's process ID, for shutdown
    scripts etc. This can be overridden with the -P flag */
 #define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
--- a/dropbear.8	Tue Jun 27 22:18:18 2017 +0800
+++ b/dropbear.8	Tue Jun 27 22:20:38 2017 +0800
@@ -92,7 +92,7 @@
 Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
 .TP
 .B \-T \fImax_authentication_attempts
-Disconnect the session if number of authentication attempts is exceeded. default is set at compile time to DEFAULT_AUTH_TRIES which itself defaults to MAX_AUTH_TRIES (10)
+Set the number of authentication attempts allowed per connection. If unspecified the default is 10 (MAX_AUTH_TRIES)
 .TP
 .B \-c \fIforced_command
 Disregard the command provided by the user and always run \fIforced_command\fR. This also
--- a/svr-runopts.c	Tue Jun 27 22:18:18 2017 +0800
+++ b/svr-runopts.c	Tue Jun 27 22:20:38 2017 +0800
@@ -73,7 +73,7 @@
 					"-g		Disable password logins for root\n"
 					"-B		Allow blank password logins\n"
 #endif
-					"-T <1 to %d> 	Maximum authentication tries (default %d)\n"
+					"-T		Maximum authentication tries (default %d)\n"
 #if DROPBEAR_SVR_LOCALTCPFWD
 					"-j		Disable local port forwarding\n"
 #endif
@@ -108,7 +108,7 @@
 #if DROPBEAR_ECDSA
 					ECDSA_PRIV_FILENAME,
 #endif
-					MAX_AUTH_TRIES, DEFAULT_AUTH_TRIES,
+					MAX_AUTH_TRIES,
 					DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE,
 					DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
 }
@@ -135,7 +135,7 @@
 	svr_opts.noauthpass = 0;
 	svr_opts.norootpass = 0;
 	svr_opts.allowblankpass = 0;
-	svr_opts.maxauthtries = DEFAULT_AUTH_TRIES;
+	svr_opts.maxauthtries = MAX_AUTH_TRIES;
 	svr_opts.inetdmode = 0;
 	svr_opts.portcount = 0;
 	svr_opts.hostkey = NULL;
@@ -341,8 +341,8 @@
 
 	if (maxauthtries_arg) {
 		unsigned int val = 0;
-		if (m_str_to_uint(maxauthtries_arg, &val) == DROPBEAR_FAILURE ||
-			val == 0 || val > MAX_AUTH_TRIES) {
+		if (m_str_to_uint(maxauthtries_arg, &val) == DROPBEAR_FAILURE 
+			|| val == 0) {
 			dropbear_exit("Bad maxauthtries '%s'", maxauthtries_arg);
 		}
 		svr_opts.maxauthtries = val;