mirror of
https://github.com/tmux/tmux.git
synced 2025-09-02 05:21:10 +00:00
When incorrect passwords are entered, behave similarly to login(1) and backoff
for a bit. Based on a diff from martynas@.
This commit is contained in:
Nicholas Marriott
41
server-fn.c
41
server-fn.c
@ -18,6 +18,8 @@
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <login_cap.h>
|
||||
#include <pwd.h>
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
#include <unistd.h>
|
||||
@ -159,12 +161,20 @@ server_status_window(struct window *w)
|
||||
void
|
||||
server_lock(void)
|
||||
{
|
||||
struct client *c;
|
||||
u_int i;
|
||||
struct client *c;
|
||||
static struct passwd *pw, pwstore;
|
||||
static char pwbuf[_PW_BUF_LEN];
|
||||
u_int i;
|
||||
|
||||
if (server_locked)
|
||||
return;
|
||||
|
||||
if (getpwuid_r(getuid(), &pwstore, pwbuf, sizeof pwbuf, &pw) != 0) {
|
||||
server_locked_pw = NULL;
|
||||
return;
|
||||
}
|
||||
server_locked_pw = pw;
|
||||
|
||||
for (i = 0; i < ARRAY_LENGTH(&clients); i++) {
|
||||
c = ARRAY_ITEM(&clients, i);
|
||||
if (c == NULL || c->session == NULL)
|
||||
@ -175,6 +185,7 @@ server_lock(void)
|
||||
"Password:", server_lock_callback, NULL, c, PROMPT_HIDDEN);
|
||||
server_redraw_client(c);
|
||||
}
|
||||
|
||||
server_locked = 1;
|
||||
}
|
||||
|
||||
@ -188,12 +199,16 @@ int
|
||||
server_unlock(const char *s)
|
||||
{
|
||||
struct client *c;
|
||||
login_cap_t *lc;
|
||||
u_int i;
|
||||
char *out;
|
||||
u_int failures, tries, backoff;
|
||||
|
||||
if (!server_locked)
|
||||
if (!server_locked || server_locked_pw == NULL)
|
||||
return (0);
|
||||
server_activity = time(NULL);
|
||||
if (server_activity < password_backoff)
|
||||
return (-2);
|
||||
|
||||
if (server_password != NULL) {
|
||||
if (s == NULL)
|
||||
@ -214,10 +229,13 @@ server_unlock(const char *s)
|
||||
|
||||
server_locked = 0;
|
||||
password_failures = 0;
|
||||
password_backoff = 0;
|
||||
return (0);
|
||||
|
||||
wrong:
|
||||
password_backoff = server_activity;
|
||||
password_failures++;
|
||||
|
||||
for (i = 0; i < ARRAY_LENGTH(&clients); i++) {
|
||||
c = ARRAY_ITEM(&clients, i);
|
||||
if (c == NULL || c->prompt_buffer == NULL)
|
||||
@ -228,6 +246,23 @@ wrong:
|
||||
server_redraw_client(c);
|
||||
}
|
||||
|
||||
/*
|
||||
* Start slowing down after "login-backoff" attempts and reset every
|
||||
* "login-tries" attempts.
|
||||
*/
|
||||
lc = login_getclass(server_locked_pw->pw_class);
|
||||
if (lc != NULL) {
|
||||
tries = login_getcapnum(lc, (char *) "login-tries", 10, 10);
|
||||
backoff = login_getcapnum(lc, (char *) "login-backoff", 3, 3);
|
||||
} else {
|
||||
tries = 10;
|
||||
backoff = 3;
|
||||
}
|
||||
failures = password_failures % tries;
|
||||
if (failures > backoff) {
|
||||
password_backoff += ((failures - backoff) * tries / 2);
|
||||
return (-2);
|
||||
}
|
||||
return (-1);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user