Sync OpenBSD patchset 308:

When incorrect passwords are entered, behave similarly to login(1) and backoff for a bit. Based on a diff from martynas@.
2025-01-15 05:09:04 +00:00 · 2009-09-03 20:44:38 +00:00 · 2009-09-03 20:44:38 +00:00 · f796336a12
commit f796336a12
parent 3b944fe7e8
5 changed files with 60 additions and 9 deletions
--- a/server-fn.c
+++ b/server-fn.c
@ -1,4 +1,4 @@
-/* $Id: server-fn.c,v 1.83 2009-09-02 00:55:49 tcunha Exp $ */
+/* $Id: server-fn.c,v 1.84 2009-09-03 20:44:38 tcunha Exp $ */
 /*
 * Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net>
@ -18,6 +18,8 @@
 #include <sys/types.h>
 #include <login_cap.h>
 #include <pwd.h>
 #include <string.h>
 #include <time.h>
 #include <unistd.h>
@ -160,11 +162,19 @@ void
 server_lock(void)
 {
 	struct client	       *c;
 	static struct passwd   *pw, pwstore;
 	static char		pwbuf[_PW_BUF_LEN];
 	u_int			i;
 	if (server_locked)
 		return;
 	if (getpwuid_r(getuid(), &pwstore, pwbuf, sizeof pwbuf, &pw) != 0) {
 		server_locked_pw = NULL;
 		return;
 	}
 	server_locked_pw = pw;
 	for (i = 0; i < ARRAY_LENGTH(&clients); i++) {
 		c = ARRAY_ITEM(&clients, i);
 		if (c == NULL || c->session == NULL)
@ -175,6 +185,7 @@ server_lock(void)
 		    "Password:", server_lock_callback, NULL, c, PROMPT_HIDDEN);
  		server_redraw_client(c);
 	}
 	server_locked = 1;
 }
@ -188,12 +199,16 @@ int
 server_unlock(const char *s)
 {
 	struct client	*c;
 	login_cap_t	*lc;
 	u_int		 i;
 	char		*out;
 	u_int		 failures, tries, backoff;
-	if (!server_locked)
+	if (!server_locked || server_locked_pw == NULL)
 		return (0);
 	server_activity = time(NULL);
 	if (server_activity < password_backoff)
 		return (-2);
 	if (server_password != NULL) {
 		if (s == NULL)
@ -214,10 +229,13 @@ server_unlock(const char *s)
 	server_locked = 0;
 	password_failures = 0;
 	password_backoff = 0;
 	return (0);
 wrong:
 	password_backoff = server_activity;
 	password_failures++;
 	for (i = 0; i < ARRAY_LENGTH(&clients); i++) {
 		c = ARRAY_ITEM(&clients, i);
 		if (c == NULL || c->prompt_buffer == NULL)
@ -228,6 +246,23 @@ wrong:
  		server_redraw_client(c);
 	}
 	/*
 	 * Start slowing down after "login-backoff" attempts and reset every
 	 * "login-tries" attempts.
 	 */
 	lc = login_getclass(server_locked_pw->pw_class);
 	if (lc != NULL) {
 		tries = login_getcapnum(lc, (char *) "login-tries", 10, 10);
 		backoff = login_getcapnum(lc, (char *) "login-backoff", 3, 3);
 	} else {
 		tries = 10;
 		backoff = 3;
 	}
 	failures = password_failures % tries;
 	if (failures > backoff) {
 		password_backoff += ((failures - backoff) * tries / 2);
 		return (-2);
 	}
 	return (-1);
 }
--- a/server-msg.c
+++ b/server-msg.c
@ -1,4 +1,4 @@
-/* $Id: server-msg.c,v 1.82 2009-08-24 16:24:18 tcunha Exp $ */
+/* $Id: server-msg.c,v 1.83 2009-09-03 20:44:38 tcunha Exp $ */
 /*
 * Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net>
@ -99,8 +99,15 @@ server_msg_dispatch(struct client *c)
 			memcpy(&unlockdata, imsg.data, sizeof unlockdata);
 			unlockdata.pass[(sizeof unlockdata.pass) - 1] = '\0';
-			if (server_unlock(unlockdata.pass) != 0)
+			switch (server_unlock(unlockdata.pass)) {
 			case -1:
 				server_write_error(c, "bad password");
 				break;
 			case -2:
 				server_write_error(c,
 				    "too many bad passwords, sleeping");
 				break;
 			}
 			memset(&unlockdata, 0, sizeof unlockdata);
 			server_write_client(c, MSG_EXIT, NULL, 0);
 			break;
--- a/tmux.1
+++ b/tmux.1
@ -1,4 +1,4 @@
-.\" $Id: tmux.1,v 1.162 2009-09-02 22:45:17 tcunha Exp $
+.\" $Id: tmux.1,v 1.163 2009-09-03 20:44:38 tcunha Exp $
 .\"
 .\" Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net>
 .\"
@ -1209,6 +1209,11 @@ seconds of inactivity.
 The default is off (set to 0).
 This has no effect as a session option; it must be set as a global option using
 .Fl g .
 When passwords are entered incorrectly,
 .Nm
 follows the behaviour of
 .Xr login 1
 and ignores further password attempts for an increasing timeout.
 .It Ic message-attr Ar attributes
 Set status line message attributes, where
 .Ar attributes
--- a/tmux.c
+++ b/tmux.c
@ -1,4 +1,4 @@
-/* $Id: tmux.c,v 1.168 2009-09-02 01:02:44 tcunha Exp $ */
+/* $Id: tmux.c,v 1.169 2009-09-03 20:44:38 tcunha Exp $ */
 /*
 * Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net>
@ -52,7 +52,9 @@ struct options	 global_w_options;	/* window options */
 struct environ	 global_environ;
 int		 server_locked;
 struct passwd	*server_locked_pw;
 u_int		 password_failures;
 time_t		 password_backoff;
 char		*server_password;
 time_t		 server_activity;
--- a/tmux.h
+++ b/tmux.h
@ -1,4 +1,4 @@
-/* $Id: tmux.h,v 1.434 2009-09-02 22:45:17 tcunha Exp $ */
+/* $Id: tmux.h,v 1.435 2009-09-03 20:44:38 tcunha Exp $ */
 /*
 * Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net>
@ -1106,7 +1106,9 @@ extern struct options global_w_options;
 extern struct environ global_environ;
 extern char	*cfg_file;
 extern int	 server_locked;
 extern struct passwd *server_locked_pw;
 extern u_int	 password_failures;
 extern time_t	 password_backoff;
 extern char	*server_password;
 extern time_t	 server_activity;
 extern int	 debug_level;