diff options
Diffstat (limited to 'package/network/services/dropbear/patches/010-runtime-maxauthtries.patch')
-rw-r--r-- | package/network/services/dropbear/patches/010-runtime-maxauthtries.patch | 130 |
1 files changed, 0 insertions, 130 deletions
diff --git a/package/network/services/dropbear/patches/010-runtime-maxauthtries.patch b/package/network/services/dropbear/patches/010-runtime-maxauthtries.patch deleted file mode 100644 index 26db3181f2..0000000000 --- a/package/network/services/dropbear/patches/010-runtime-maxauthtries.patch +++ /dev/null @@ -1,130 +0,0 @@ -From 46b22e57d91e33a591d0fba97da52672af4d6ed2 Mon Sep 17 00:00:00 2001 -From: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> -Date: Mon, 29 May 2017 10:25:09 +0100 -Subject: [PATCH] dropbear server: support -T max auth tries - -Add support for '-T n' for a run-time specification for maximum number -of authentication attempts where 'n' is between 1 and compile time -option MAX_AUTH_TRIES. - -A default number of tries can be specified at compile time using -'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for -backwards compatibility. - -Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> ---- - options.h | 7 +++++++ - runopts.h | 1 + - svr-auth.c | 2 +- - svr-runopts.c | 17 +++++++++++++++++ - 4 files changed, 26 insertions(+), 1 deletion(-) - -diff --git a/options.h b/options.h -index 0c51bb1..4d22704 100644 ---- a/options.h -+++ b/options.h -@@ -284,6 +284,13 @@ Homedir is prepended unless path begins with / */ - #define MAX_AUTH_TRIES 10 - #endif - -+/* Default maximum number of failed authentication tries. -+ * defaults to MAX_AUTH_TRIES */ -+ -+#ifndef DEFAULT_AUTH_TRIES -+#define DEFAULT_AUTH_TRIES MAX_AUTH_TRIES -+#endif -+ - /* The default file to store the daemon's process ID, for shutdown - scripts etc. This can be overridden with the -P flag */ - #ifndef DROPBEAR_PIDFILE -diff --git a/runopts.h b/runopts.h -index f7c869d..2f7da63 100644 ---- a/runopts.h -+++ b/runopts.h -@@ -96,6 +96,7 @@ typedef struct svr_runopts { - int noauthpass; - int norootpass; - int allowblankpass; -+ unsigned int maxauthtries; - - #ifdef ENABLE_SVR_REMOTETCPFWD - int noremotetcp; -diff --git a/svr-auth.c b/svr-auth.c -index 577ea88..6a7ce0b 100644 ---- a/svr-auth.c -+++ b/svr-auth.c -@@ -362,7 +362,7 @@ void send_msg_userauth_failure(int partial, int incrfail) { - ses.authstate.failcount++; - } - -- if (ses.authstate.failcount >= MAX_AUTH_TRIES) { -+ if (ses.authstate.failcount >= svr_opts.maxauthtries) { - char * userstr; - /* XXX - send disconnect ? */ - TRACE(("Max auth tries reached, exiting")) -diff --git a/svr-runopts.c b/svr-runopts.c -index 8f60059..1e7440f 100644 ---- a/svr-runopts.c -+++ b/svr-runopts.c -@@ -73,6 +73,7 @@ static void printhelp(const char * progname) { - "-g Disable password logins for root\n" - "-B Allow blank password logins\n" - #endif -+ "-T <1 to %d> Maximum authentication tries (default %d)\n" - #ifdef ENABLE_SVR_LOCALTCPFWD - "-j Disable local port forwarding\n" - #endif -@@ -106,6 +107,7 @@ static void printhelp(const char * progname) { - #ifdef DROPBEAR_ECDSA - ECDSA_PRIV_FILENAME, - #endif -+ MAX_AUTH_TRIES, DEFAULT_AUTH_TRIES, - DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, - DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); - } -@@ -118,6 +120,7 @@ void svr_getopts(int argc, char ** argv) { - char* recv_window_arg = NULL; - char* keepalive_arg = NULL; - char* idle_timeout_arg = NULL; -+ char* maxauthtries_arg = NULL; - char* keyfile = NULL; - char c; - -@@ -130,6 +133,7 @@ void svr_getopts(int argc, char ** argv) { - svr_opts.noauthpass = 0; - svr_opts.norootpass = 0; - svr_opts.allowblankpass = 0; -+ svr_opts.maxauthtries = DEFAULT_AUTH_TRIES; - svr_opts.inetdmode = 0; - svr_opts.portcount = 0; - svr_opts.hostkey = NULL; -@@ -234,6 +238,9 @@ void svr_getopts(int argc, char ** argv) { - case 'I': - next = &idle_timeout_arg; - break; -+ case 'T': -+ next = &maxauthtries_arg; -+ break; - #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) - case 's': - svr_opts.noauthpass = 1; -@@ -330,6 +337,16 @@ void svr_getopts(int argc, char ** argv) { - dropbear_exit("Bad recv window '%s'", recv_window_arg); - } - } -+ -+ if (maxauthtries_arg) { -+ unsigned int val = 0; -+ if (m_str_to_uint(maxauthtries_arg, &val) == DROPBEAR_FAILURE || -+ val == 0 || val > MAX_AUTH_TRIES) { -+ dropbear_exit("Bad maxauthtries '%s'", maxauthtries_arg); -+ } -+ svr_opts.maxauthtries = val; -+ } -+ - - if (keepalive_arg) { - unsigned int val; --- -2.7.4 - |