Date: Sun, 23 Feb 1997 09:55:59 -0800 (PST) From: richterb@furball.wellsfargo.com To: freebsd-gnats-submit@freebsd.org Subject: bin/2805: remove hard coded slowdown count and failed login count Message-ID: <199702231755.JAA21913@freefall.freebsd.org> Resent-Message-ID: <199702231800.KAA22201@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 2805
>Category: bin
>Synopsis: remove hard coded slowdown count and failed login count
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sun Feb 23 10:00:01 PST 1997
>Last-Modified:
>Originator: Bill Richter
>Organization:
>Release: 2.2-GAMMA
>Environment:
FreeBSD binkley 2.2-GAMMA FreeBSD 2.2-GAMMA #2: Mon Feb 17 14:29:56 PST
1997 richterb@binkley:/usr/src/sys/compile/BINKLEY i386
>Description:
Both 3 and 10 are hardcoded numbers and 10 is a lot of
attempts at a failed login even with the default delay
commencing after 3 failures. Just change 3 and 10 to
defines instead would make customization of the function
easier. Would prefer moving the numbers out to a configuration
file but alas that might be a bit more complicated.
/* we allow 10 tries, but after 3 we start backing off */
if (++cnt > 3) {
if (cnt >= 10) {
badlogin(username);
sleepexit(1);
}
>How-To-Repeat:
n/a
>Fix:
*** login.c Sun Feb 23 09:47:42 1997
--- mylogin.c Sun Feb 23 09:47:27 1997
***************
*** 94,99 ****
--- 94,101 ----
extern void login __P((struct utmp *));
#define TTYGRPNAME "tty" /* name of group to own ttys */
+ #define RETRY 3 /* count before slowing prompt *
/
+ #define BAD_ATTEMPTS 10 /* count before aborting login *
/
/*
* This bounds the time given to login. Not a define so it can
***************
*** 341,351 ****
(void)printf("Login incorrect\n");
failures++;
! /* we allow 10 tries, but after 3 we start backing off */
! if (++cnt > 3) {
! if (cnt >= 10) {
! badlogin(username);
! sleepexit(1);
}
sleep((u_int)((cnt - 3) * 5));
}
--- 343,355 ----
(void)printf("Login incorrect\n");
failures++;
!
! /* when bad logins exceeds BAD_ATTEMPTS, we exit but when
! bad logins exceeds RETRY we start adding delay to the prompt */
! if (++cnt > RETRY) {
! if (cnt >= BAD_ATTEMPTS) {
! badlogin(username);
! sleepexit(1);
}
sleep((u_int)((cnt - 3) * 5));
}
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702231755.JAA21913>