- Add adaptive authentication failure delay

- Rework monotonic_now/gettime_wrapper and use clock_gettime on more platforms
2025-06-26 18:17:32 +00:00 · 2018-11-05 23:36:34 +08:00
parent 6f6ef4834c
commit 02ffdd09dc
6 changed files with 96 additions and 49 deletions
--- a/auth.h
+++ b/auth.h
@@ -108,11 +108,14 @@ struct AuthState {
 	unsigned int authdone; /* 0 if we haven't authed, 1 if we have. Applies for
 							  client and server (though has differing 
 							  meanings). */
+
 	unsigned int perm_warn; /* Server only, set if bad permissions on 
 							   ~/.ssh/authorized_keys have already been
 							   logged. */
 	unsigned int checkusername_failed;  /* Server only, set if checkusername
 	                                has already failed */
+	struct timespec auth_starttime; /* Server only, time of receiving current 
+									SSH_MSG_USERAUTH_REQUEST */

 	/* These are only used for the server */
 	uid_t pw_uid;