Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range

2025-01-31 02:46:58 +00:00 · 2017-06-27 22:20:38 +08:00 · 2017-06-27 22:20:38 +08:00 · 74ace058a6
commit 74ace058a6
parent 96382d52ab
4 changed files with 10 additions and 18 deletions
--- a/default_options.h
+++ b/default_options.h
@ -380,17 +380,12 @@ Homedir is prepended unless path begins with / */
 #define MAX_UNAUTH_CLIENTS 30
 #endif

-/* Maximum number of failed authentication tries (server option) */
+/* Default maximum number of failed authentication tries (server option) */
+/* -T runtime option overrides */
 #ifndef MAX_AUTH_TRIES
 #define MAX_AUTH_TRIES 10
 #endif

-/* Default maximum number of failed authentication tries.
- * defaults to MAX_AUTH_TRIES */
-#ifndef DEFAULT_AUTH_TRIES
-#define DEFAULT_AUTH_TRIES MAX_AUTH_TRIES
-#endif
-
 /* The default file to store the daemon's process ID, for shutdown
   scripts etc. This can be overridden with the -P flag */
 #ifndef DROPBEAR_PIDFILE
--- a/default_options.h.in
+++ b/default_options.h.in
@ -258,13 +258,10 @@ Homedir is prepended unless path begins with / */
 * come from many IPs */
 #define MAX_UNAUTH_CLIENTS 30

-/* Maximum number of failed authentication tries (server option) */
+/* Default maximum number of failed authentication tries (server option) */
+/* -T server option overrides */
 #define MAX_AUTH_TRIES 10

-/* Default maximum number of failed authentication tries.
- * defaults to MAX_AUTH_TRIES */
-#define DEFAULT_AUTH_TRIES MAX_AUTH_TRIES
-
 /* The default file to store the daemon's process ID, for shutdown
   scripts etc. This can be overridden with the -P flag */
 #define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
--- a/dropbear.8
+++ b/dropbear.8
@ -92,7 +92,7 @@ if 0 disables keepalives. If no response is received for 3 consecutive keepalive
 Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
 .TP
 .B \-T \fImax_authentication_attempts
-Disconnect the session if number of authentication attempts is exceeded. default is set at compile time to DEFAULT_AUTH_TRIES which itself defaults to MAX_AUTH_TRIES (10)
+Set the number of authentication attempts allowed per connection. If unspecified the default is 10 (MAX_AUTH_TRIES)
 .TP
 .B \-c \fIforced_command
 Disregard the command provided by the user and always run \fIforced_command\fR. This also
--- a/svr-runopts.c
+++ b/svr-runopts.c
@ -73,7 +73,7 @@ static void printhelp(const char * progname) {
 					"-g		Disable password logins for root\n"
 					"-B		Allow blank password logins\n"
 #endif
-					"-T <1 to %d> 	Maximum authentication tries (default %d)\n"
+					"-T		Maximum authentication tries (default %d)\n"
 #if DROPBEAR_SVR_LOCALTCPFWD
 					"-j		Disable local port forwarding\n"
 #endif
@ -108,7 +108,7 @@ static void printhelp(const char * progname) {
 #if DROPBEAR_ECDSA
 					ECDSA_PRIV_FILENAME,
 #endif
-					MAX_AUTH_TRIES, DEFAULT_AUTH_TRIES,
+					MAX_AUTH_TRIES,
 					DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE,
 					DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
 }
@ -135,7 +135,7 @@ void svr_getopts(int argc, char ** argv) {
 	svr_opts.noauthpass = 0;
 	svr_opts.norootpass = 0;
 	svr_opts.allowblankpass = 0;
-	svr_opts.maxauthtries = DEFAULT_AUTH_TRIES;
+	svr_opts.maxauthtries = MAX_AUTH_TRIES;
 	svr_opts.inetdmode = 0;
 	svr_opts.portcount = 0;
 	svr_opts.hostkey = NULL;
@ -341,8 +341,8 @@ void svr_getopts(int argc, char ** argv) {

 	if (maxauthtries_arg) {
 		unsigned int val = 0;
-		if (m_str_to_uint(maxauthtries_arg, &val) == DROPBEAR_FAILURE ||
-			val == 0 || val > MAX_AUTH_TRIES) {
+		if (m_str_to_uint(maxauthtries_arg, &val) == DROPBEAR_FAILURE 
+			|| val == 0) {
 			dropbear_exit("Bad maxauthtries '%s'", maxauthtries_arg);
 		}
 		svr_opts.maxauthtries = val;