IABSD.fr/src/usr.bin/ssh/srclimit.h

Branch : - branch - master - tag -

• Show log

  Commit

• Author : dtucker
  Date : 2025-12-16 08:32:50
  Hash : 97194383
  Message : Add 'invaliduser' penalty to PerSourcePenalties, which is applied to login attempts for usernames that do not match real accounts. Defaults to 5s to match 'authfail' but allows administrators to block such sources for longer if desired. with & ok djm@

• usr.bin/ssh/srclimit.h

• /*
   * Copyright (c) 2020 Darren Tucker <dtucker@openbsd.org>
   *
   * Permission to use, copy, modify, and distribute this software for any
   * purpose with or without fee is hereby granted, provided that the above
   * copyright notice and this permission notice appear in all copies.
   *
   * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
   * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
   * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
   * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
   * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
   */
  struct xaddr;
  
  struct per_source_penalty;
  
  void	srclimit_init(int, int, int, int,
      struct per_source_penalty *, const char *);
  int	srclimit_check_allow(int, int);
  void	srclimit_done(int);
  
  #define SRCLIMIT_PENALTY_NONE			0
  #define SRCLIMIT_PENALTY_CRASH			1
  #define SRCLIMIT_PENALTY_AUTHFAIL		2
  #define SRCLIMIT_PENALTY_GRACE_EXCEEDED		3
  #define SRCLIMIT_PENALTY_NOAUTH			4
  #define SRCLIMIT_PENALTY_REFUSECONNECTION	5
  #define SRCLIMIT_PENALTY_INVALIDUSER		6
  
  /* meaningful exit values, used by sshd listener for penalties */
  #define EXIT_LOGIN_GRACE	3	/* login grace period exceeded */
  #define EXIT_CHILD_CRASH	4	/* preauth child crashed */
  #define EXIT_AUTH_ATTEMPTED	5	/* at least one auth attempt made */
  #define EXIT_CONFIG_REFUSED	6	/* sshd_config RefuseConnection */
  #define EXIT_INVALID_USER	7	/* invalid user supplied */
  
  void	srclimit_penalise(struct xaddr *, int);
  int	srclimit_penalty_check_allow(int, const char **);
  void	srclimit_penalty_info(void);