Re: [9fans] standalone authserver on CF card

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: erik quanstrom <quanstro@coraid.com>
To: 9fans@9fans.net
Subject: Re: [9fans] standalone authserver on CF card
Date: Mon, 14 Apr 2008 12:13:22 -0400	[thread overview]
Message-ID: <242353c55a20c843fc4187646ca07360@coraid.com> (raw)
In-Reply-To: <6c5ae98825f18645410a8cf7ab4cf8a7@csplan9.rit.edu>

this really helps us.  i know that steve has a list of bad
ftp users to reject out-of-hand, but this exponential backoff
keeps the bad guys from bothering our auth server enough to
notice.  we still get quite a few connections, though

- erik


/n/sources/plan9//sys/src/cmd/ip/ftpd.c:519,524 - ftpd.c:519,528
  int
  usercmd(char *name)
  {
+ 	static int usercmds = 1000;
+
+ 	if(usercmds <<= 1 > 2000)
+ 		sleep(usercmds);
  	logit("user %s %s", name, nci->rsys);
  	if(loggedin)
  		return reply("530 Already logged in as %s", user);
/n/sources/plan9//sys/src/cmd/ip/ftpd.c:537,542 - ftpd.c:541,548
  		strcpy(user, "none");
  	else if(anon_everybody)
  		strcpy(user,"none");
+ 	if(strcmp(user, "Administrator") == 0)
+ 		return reply("530 no way jose");
  	if(strcmp(user, "*none") == 0){
  		if(!anon_ok)
  			return reply("530 Not logged in: anonymous disallowed");
/n/sources/plan9//sys/src/cmd/ip/ftpd.c:593,600 - ftpd.c:599,606
  		ch->nresp = strlen(response);
  		ai = auth_response(ch);
  		if(ai == nil) {
- 			static long delay = 100;
-
+ 			static long delay = 1000;
+ hoser:
  			sleep(delay);		/* deter password-guessers */
  			if (delay < 60*1000)
  				delay *= 2;
/n/sources/plan9//sys/src/cmd/ip/ftpd.c:601,607 - ftpd.c:607,613
  			return reply("530 Not logged in: %r");
  		}
  		if(auth_chuid(ai, nil) < 0)
- 			return reply("530 Not logged in: %r");
+ 			goto hoser;
  		auth_freechal(ch);
  		ch = nil;

next prev parent reply	other threads:[~2008-04-14 16:13 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-04-14 15:22 Matthias Teege
2008-04-14 15:51 ` erik quanstrom
2008-04-14 16:01   ` john
2008-04-14 16:13     ` erik quanstrom [this message]
2008-04-14 16:06   ` Matthias Teege
2008-04-14 16:19     ` erik quanstrom
2008-04-14 16:40     ` John Stalker
2008-04-15  7:26       ` Matthias Teege
2008-04-15 11:31   ` kokamoto
2008-04-15 12:32     ` Matthias Teege

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=242353c55a20c843fc4187646ca07360@coraid.com \
    --to=quanstro@coraid.com \
    --cc=9fans@9fans.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).