From nobody  Sun Feb 23 09:55:59 1997
Received: (from nobody@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id JAA21913;
          Sun, 23 Feb 1997 09:55:59 -0800 (PST)
Message-Id: <199702231755.JAA21913@freefall.freebsd.org>
Date: Sun, 23 Feb 1997 09:55:59 -0800 (PST)
From: richterb@furball.wellsfargo.com
To: freebsd-gnats-submit@freebsd.org
Subject: remove hard coded slowdown count and failed login count
X-Send-Pr-Version: www-1.0

>Number:         2805
>Category:       bin
>Synopsis:       remove hard coded slowdown count and failed login count
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    davidn
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Feb 23 10:00:01 PST 1997
>Closed-Date:    Wed Mar 19 03:29:49 EST 1997
>Last-Modified:  Wed Mar 19 03:30:56 EST 1997
>Originator:     Bill Richter
>Release:        2.2-GAMMA
>Organization:
>Environment:
FreeBSD binkley 2.2-GAMMA FreeBSD 2.2-GAMMA #2: Mon Feb 17 14:29:56 PST
 1997     richterb@binkley:/usr/src/sys/compile/BINKLEY  i386

>Description:
Both 3 and 10 are hardcoded numbers and 10 is a lot of
attempts at a failed login even with the default delay
commencing after 3 failures.  Just change 3 and 10 to
defines instead would make customization of the function
easier.  Would prefer moving the numbers out to a configuration
file but alas that might be a bit more complicated. 

/* we allow 10 tries, but after 3 we start backing off */
                if (++cnt > 3) {
                        if (cnt >= 10) {
                                badlogin(username);
                                sleepexit(1);
                        }

>How-To-Repeat:
n/a
>Fix:
*** login.c     Sun Feb 23 09:47:42 1997
--- mylogin.c   Sun Feb 23 09:47:27 1997
***************
*** 94,99 ****
--- 94,101 ----
  extern void login __P((struct utmp *));

  #define       TTYGRPNAME      "tty"           /* name of group to own ttys */
+ #define RETRY 3                               /* count before slowing prompt *
/
+ #define BAD_ATTEMPTS 10                       /* count before aborting login *
/

  /*
   * This bounds the time given to login.  Not a define so it can
***************
*** 341,351 ****

                (void)printf("Login incorrect\n");
                failures++;
!               /* we allow 10 tries, but after 3 we start backing off */
!               if (++cnt > 3) {
!                       if (cnt >= 10) {
!                               badlogin(username);
!                               sleepexit(1);
                        }
                        sleep((u_int)((cnt - 3) * 5));
                }
--- 343,355 ----

                (void)printf("Login incorrect\n");
                failures++;
! 
!          /* when bad logins exceeds BAD_ATTEMPTS, we exit but when
!             bad logins exceeds RETRY we start adding delay to the prompt */
!                        if (++cnt > RETRY) {
!                                if (cnt >= BAD_ATTEMPTS) {
!                                        badlogin(username);
!                                        sleepexit(1);
                        }
                        sleep((u_int)((cnt - 3) * 5));
                }       


>Release-Note:
>Audit-Trail:

From: David Nugent <davidn@labs.usn.blaze.net.au>
To: richterb@furball.wellsfargo.com
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: bin/2805: remove hard coded slowdown count and failed login count
Date: Mon, 24 Feb 1997 15:08:43 +1100

 On Feb 02, 1997 at 09:55:59AM, richterb@furball.wellsfargo.com wrote:
 > >Description:
 > Both 3 and 10 are hardcoded numbers and 10 is a lot of
 > attempts at a failed login even with the default delay
 > commencing after 3 failures.  Just change 3 and 10 to
 > defines instead would make customization of the function
 > easier.  Would prefer moving the numbers out to a configuration
 > file but alas that might be a bit more complicated. 
 
 No, actually, it wouldn't. It could be done via login.conf
 capabilities. I'll add this to my todo list for login.
 
 
 Regards,
 
 David Nugent - Unique Computing Pty Ltd - Melbourne, Australia
 Voice +61-3-9791-9547  Data/BBS +61-3-9792-3507  3:632/348@fidonet
 davidn@freebsd.org davidn@blaze.net.au http://www.blaze.net.au/~davidn/
Responsible-Changed-From-To: freebsd-bugs->davidn 
Responsible-Changed-By: davidn 
Responsible-Changed-When: Mon Feb 24 15:12:20 EST 1997 
Responsible-Changed-Why:  
I'll take care of this too. 
State-Changed-From-To: open->closed 
State-Changed-By: davidn 
State-Changed-When: Wed Mar 19 03:29:49 EST 1997 
State-Changed-Why:  
Feature added + login.conf "login-retries" "login-backoff" 
in revion 1.19 of login.c. 
>Unformatted:
