SASL: rate-limit after the 2nd failed attempt (m_sasl.c)
This commit is contained in:
parent
c6d884e877
commit
46ef49c390
1 changed files with 6 additions and 2 deletions
|
@ -250,7 +250,11 @@ me_sasl(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_
|
||||||
{
|
{
|
||||||
if(*target_p->name)
|
if(*target_p->name)
|
||||||
{
|
{
|
||||||
target_p->localClient->sasl_failures++;
|
/* Allow 2 tries before rate-limiting as some clients try EXTERNAL
|
||||||
|
* then PLAIN right after it if the auth failed, causing the client to be
|
||||||
|
* rate-limited immediately and not being able to login with SASL.
|
||||||
|
*/
|
||||||
|
if (target_p->localClient->sasl_failures++ > 0)
|
||||||
target_p->localClient->sasl_next_retry = rb_current_time() + (1 << MIN(target_p->localClient->sasl_failures + 5, 13));
|
target_p->localClient->sasl_next_retry = rb_current_time() + (1 << MIN(target_p->localClient->sasl_failures + 5, 13));
|
||||||
}
|
}
|
||||||
else if(throttle_add((struct sockaddr*)&target_p->localClient->ip))
|
else if(throttle_add((struct sockaddr*)&target_p->localClient->ip))
|
||||||
|
|
Loading…
Reference in a new issue