9pfs/solanum-vs-hackint-and-charybdis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SASL: rate-limit after the 2nd failed attempt (m_sasl.c)

Browse source
This commit is contained in:
Xenthys 2016-10-02 03:57:11 +02:00
parent c6d884e877
commit 46ef49c390
No known key found for this signature in database
GPG key ID: D68FF79CEE9A9B69
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
modules/m_sasl.c
View file

@ -250,8 +250,12 @@ me_sasl(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_
{ {
if(*target_p->name) if(*target_p->name)
{ {
target_p->localClient->sasl_failures++; /* Allow 2 tries before rate-limiting as some clients try EXTERNAL
target_p->localClient->sasl_next_retry = rb_current_time() + (1 << MIN(target_p->localClient->sasl_failures + 5, 13)); * then PLAIN right after it if the auth failed, causing the client to be
* rate-limited immediately and not being able to login with SASL.
*/
if (target_p->localClient->sasl_failures++ > 0)
target_p->localClient->sasl_next_retry = rb_current_time() + (1 << MIN(target_p->localClient->sasl_failures + 5, 13));
} }
else if(throttle_add((struct sockaddr*)&target_p->localClient->ip)) else if(throttle_add((struct sockaddr*)&target_p->localClient->ip))
{ {