Add delay on authentication failures This provides some basic rate limiting that will make it difficult for an attacker to brute force passwords. Only relevant when the blacklist is disabled as otherwise the attacker only gets a very limited number of attempts.

commit: 88a94ed13ac4574d762cbf1486a701cde2ba1f9b [log] [tgz]
author: Pierre Ossman <ossman@cendio.se> Mon Apr 01 14:22:01 2019 +0200
committer: Pierre Ossman <ossman@cendio.se> Mon Apr 01 14:22:01 2019 +0200
tree: cc996a13d2bd7c829a40152e242c17e065d6638b
parent: 7240f62ddc06643f982456c05c11d8afe5422069 [diff] [blame]
diff --git a/common/rfb/SConnection.h b/common/rfb/SConnection.h
index 2630240..31d1cb2 100644
--- a/common/rfb/SConnection.h
+++ b/common/rfb/SConnection.h

@@ -92,6 +92,10 @@
     // authSuccess() is called when authentication has succeeded.
     virtual void authSuccess();
 
+    // authFailure() is called when authentication has failed. The default
+    // implementation will inform the client and throw a AuthFailureException.
+    virtual void authFailure(const char* reason);
+
     // queryConnection() is called when authentication has succeeded, but
     // before informing the client.  It can be overridden to query a local user
     // to accept the incoming connection, for example.  The userName argument
@@ -160,6 +164,7 @@
       RFBSTATE_PROTOCOL_VERSION,
       RFBSTATE_SECURITY_TYPE,
       RFBSTATE_SECURITY,
+      RFBSTATE_SECURITY_FAILURE,
       RFBSTATE_QUERYING,
       RFBSTATE_INITIALISATION,
       RFBSTATE_NORMAL,
commit	88a94ed13ac4574d762cbf1486a701cde2ba1f9b	[log] [tgz]
author	Pierre Ossman <ossman@cendio.se>	Mon Apr 01 14:22:01 2019 +0200
committer	Pierre Ossman <ossman@cendio.se>	Mon Apr 01 14:22:01 2019 +0200
tree	cc996a13d2bd7c829a40152e242c17e065d6638b
parent	7240f62ddc06643f982456c05c11d8afe5422069 [diff] [blame]