Add delay on authentication failures This provides some basic rate limiting that will make it difficult for an attacker to brute force passwords. Only relevant when the blacklist is disabled as otherwise the attacker only gets a very limited number of attempts.

commit: 88a94ed13ac4574d762cbf1486a701cde2ba1f9b [log] [tgz]
author: Pierre Ossman <ossman@cendio.se> Mon Apr 01 14:22:01 2019 +0200
committer: Pierre Ossman <ossman@cendio.se> Mon Apr 01 14:22:01 2019 +0200
tree: cc996a13d2bd7c829a40152e242c17e065d6638b
parent: 7240f62ddc06643f982456c05c11d8afe5422069 [diff] [blame]
diff --git a/common/rfb/VNCSConnectionST.h b/common/rfb/VNCSConnectionST.h
index 662d9f3..a9a8d3a 100644
--- a/common/rfb/VNCSConnectionST.h
+++ b/common/rfb/VNCSConnectionST.h

@@ -109,6 +109,7 @@
     // These methods are invoked as callbacks from processMsg()
 
     virtual void authSuccess();
+    virtual void authFailure(const char* reason);
     virtual void queryConnection(const char* userName);
     virtual void clientInit(bool shared);
     virtual void setPixelFormat(const PixelFormat& pf);
@@ -184,6 +185,9 @@
     Point pointerEventPos;
     bool clientHasCursor;
 
+    Timer authFailureTimer;
+    CharArray authFailureMsg;
+
     CharArray closeReason;
   };
 }
commit	88a94ed13ac4574d762cbf1486a701cde2ba1f9b	[log] [tgz]
author	Pierre Ossman <ossman@cendio.se>	Mon Apr 01 14:22:01 2019 +0200
committer	Pierre Ossman <ossman@cendio.se>	Mon Apr 01 14:22:01 2019 +0200
tree	cc996a13d2bd7c829a40152e242c17e065d6638b
parent	7240f62ddc06643f982456c05c11d8afe5422069 [diff] [blame]