Allow blacklist to be disabled
There might be multiple clients using a single IP (e.g. NAT), which
can make the blacklist do more harm than good. So add a setting to
disable it if needed.
diff --git a/common/rfb/Blacklist.cxx b/common/rfb/Blacklist.cxx
index 243d173..86917c1 100644
--- a/common/rfb/Blacklist.cxx
+++ b/common/rfb/Blacklist.cxx
@@ -20,6 +20,10 @@
using namespace rfb;
+BoolParameter enabled("UseBlacklist",
+ "Temporarily reject connections from a host if it "
+ "repeatedly fails to authenticate.",
+ true);
IntParameter threshold("BlacklistThreshold",
"The number of unauthenticated connection attempts "
"allowed from any individual host before that host "
@@ -44,6 +48,9 @@
}
bool Blacklist::isBlackmarked(const char* name) {
+ if (!enabled)
+ return false;
+
BlacklistMap::iterator i = blm.find(name);
if (i == blm.end()) {
// Entry is not already black-marked.
diff --git a/unix/x0vncserver/x0vncserver.man b/unix/x0vncserver/x0vncserver.man
index 2e6edc4..b54fcb4 100644
--- a/unix/x0vncserver/x0vncserver.man
+++ b/unix/x0vncserver/x0vncserver.man
@@ -142,6 +142,11 @@
See the GnuTLS manual for possible values. Default is \fBNORMAL\fP.
.
.TP
+.B \-UseBlacklist
+Temporarily reject connections from a host if it repeatedly fails to
+authenticate. Default is on.
+.
+.TP
.B \-BlacklistThreshold \fIcount\fP
The number of unauthenticated connection attempts allowed from any individual
host before that host is black-listed. Default is 5.
diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man
index 9991650..9c8a889 100644
--- a/unix/xserver/hw/vnc/Xvnc.man
+++ b/unix/xserver/hw/vnc/Xvnc.man
@@ -231,6 +231,11 @@
See the GnuTLS manual for possible values. Default is \fBNORMAL\fP.
.
.TP
+.B \-UseBlacklist
+Temporarily reject connections from a host if it repeatedly fails to
+authenticate. Default is on.
+.
+.TP
.B \-BlacklistThreshold \fIcount\fP
The number of unauthenticated connection attempts allowed from any individual
host before that host is black-listed. Default is 5.