1cffc2a7aSchristos /* 2cffc2a7aSchristos * Copyright (c) 2020 Darren Tucker <dtucker@openbsd.org> 3cffc2a7aSchristos * 4cffc2a7aSchristos * Permission to use, copy, modify, and distribute this software for any 5cffc2a7aSchristos * purpose with or without fee is hereby granted, provided that the above 6cffc2a7aSchristos * copyright notice and this permission notice appear in all copies. 7cffc2a7aSchristos * 8cffc2a7aSchristos * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9cffc2a7aSchristos * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10cffc2a7aSchristos * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11cffc2a7aSchristos * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12cffc2a7aSchristos * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13cffc2a7aSchristos * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14cffc2a7aSchristos * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15cffc2a7aSchristos */ 1618e68bb4Schristos struct xaddr; 1718e68bb4Schristos 1818e68bb4Schristos struct per_source_penalty; 1918e68bb4Schristos 2018e68bb4Schristos void srclimit_init(int, int, int, int, 2118e68bb4Schristos struct per_source_penalty *, const char *); 22cffc2a7aSchristos int srclimit_check_allow(int, int); 23cffc2a7aSchristos void srclimit_done(int); 2418e68bb4Schristos 2518e68bb4Schristos #define SRCLIMIT_PENALTY_NONE 0 2618e68bb4Schristos #define SRCLIMIT_PENALTY_CRASH 1 2718e68bb4Schristos #define SRCLIMIT_PENALTY_AUTHFAIL 2 2818e68bb4Schristos #define SRCLIMIT_PENALTY_GRACE_EXCEEDED 3 2918e68bb4Schristos #define SRCLIMIT_PENALTY_NOAUTH 4 30*4ccc7cbcSchristos #define SRCLIMIT_PENALTY_REFUSECONNECTION 5 3118e68bb4Schristos 3218e68bb4Schristos /* meaningful exit values, used by sshd listener for penalties */ 3318e68bb4Schristos #define EXIT_LOGIN_GRACE 3 /* login grace period exceeded */ 3418e68bb4Schristos #define EXIT_CHILD_CRASH 4 /* preauth child crashed */ 3518e68bb4Schristos #define EXIT_AUTH_ATTEMPTED 5 /* at least one auth attempt made */ 36*4ccc7cbcSchristos #define EXIT_CONFIG_REFUSED 6 /* sshd_config RefuseConnection */ 3718e68bb4Schristos 3818e68bb4Schristos void srclimit_penalise(struct xaddr *, int); 3918e68bb4Schristos int srclimit_penalty_check_allow(int, const char **); 4018e68bb4Schristos void srclimit_penalty_info(void); 41