markow
/
ckpool
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Refuse auth attempts for progressively longer periods on failed attempts up to a maximum of 10mins

master
Con Kolivas 10 years ago
parent
21c7fcb2c2
commit
cf516c96e7
1 changed files with 19 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 20
      src/stratifier.c

20
src/stratifier.c
Unescape View File

@ -185,6 +185,8 @@ struct user_instance {
bool authorised; /* Has this username ever been authorised? */
time_t auth_time;
time_t failed_authtime; /* Last time this username failed to authorise */
int auth_backoff; /* How long to reject any auth attempts since last failure */
};
/* Combined data from workers with the same workername */
@ -2165,6 +2167,7 @@ static user_instance_t *generate_user(ckpool_t *ckp, stratum_instance_t *client,
if (!user) {
/* New user instance. Secondary user id will be NULL */
user = ckzalloc(sizeof(user_instance_t));
user->auth_backoff = 3; /* Set initial backoff to 3 seconds */
strcpy(user->username, username);
new_instance = true;
user->id = sdata->user_instance_id++;
@ -2385,8 +2388,17 @@ static json_t *parse_authorise(stratum_instance_t *client, json_t *params_val, j
ts_realtime(&now);
client->start_time = now.tv_sec;
strcpy(client->address, address);
client->workername = strdup(buf);
if (user_instance->failed_authtime) {
time_t now_t = time(NULL);
if (now_t < user_instance->failed_authtime + user_instance->auth_backoff) {
LOGNOTICE("Client %ld worker %s rate limited due to failed auth attempts",
client->id, buf);
client->dropped = true;
goto out;
}
}
if (CKP_STANDALONE(ckp))
ret = true;
else {
@ -2413,9 +2425,15 @@ static json_t *parse_authorise(stratum_instance_t *client, json_t *params_val, j
inc_worker(ckp, user_instance);
LOGNOTICE("Authorised client %ld worker %s as user %s", client->id, buf,
user_instance->username);
user_instance->auth_backoff = 3; /* Reset auth backoff time */
} else {
LOGNOTICE("Client %ld worker %s failed to authorise as user %s", client->id, buf,
user_instance->username);
user_instance->failed_authtime = time(NULL);
user_instance->auth_backoff <<= 1;
/* Cap backoff time to 10 mins */
if (user_instance->auth_backoff > 600)
user_instance->auth_backoff = 600;
}
out:
return json_boolean(ret);

Write Preview
Loading…
Cancel
Save