Allow blacklist to be disabled

There might be multiple clients using a single IP (e.g. NAT), which can make the blacklist do more harm than good. So add a setting to disable it if needed.
author: Pierre Ossman <ossman@cendio.se> 2019-03-25 14:10:25 +0100
committer: Pierre Ossman <ossman@cendio.se> 2019-03-25 14:10:25 +0100
commit: b0003b5c6931c6ee2abf9138150ac6f83deed1b0 (patch)
tree: c13d0c15730d7f3e2b8982098d951783e173063e /common/rfb
parent: 8e9e154db73e4aa656e05b11a9fc6b8d31d481cf (diff)
download: tigervnc-b0003b5c6931c6ee2abf9138150ac6f83deed1b0.tar.gz
tigervnc-b0003b5c6931c6ee2abf9138150ac6f83deed1b0.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/common/rfb/Blacklist.cxx b/common/rfb/Blacklist.cxx
index 243d173d..86917c14 100644
--- a/common/rfb/Blacklist.cxx
+++ b/common/rfb/Blacklist.cxx
@@ -20,6 +20,10 @@
 
 using namespace rfb;
 
+BoolParameter enabled("UseBlacklist",
+                      "Temporarily reject connections from a host if it "
+                      "repeatedly fails to authenticate.",
+                      true);
 IntParameter threshold("BlacklistThreshold",
                        "The number of unauthenticated connection attempts "
                        "allowed from any individual host before that host "
@@ -44,6 +48,9 @@ Blacklist::~Blacklist() {
 }
 
 bool Blacklist::isBlackmarked(const char* name) {
+  if (!enabled)
+    return false;
+
   BlacklistMap::iterator i = blm.find(name);
   if (i == blm.end()) {
     // Entry is not already black-marked.
author	Pierre Ossman <ossman@cendio.se>	2019-03-25 14:10:25 +0100
committer	Pierre Ossman <ossman@cendio.se>	2019-03-25 14:10:25 +0100
commit	b0003b5c6931c6ee2abf9138150ac6f83deed1b0 (patch)
tree	c13d0c15730d7f3e2b8982098d951783e173063e /common/rfb
parent	8e9e154db73e4aa656e05b11a9fc6b8d31d481cf (diff)
download	tigervnc-b0003b5c6931c6ee2abf9138150ac6f83deed1b0.tar.gz tigervnc-b0003b5c6931c6ee2abf9138150ac6f83deed1b0.zip