From 72cb2bc73e71f54c2223bb78af29fee888590b53 Mon Sep 17 00:00:00 2001
From: "mkanat%bugzilla.org" <>
Date: Sun, 13 Dec 2009 20:46:24 +0000
Subject: Bug 355283: Lock out a user account on a particular IP for 30 minutes
 if they fail to log in 5 times from that IP. Patch by Max Kanat-Alexander
 <mkanat@bugzilla.org> r=LpSolit, a=LpSolit

---
 Bugzilla/Constants.pm | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'Bugzilla/Constants.pm')

diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm
index 0be6d1efa..e052d2ecb 100644
--- a/Bugzilla/Constants.pm
+++ b/Bugzilla/Constants.pm
@@ -55,6 +55,7 @@ use File::Basename;
     AUTH_LOGINFAILED
     AUTH_DISABLED
     AUTH_NO_SUCH_USER
+    AUTH_LOCKOUT
 
     USER_PASSWORD_MIN_LENGTH
 
@@ -149,6 +150,8 @@ use File::Basename;
 
     MAX_TOKEN_AGE
     MAX_LOGINCOOKIE_AGE
+    MAX_LOGIN_ATTEMPTS
+    LOGIN_LOCKOUT_INTERVAL
 
     SAFE_PROTOCOLS
     LEGAL_CONTENT_TYPES
@@ -227,6 +230,7 @@ use constant AUTH_ERROR => 2;
 use constant AUTH_LOGINFAILED => 3;
 use constant AUTH_DISABLED => 4;
 use constant AUTH_NO_SUCH_USER  => 5;
+use constant AUTH_LOCKOUT => 6;
 
 # The minimum length a password must have.
 use constant USER_PASSWORD_MIN_LENGTH => 6;
@@ -373,6 +377,12 @@ use constant MAX_TOKEN_AGE => 3;
 # How many days a logincookie will remain valid if not used.
 use constant MAX_LOGINCOOKIE_AGE => 30;
 
+# Maximum failed logins to lock account for this IP
+use constant MAX_LOGIN_ATTEMPTS => 5;
+# If the maximum login attempts occur during this many minutes, the
+# account is locked.
+use constant LOGIN_LOCKOUT_INTERVAL => 30;
+
 # Protocols which are considered as safe.
 use constant SAFE_PROTOCOLS => ('afs', 'cid', 'ftp', 'gopher', 'http', 'https',
                                 'irc', 'mid', 'news', 'nntp', 'prospero', 'telnet',
-- 
cgit v1.2.3-24-g4f1b