diff options
Diffstat (limited to 'debian/patches/463_login_delay_obeys_to_PAM')
-rw-r--r-- | debian/patches/463_login_delay_obeys_to_PAM | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/debian/patches/463_login_delay_obeys_to_PAM b/debian/patches/463_login_delay_obeys_to_PAM new file mode 100644 index 0000000..414571a --- /dev/null +++ b/debian/patches/463_login_delay_obeys_to_PAM @@ -0,0 +1,97 @@ +Goal: Do not hardcode pam_fail_delay and let pam_unix do its + job to set a delay...or not + +Fixes: #87648 + +Status wrt upstream: Forwarded but not applied yet + +Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs + +--- a/src/login.c ++++ b/src/login.c +@@ -536,7 +536,6 @@ + #if defined(HAVE_STRFTIME) && !defined(USE_PAM) + char ptime[80]; + #endif +- unsigned int delay; + unsigned int retries; + bool subroot = false; + #ifndef USE_PAM +@@ -561,6 +560,7 @@ + pid_t child; + char *pam_user = NULL; + #else ++ unsigned int delay; + struct spwd *spwd = NULL; + #endif + /* +@@ -723,7 +723,6 @@ + } + + environ = newenvp; /* make new environment active */ +- delay = getdef_unum ("FAIL_DELAY", 1); + retries = getdef_unum ("LOGIN_RETRIES", RETRIES); + + #ifdef USE_PAM +@@ -739,8 +738,7 @@ + + /* + * hostname & tty are either set to NULL or their correct values, +- * depending on how much we know. We also set PAM's fail delay to +- * ours. ++ * depending on how much we know. + * + * PAM_RHOST and PAM_TTY are used for authentication, only use + * information coming from login or from the caller (e.g. no utmp) +@@ -749,10 +747,6 @@ + PAM_FAIL_CHECK; + retcode = pam_set_item (pamh, PAM_TTY, tty); + PAM_FAIL_CHECK; +-#ifdef HAS_PAM_FAIL_DELAY +- retcode = pam_fail_delay (pamh, 1000000 * delay); +- PAM_FAIL_CHECK; +-#endif + /* if fflg, then the user has already been authenticated */ + if (!fflg) { + unsigned int failcount = 0; +@@ -793,12 +787,6 @@ + bool failed = false; + + failcount++; +-#ifdef HAS_PAM_FAIL_DELAY +- if (delay > 0) { +- retcode = pam_fail_delay(pamh, 1000000*delay); +- PAM_FAIL_CHECK; +- } +-#endif + + retcode = pam_authenticate (pamh, 0); + +@@ -1121,14 +1109,17 @@ + free (username); + username = NULL; + ++#ifndef USE_PAM + /* + * Wait a while (a la SVR4 /usr/bin/login) before attempting + * to login the user again. If the earlier alarm occurs + * before the sleep() below completes, login will exit. + */ ++ delay = getdef_unum ("FAIL_DELAY", 1); + if (delay > 0) { + (void) sleep (delay); + } ++#endif + + (void) puts (_("Login incorrect")); + +--- a/lib/getdef.c ++++ b/lib/getdef.c +@@ -88,7 +88,6 @@ + {"ENV_PATH", NULL}, + {"ENV_SUPATH", NULL}, + {"ERASECHAR", NULL}, +- {"FAIL_DELAY", NULL}, + {"FAILLOG_ENAB", NULL}, + {"FAKE_SHELL", NULL}, + {"FTMP_FILE", NULL}, |