1 files changed, 43 insertions, 32 deletions
diff --git a/debian/patches/463_login_delay_obeys_to_PAM b/debian/patches/Let-pam_unix-handle-login-failure-delays.patch
index ab32c2a..66f5063 100644
--- a/debian/patches/463_login_delay_obeys_to_PAM
+++ b/debian/patches/Let-pam_unix-handle-login-failure-delays.patch
@@ -1,5 +1,6 @@
-Goal: Do not hardcode pam_fail_delay and let pam_unix do its
-      job to set a delay...or not
+From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
+Date: Sat, 22 Jun 2024 17:39:41 +0200
+Subject: Let pam_unix handle login failure delays
 
 Fixes: #87648
 
@@ -7,25 +8,45 @@ Status wrt upstream: Forwarded but not applied yet
 
 Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
 
+Gbp-Topic: debian
+---
+ lib/getdef.c |  1 -
+ src/login.c  | 19 +++++--------------
+ 2 files changed, 5 insertions(+), 15 deletions(-)
+
+diff --git a/lib/getdef.c b/lib/getdef.c
+index 30f54ba..21307bb 100644
+--- a/lib/getdef.c
++++ b/lib/getdef.c
+@@ -84,7 +84,6 @@ static struct itemdef def_table[] = {
+ 	{"ENV_PATH", NULL},
+ 	{"ENV_SUPATH", NULL},
+ 	{"ERASECHAR", NULL},
+-	{"FAIL_DELAY", NULL},
+ 	{"FAKE_SHELL", NULL},
+ 	{"GID_MAX", NULL},
+ 	{"GID_MIN", NULL},
+diff --git a/src/login.c b/src/login.c
+index 9fed7b3..a5512d1 100644
 --- a/src/login.c
 +++ b/src/login.c
-@@ -512,7 +512,6 @@
- #if !defined(USE_PAM)
- 	char ptime[80];
- #endif
--	unsigned int delay;
- 	unsigned int retries;
- 	bool subroot = false;
- #ifndef USE_PAM
-@@ -537,6 +536,7 @@
- 	pid_t child;
- 	char *pam_user = NULL;
+@@ -490,7 +490,6 @@ int main (int argc, char **argv)
+ 	const char     *tmptty;
+ 	const char     *cp;
+ 	const char     *tmp;
+-	unsigned int   delay;
+ 	unsigned int   retries;
+ 	unsigned int   timeout;
+ 	struct passwd  *pwd = NULL;
+@@ -500,6 +499,7 @@ int main (int argc, char **argv)
+ 	char           *pam_user = NULL;
+ 	pid_t          child;
  #else
-+	unsigned int delay;
++	unsigned int   delay;
+ 	bool is_console;
  	struct spwd *spwd = NULL;
- #endif
- 	/*
-@@ -701,7 +701,6 @@
+ # if defined(ENABLE_LASTLOG)
+@@ -669,7 +669,6 @@ int main (int argc, char **argv)
  	}
  
  	environ = newenvp;	/* make new environment active */
@@ -33,7 +54,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
  	retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
  
  #ifdef USE_PAM
-@@ -717,8 +716,7 @@
+@@ -685,8 +684,7 @@ int main (int argc, char **argv)
  
  	/*
  	 * hostname & tty are either set to NULL or their correct values,
@@ -43,7 +64,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
  	 *
  	 * PAM_RHOST and PAM_TTY are used for authentication, only use
  	 * information coming from login or from the caller (e.g. no utmp)
-@@ -727,10 +725,6 @@
+@@ -695,10 +693,6 @@ int main (int argc, char **argv)
  	PAM_FAIL_CHECK;
  	retcode = pam_set_item (pamh, PAM_TTY, tty);
  	PAM_FAIL_CHECK;
@@ -53,8 +74,8 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
 -#endif
  	/* if fflg, then the user has already been authenticated */
  	if (!fflg) {
- 		unsigned int failcount = 0;
-@@ -771,12 +765,6 @@
+ 		char          hostn[256];
+@@ -736,12 +730,6 @@ int main (int argc, char **argv)
  			bool failed = false;
  
  			failcount++;
@@ -67,7 +88,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
  
  			retcode = pam_authenticate (pamh, 0);
  
-@@ -1110,14 +1098,17 @@
+@@ -1032,14 +1020,17 @@ int main (int argc, char **argv)
  		free (username);
  		username = NULL;
  
@@ -85,13 +106,3 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
  
  		(void) puts (_("Login incorrect"));
  
---- a/lib/getdef.c
-+++ b/lib/getdef.c
-@@ -77,7 +77,6 @@
- 	{"ENV_PATH", NULL},
- 	{"ENV_SUPATH", NULL},
- 	{"ERASECHAR", NULL},
--	{"FAIL_DELAY", NULL},
- 	{"FAILLOG_ENAB", NULL},
- 	{"FAKE_SHELL", NULL},
- 	{"FTMP_FILE", NULL},