pam-login-delay.patch

   1 diff -urpa shadow-4.15.1.orig/lib/getdef.c shadow-4.15.1/lib/getdef.c
   2 --- shadow-4.15.1.orig/lib/getdef.c     2024-03-23 21:32:25.000000000 +0100
   3 +++ shadow-4.15.1/lib/getdef.c  2024-04-02 13:16:27.781730965 +0200
   4 @@ -83,7 +83,6 @@ static struct itemdef def_table[] = {
   5         {"ENV_PATH", NULL},
   6         {"ENV_SUPATH", NULL},
   7         {"ERASECHAR", NULL},
   8 -       {"FAIL_DELAY", NULL},
   9         {"FAKE_SHELL", NULL},
  10         {"GID_MAX", NULL},
  11         {"GID_MIN", NULL},
  12 diff -urpa shadow-4.15.1.orig/src/login.c shadow-4.15.1/src/login.c
  13 --- shadow-4.15.1.orig/src/login.c      2024-03-24 00:33:29.000000000 +0100
  14 +++ shadow-4.15.1/src/login.c   2024-04-02 13:17:10.550309495 +0200
  15 @@ -489,7 +489,6 @@ int main (int argc, char **argv)
  16         const char     *tmptty;
  17         const char     *cp;
  18         const char     *tmp;
  19 -       unsigned int   delay;
  20         unsigned int   retries;
  21         unsigned int   timeout;
  22         struct passwd  *pwd = NULL;
  23 @@ -500,6 +499,7 @@ int main (int argc, char **argv)
  24         pid_t          child;
  25  #else
  26         bool is_console;
  27 +       unsigned int   delay;
  28         struct spwd *spwd = NULL;
  29  # if defined(ENABLE_LASTLOG)
  30         char           ptime[80];
  31 @@ -667,7 +667,6 @@ int main (int argc, char **argv)
  32         }
  33
  34         environ = newenvp;      /* make new environment active */
  35 -       delay   = getdef_unum ("FAIL_DELAY", 1);
  36         retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
  37
  38  #ifdef USE_PAM
  39 @@ -683,8 +682,7 @@ int main (int argc, char **argv)
  40
  41         /*
  42          * hostname & tty are either set to NULL or their correct values,
  43 -        * depending on how much we know. We also set PAM's fail delay to
  44 -        * ours.
  45 +        * depending on how much we know.
  46          *
  47          * PAM_RHOST and PAM_TTY are used for authentication, only use
  48          * information coming from login or from the caller (e.g. no utmp)
  49 @@ -693,10 +691,6 @@ int main (int argc, char **argv)
  50         PAM_FAIL_CHECK;
  51         retcode = pam_set_item (pamh, PAM_TTY, tty);
  52         PAM_FAIL_CHECK;
  53 -#ifdef HAS_PAM_FAIL_DELAY
  54 -       retcode = pam_fail_delay (pamh, 1000000 * delay);
  55 -       PAM_FAIL_CHECK;
  56 -#endif
  57         /* if fflg, then the user has already been authenticated */
  58         if (!fflg) {
  59                 char          hostn[256];
  60 @@ -734,12 +728,6 @@ int main (int argc, char **argv)
  61                         bool failed = false;
  62
  63                         failcount++;
  64 -#ifdef HAS_PAM_FAIL_DELAY
  65 -                       if (delay > 0) {
  66 -                               retcode = pam_fail_delay(pamh, 1000000*delay);
  67 -                               PAM_FAIL_CHECK;
  68 -                       }
  69 -#endif
  70
  71                         retcode = pam_authenticate (pamh, 0);
  72
  73 @@ -1029,14 +1017,17 @@ int main (int argc, char **argv)
  74                 free (username);
  75                 username = NULL;
  76
  77 +#ifndef USE_PAM
  78                 /*
  79                  * Wait a while (a la SVR4 /usr/bin/login) before attempting
  80                  * to login the user again. If the earlier alarm occurs
  81                  * before the sleep() below completes, login will exit.
  82                  */
  83 +               delay = getdef_unum ("FAIL_DELAY", 1);
  84                 if (delay > 0) {
  85                         (void) sleep (delay);
  86                 }
  87 +#endif
  88
  89                 (void) puts (_("Login incorrect"));
  90