From 0efdbf96fa747eb2d9a1577d86b9f9e9c79004c6 Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Wed, 5 Sep 2018 07:43:09 +0000 Subject: [PATCH] - PAM delay patch from Debian --- pam-login-delay.patch | 90 +++++++++++++++++++++++++++++++++++++++++++ shadow.spec | 2 + 2 files changed, 92 insertions(+) create mode 100644 pam-login-delay.patch diff --git a/pam-login-delay.patch b/pam-login-delay.patch new file mode 100644 index 0000000..550039c --- /dev/null +++ b/pam-login-delay.patch @@ -0,0 +1,90 @@ +diff -urpa shadow-4.6.orig/lib/getdef.c shadow-4.6/lib/getdef.c +--- shadow-4.6.orig/lib/getdef.c 2018-04-29 16:42:37.000000000 +0000 ++++ shadow-4.6/lib/getdef.c 2018-09-04 14:28:30.649949349 +0000 +@@ -86,7 +86,6 @@ static struct itemdef def_table[] = { + {"ENV_PATH", NULL}, + {"ENV_SUPATH", NULL}, + {"ERASECHAR", NULL}, +- {"FAIL_DELAY", NULL}, + {"FAKE_SHELL", NULL}, + {"GID_MAX", NULL}, + {"GID_MIN", NULL}, +diff -urpa shadow-4.6.orig/src/login.c shadow-4.6/src/login.c +--- shadow-4.6.orig/src/login.c 2018-04-29 16:42:37.000000000 +0000 ++++ shadow-4.6/src/login.c 2018-09-04 14:27:39.281949927 +0000 +@@ -525,7 +525,6 @@ int main (int argc, char **argv) + #if defined(HAVE_STRFTIME) && !defined(USE_PAM) + char ptime[80]; + #endif +- unsigned int delay; + unsigned int retries; + bool subroot = false; + #ifndef USE_PAM +@@ -546,6 +545,7 @@ int main (int argc, char **argv) + pid_t child; + char *pam_user = NULL; + #else ++ unsigned int delay; + struct spwd *spwd = NULL; + #endif + /* +@@ -708,7 +708,6 @@ int main (int argc, char **argv) + } + + environ = newenvp; /* make new environment active */ +- delay = getdef_unum ("FAIL_DELAY", 1); + retries = getdef_unum ("LOGIN_RETRIES", RETRIES); + + #ifdef USE_PAM +@@ -724,8 +723,7 @@ int main (int argc, char **argv) + + /* + * hostname & tty are either set to NULL or their correct values, +- * depending on how much we know. We also set PAM's fail delay to +- * ours. ++ * depending on how much we know. + * + * PAM_RHOST and PAM_TTY are used for authentication, only use + * information coming from login or from the caller (e.g. no utmp) +@@ -734,10 +732,6 @@ int main (int argc, char **argv) + PAM_FAIL_CHECK; + retcode = pam_set_item (pamh, PAM_TTY, tty); + PAM_FAIL_CHECK; +-#ifdef HAS_PAM_FAIL_DELAY +- retcode = pam_fail_delay (pamh, 1000000 * delay); +- PAM_FAIL_CHECK; +-#endif + /* if fflg, then the user has already been authenticated */ + if (!fflg) { + unsigned int failcount = 0; +@@ -778,12 +772,6 @@ int main (int argc, char **argv) + bool failed = false; + + failcount++; +-#ifdef HAS_PAM_FAIL_DELAY +- if (delay > 0) { +- retcode = pam_fail_delay(pamh, 1000000*delay); +- PAM_FAIL_CHECK; +- } +-#endif + + retcode = pam_authenticate (pamh, 0); + +@@ -1073,14 +1061,17 @@ int main (int argc, char **argv) + free (username); + username = NULL; + ++#ifndef USE_PAM + /* + * Wait a while (a la SVR4 /usr/bin/login) before attempting + * to login the user again. If the earlier alarm occurs + * before the sleep() below completes, login will exit. + */ ++ delay = getdef_unum ("FAIL_DELAY", 1); + if (delay > 0) { + (void) sleep (delay); + } ++#endif + + (void) puts (_("Login incorrect")); + diff --git a/shadow.spec b/shadow.spec index f5de466..b0c39d7 100644 --- a/shadow.spec +++ b/shadow.spec @@ -36,6 +36,7 @@ Source23: usermod.pamd Patch0: %{name}-tld.patch # allow names with upper case letters or containing dot in the middle Patch1: %{name}-goodname.patch +Patch2: pam-login-delay.patch URL: https://github.com/shadow-maint/shadow BuildRequires: acl-devel BuildRequires: attr-devel @@ -121,6 +122,7 @@ utilitários e senhas shadow em geral. %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 %build # NOTE: -- 2.44.0