← Back to branch summary

~ubuntu-branches/ubuntu/raring/shadow/raring-proposed

« back to all changes in this revision

Viewing changes to debian/patches/463_login_delay_obeys_to_PAM

  • Committer: Bazaar Package Importer
  • Author(s): Kees Cook
  • Date: 2009-05-05 09:45:21 UTC
  • mfrom: (1.1.6 upstream)
  • Revision ID: james.westby@ubuntu.com-20090505094521-wpk2wn3q7957tlah
Tags: 1:4.1.3.1-1ubuntu1
* Merge from debian unstable, remaining changes:
  - Ubuntu specific:
    + debian/login.defs: use SHA512 by default for password crypt routine.
  - debian/patches/stdout-encrypted-password.patch: chpasswd can report
    password hashes on stdout (debian bug 505640).
  - debian/login.pam: Enable SELinux support (debian bug 527106).
  - debian/securetty.linux: support Freescale MX-series (debian bug 527095).
* Add debian/patches/300_lastlog_failure: fixed upstream (debian bug 524873).
* Drop debian/patches/593_omit_lastchange_field_if_clock_is_misset: fixed
  upstream.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/463_login_delay_obeys_to_PAM
12
12
--- shadow-4.1.0.orig/src/login.c
13
13
+++ shadow-4.1.0/src/login.c
14
14
@@ -331,7 +331,6 @@
 
15
 #if defined(HAVE_STRFTIME) && !defined(USE_PAM)
15
16
        char ptime[80];
16
17
 #endif
17
 
        int reason = PW_LOGIN;
18
18
-       int delay;
19
19
        int retries;
20
 
        int failed;
21
 
        int flag;
 
20
        bool failed;
 
21
        bool subroot = false;
22
22
@@ -354,6 +353,7 @@
23
23
        char *pam_user;
24
24
        char **ptr_pam_user = &pam_user;
28
28
 #endif
29
29
        /*
30
30
@@ -578,7 +578,6 @@
31
 
                        alarm (timeout);
 
31
        }
32
32
 
33
 
                environ = newenvp;      /* make new environment active */
34
 
-               delay = getdef_num ("FAIL_DELAY", 1);
35
 
                retries = getdef_num ("LOGIN_RETRIES", RETRIES);
 
33
        environ = newenvp;      /* make new environment active */
 
34
-       delay = getdef_num ("FAIL_DELAY", 1);
 
35
        retries = getdef_num ("LOGIN_RETRIES", RETRIES);
36
36
 
37
37
 #ifdef USE_PAM
38
38
@@ -594,17 +593,12 @@
39
39
 
40
 
                /*
41
 
                 * hostname & tty are either set to NULL or their correct values,
42
 
-                * depending on how much we know. We also set PAM's fail delay to
43
 
-                * ours.
44
 
+                * depending on how much we know.
45
 
                 */
46
 
                retcode = pam_set_item (pamh, PAM_RHOST, hostname);
47
 
                PAM_FAIL_CHECK;
48
 
                retcode = pam_set_item (pamh, PAM_TTY, tty);
49
 
                PAM_FAIL_CHECK;
50
 
-#ifdef HAVE_PAM_FAIL_DELAY
51
 
-               retcode = pam_fail_delay (pamh, 1000000 * delay);
52
 
-               PAM_FAIL_CHECK;
53
 
-#endif
54
 
                /* if fflg == 1, then the user has already been authenticated */
55
 
                if (!fflg || (getuid () != 0)) {
56
 
                        int failcount = 0;
57
 
@@ -645,8 +639,6 @@
58
 
                          failed = 0;
59
 
 
60
 
                          failcount++;
61
 
-                         if (delay > 0)
62
 
-                           retcode = pam_fail_delay(pamh, 1000000*delay);
63
 
 
64
 
                          retcode = pam_authenticate (pamh, 0);
65
 
 
66
 
@@ -956,13 +948,16 @@
67
 
                if (pwent.pw_passwd[0] == '\0')
 
40
        /*
 
41
         * hostname & tty are either set to NULL or their correct values,
 
42
-        * depending on how much we know. We also set PAM's fail delay to
 
43
-        * ours.
 
44
+        * depending on how much we know.
 
45
         */
 
46
        retcode = pam_set_item (pamh, PAM_RHOST, hostname);
 
47
        PAM_FAIL_CHECK;
 
48
        retcode = pam_set_item (pamh, PAM_TTY, tty);
 
49
        PAM_FAIL_CHECK;
 
50
-#ifdef HAS_PAM_FAIL_DELAY
 
51
-       retcode = pam_fail_delay (pamh, 1000000 * delay);
 
52
-       PAM_FAIL_CHECK;
 
53
-#endif
 
54
        /* if fflg, then the user has already been authenticated */
 
55
        if (!fflg || (getuid () != 0)) {
 
56
                int failcount = 0;
 
57
@@ -645,12 +639,6 @@
 
58
                        failed = false;
 
59
 
 
60
                        failcount++;
 
61
-#ifdef HAS_PAM_FAIL_DELAY
 
62
-                       if (delay > 0) {
 
63
-                               retcode = pam_fail_delay(pamh, 1000000*delay);
 
64
-                               PAM_FAIL_CHECK;
 
65
-                       }
 
66
-#endif
 
67
 
 
68
                        retcode = pam_authenticate (pamh, 0);
 
69
 
 
70
@@ -956,14 +948,17 @@
68
71
                        pw_auth ("!", username, reason, (char *) 0);
 
72
                }
69
73
 
70
74
+#ifndef USE_PAM
71
75
                /*
74
78
                 * before the sleep() below completes, login will exit.
75
79
                 */
76
80
+               delay = getdef_num ("FAIL_DELAY", 1);
77
 
                if (delay > 0)
 
81
                if (delay > 0) {
78
82
                        sleep (delay);
 
83
                }
79
84
+#endif
80
85
 
81
86
                puts (_("Login incorrect"));