Hello community, here is the log from the commit of package pam-modules for openSUSE:Factory checked in at 2016-04-11 10:27:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pam-modules (Old) and /work/SRC/openSUSE:Factory/.pam-modules.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pam-modules" Changes: -------- --- /work/SRC/openSUSE:Factory/pam-modules/pam-modules.changes 2014-08-20 10:50:45.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.pam-modules.new/pam-modules.changes 2016-04-11 10:27:10.000000000 +0200 @@ -1,0 +2,7 @@ +Tue Mar 15 14:12:43 UTC 2016 - [email protected] + +- unix2_chkpwd helper + * read delay on failure from login.defs (FAIL_DELAY) + * decrease default "password-cracker deterrent" delay to 100ms + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam-modules.spec ++++++ --- /var/tmp/diff_new_pack.2fthQu/_old 2016-04-11 10:27:11.000000000 +0200 +++ /var/tmp/diff_new_pack.2fthQu/_new 2016-04-11 10:27:11.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package pam-modules # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++++++ unix2_chkpwd.c ++++++ --- /var/tmp/diff_new_pack.2fthQu/_old 2016-04-11 10:27:11.000000000 +0200 +++ /var/tmp/diff_new_pack.2fthQu/_new 2016-04-11 10:27:11.000000000 +0200 @@ -26,6 +26,16 @@ #include <signal.h> #include <fcntl.h> #include <ctype.h> +#include <errno.h> + +#define BUFLEN 1024 +#ifndef LOGINDEFS +#define LOGINDEFS "/etc/login.defs" +#endif +#define LOGINDEFS_FAIL_DELAY_KEY "FAIL_DELAY" +#define DEFAULT_FAIL_DELAY_S 10 + +#define PASSWD_CRACKER_DELAY_MS 100 enum { UNIX_PASSED = 0, @@ -208,6 +218,44 @@ return access(path, R_OK) == 0; } +static int +get_system_fail_delay (void) +{ + FILE *fs; + char buf[BUFLEN]; + long int delay = -1; + char *s; + int l; + + fs = fopen(LOGINDEFS, "r"); + if (NULL == fs) { + goto bail_out; + } + + while ((NULL != fgets(buf, BUFLEN, fs)) && (-1 == delay)) { + if (!strstr(buf, LOGINDEFS_FAIL_DELAY_KEY)) { + continue; + } + s = buf + strspn(buf, " \t"); + l = strcspn(s, " \t"); + if (strncmp(LOGINDEFS_FAIL_DELAY_KEY, s, l)) { + continue; + } + s += l; + s += strspn(s, " \t"); + errno = 0; + delay = strtol(s, NULL, 10); + if (errno) { + delay = -1; + } + break; + } + fclose (fs); +bail_out: + delay = (delay < 0) ? DEFAULT_FAIL_DELAY_S : delay; + return (int)delay; +} + int main(int argc, char *argv[]) { @@ -282,8 +330,8 @@ result = _authenticate(service, user); /* Discourage use of this program as a * password cracker */ - usleep(500000); + usleep(PASSWD_CRACKER_DELAY_MS * 1000); if (result != UNIX_PASSED && uid != 0) - sleep(5); + sleep(get_system_fail_delay()); return result; }
