prevent the user from skipping the failure sleep

Signed-off-by: Mattias Andrée <maandree@operamail.com>

2 files changed, 16 insertions, 0 deletions

diff --git a/src/auth/crypt.c b/src/auth/crypt.c
index 27238e2..325af81 100644
--- a/src/auth/crypt.c
+++ b/src/auth/crypt.c
@@ -28,6 +28,7 @@
 #include <sys/types.h>
 #include <pwd.h>
 #include <string.h>
+#include <termios.h>
 #ifdef HAVE_SHADOW
 #include <shadow.h>
 #endif
@@ -83,6 +84,7 @@ char authenticate_crypt(void)
   struct passwd* passwd_entry = NULL;
   char* crypted;
   char* entered;
+  struct termios stty;
   
 #ifdef HAVE_SHADOW
   shadow_entry = getspnam(login_username);
@@ -115,6 +117,12 @@ char authenticate_crypt(void)
   if (entered && !strcmp(entered, crypted))
     return 0;
   
+  /* Clear ISIG (and everything else) to prevent the user
+   * from skipping the brute force protection sleep. */
+  tcgetattr(STDIN_FILENO, &stty);
+  stty.c_lflag = 0;
+  tcsetattr(STDIN_FILENO, TCSAFLUSH, &stty);
+  
   printf("Incorrect passphrase\n");
   sleep(FAILURE_SLEEP);
   _exit(1);
diff --git a/src/auth/pam.c b/src/auth/pam.c
index e02aed1..c4f38e9 100644
--- a/src/auth/pam.c
+++ b/src/auth/pam.c
@@ -20,6 +20,7 @@
 #include <unistd.h>
 #include <signal.h>
 #include <string.h>
+#include <termios.h>
 #include <security/pam_appl.h>
 #include <security/pam_misc.h>
 
@@ -214,6 +215,13 @@ char authenticate_pam(void)
   
   if (__failed(rc = pam_authenticate(handle, 0)))
     {
+      /* Clear ISIG (and everything else) to prevent the user
+       * from skipping the brute force protection sleep. */
+      struct termios stty;
+      tcgetattr(STDIN_FILENO, &stty);
+      stty.c_lflag = 0;
+      tcsetattr(STDIN_FILENO, TCSAFLUSH, &stty);
+      
       printf("Incorrect passphrase\n");
       pam_end(handle, rc);
       sleep(FAILURE_SLEEP);