From 1a0b84e0f346822d930ce2e0b4ffec44a3813bb9 Mon Sep 17 00:00:00 2001
From: Mattias Andrée <maandree@operamail.com>
Date: Mon, 25 Nov 2013 05:05:25 +0100
Subject: prevent the user from skipping the failure sleep
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Mattias Andrée <maandree@operamail.com>
---
 src/auth/crypt.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/auth/crypt.c')

diff --git a/src/auth/crypt.c b/src/auth/crypt.c
index 27238e2..325af81 100644
--- a/src/auth/crypt.c
+++ b/src/auth/crypt.c
@@ -28,6 +28,7 @@
 #include <sys/types.h>
 #include <pwd.h>
 #include <string.h>
+#include <termios.h>
 #ifdef HAVE_SHADOW
 #include <shadow.h>
 #endif
@@ -83,6 +84,7 @@ char authenticate_crypt(void)
   struct passwd* passwd_entry = NULL;
   char* crypted;
   char* entered;
+  struct termios stty;
   
 #ifdef HAVE_SHADOW
   shadow_entry = getspnam(login_username);
@@ -115,6 +117,12 @@ char authenticate_crypt(void)
   if (entered && !strcmp(entered, crypted))
     return 0;
   
+  /* Clear ISIG (and everything else) to prevent the user
+   * from skipping the brute force protection sleep. */
+  tcgetattr(STDIN_FILENO, &stty);
+  stty.c_lflag = 0;
+  tcsetattr(STDIN_FILENO, TCSAFLUSH, &stty);
+  
   printf("Incorrect passphrase\n");
   sleep(FAILURE_SLEEP);
   _exit(1);
-- 
cgit v1.2.3-70-g09d2