- Test for pam_fail_delay() function in configure

- Recognise "username:" as a PAM prompt - Add some randomness to the auth-failure delay - Fix wrongly committed options.h/debug.h --HG-- extra : convert_revision : f242f0e66fb0ea5d3b374995d2f548d37dd8f3a3
author: Matt Johnston <matt@ucc.asn.au> 2009-09-08 14:53:53 +0000
committer: Matt Johnston <matt@ucc.asn.au> 2009-09-08 14:53:53 +0000
commit: 52551cb771e8cd1ba3b5eb137fc43b61bd35cd79 (patch)
tree: 98f548742f415989b50335bac93e46126a5777cf /svr-auth.c
parent: 4dfb834f7cd153cd90904c36dca314f5516beca2 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/svr-auth.c b/svr-auth.c
index 5da0aa7..9e468fa 100644
--- a/svr-auth.c
+++ b/svr-auth.c
@@ -33,6 +33,7 @@
 #include "packet.h"
 #include "auth.h"
 #include "runopts.h"
+#include "random.h"
 
 static void authclear();
 static int checkusername(unsigned char *username, unsigned int userlen);
@@ -337,7 +338,12 @@ void send_msg_userauth_failure(int partial, int incrfail) {
 	encrypt_packet();
 
 	if (incrfail) {
-		usleep(300000); /* XXX improve this */
+		unsigned int delay;
+		genrandom((unsigned char*)&delay, sizeof(delay));
+		/* We delay for 300ms +- 50ms, 0.1ms granularity */
+		delay = 250000 + (delay % 1000)*100;
+		usleep(delay);
+		dropbear_log(LOG_INFO, "delay is %d", delay);
 		ses.authstate.failcount++;
 	}
author	Matt Johnston <matt@ucc.asn.au>	2009-09-08 14:53:53 +0000
committer	Matt Johnston <matt@ucc.asn.au>	2009-09-08 14:53:53 +0000
commit	52551cb771e8cd1ba3b5eb137fc43b61bd35cd79 (patch)
tree	98f548742f415989b50335bac93e46126a5777cf /svr-auth.c
parent	4dfb834f7cd153cd90904c36dca314f5516beca2 (diff)