From 52551cb771e8cd1ba3b5eb137fc43b61bd35cd79 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Tue, 8 Sep 2009 14:53:53 +0000
Subject: - Test for pam_fail_delay() function in configure - Recognise
 "username:" as a PAM prompt - Add some randomness to the auth-failure delay -
 Fix wrongly committed options.h/debug.h

--HG--
extra : convert_revision : f242f0e66fb0ea5d3b374995d2f548d37dd8f3a3
---
 svr-auth.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'svr-auth.c')

diff --git a/svr-auth.c b/svr-auth.c
index 5da0aa7..9e468fa 100644
--- a/svr-auth.c
+++ b/svr-auth.c
@@ -33,6 +33,7 @@
 #include "packet.h"
 #include "auth.h"
 #include "runopts.h"
+#include "random.h"
 
 static void authclear();
 static int checkusername(unsigned char *username, unsigned int userlen);
@@ -337,7 +338,12 @@ void send_msg_userauth_failure(int partial, int incrfail) {
 	encrypt_packet();
 
 	if (incrfail) {
-		usleep(300000); /* XXX improve this */
+		unsigned int delay;
+		genrandom((unsigned char*)&delay, sizeof(delay));
+		/* We delay for 300ms +- 50ms, 0.1ms granularity */
+		delay = 250000 + (delay % 1000)*100;
+		usleep(delay);
+		dropbear_log(LOG_INFO, "delay is %d", delay);
 		ses.authstate.failcount++;
 	}
 
-- 
cgit v1.2.3