vlock: introduce short delays after non-fatal PAM errors

Add a short delay after PAM errors like PAM_AUTH_ERR that are likely
to be non-fatal, so that in case when they are fatal, there would be
a delay between continuous attempts that are doomed to fail.

For example, fatal PAM configuration errors like unreadable
/etc/pam.d/vlock file usually result to immediate PAM_AUTH_ERR,
the same error as returned by more likely authentication error
due to incorrect password.

diff --git a/src/vlock/auth.c b/src/vlock/auth.c
index 76945c0..da135ce 100644 (file)
--- a/src/vlock/auth.c
+++ b/src/vlock/auth.c
@@ -35,6 +35,8 @@
 
 /* Delay after fatal PAM errors, in seconds. */
 #define        LONG_DELAY      10
+/* Delay after other PAM errors, in seconds. */
+#define        SHORT_DELAY     1
 
 static int
 do_account_password_management (pam_handle_t *pamh)
@@ -117,6 +119,7 @@ get_password (pam_handle_t * pamh, const char *username, const char *tty)
                                        fflush (stdout);
                                        pam_end (pamh, rc);
                                        pamh = 0;
+                                       sleep (SHORT_DELAY);
                                        break;
                                }
 
@@ -135,7 +138,7 @@ get_password (pam_handle_t * pamh, const char *username, const char *tty)
                                if (is_vt || isatty (STDIN_FILENO))
                                {
                                        /* Ignore error. */
-                                       sleep (1);
+                                       sleep (SHORT_DELAY);
                                        break;
                                }
 
@@ -162,6 +165,7 @@ get_password (pam_handle_t * pamh, const char *username, const char *tty)
                        default:
                                printf ("%s.\n\n\n", pam_strerror (pamh, rc));
                                fflush (stdout);
+                               sleep (SHORT_DELAY);
                }
        }
 }