diff options
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | libpam/pam_delay.c | 15 |
2 files changed, 15 insertions, 2 deletions
diff --git a/configure.ac b/configure.ac index 7721ae20..44b37f5f 100644 --- a/configure.ac +++ b/configure.ac @@ -638,7 +638,7 @@ AC_CHECK_FUNCS(explicit_bzero memset_explicit) AC_CHECK_FUNCS([ruserok_af ruserok], [break]) AC_CHECK_FUNCS(close_range) -dnl For module/pam_timestamp +dnl For libpam/pam_delay and modules/pam_timestamp AC_CHECK_HEADERS([sys/random.h]) dnl May require libbsd/libSystem on non-Linux platforms AC_CHECK_FUNCS(getrandom) diff --git a/libpam/pam_delay.c b/libpam/pam_delay.c index 67b7d73b..357ae276 100644 --- a/libpam/pam_delay.c +++ b/libpam/pam_delay.c @@ -18,6 +18,10 @@ #include <unistd.h> #include <time.h> +#ifdef HAVE_SYS_RANDOM_H +#include <sys/random.h> +#endif + /* ********************************************************************** * initialize the time as unset, this is set on the return from the * authenticating pair of the libpam pam_XXX calls. @@ -52,11 +56,20 @@ void _pam_start_timer(pam_handle_t *pamh) * in C'. It is *not* a cryptographically strong generator, but it is * probably "good enough" for our purposes here. * - * /dev/random might be a better place to look for some numbers... + * If getrandom is available, retrieve random number from there. */ static unsigned int _pam_rand(unsigned int seed) { +#ifdef HAVE_GETRANDOM + unsigned int value; + + if (getrandom(&value, sizeof(value), GRND_NONBLOCK) == + (ssize_t) sizeof(value)) { + return value; + } +#endif + #define N1 1664525 #define N2 1013904223 return N1*seed + N2; |