pause for some time on wrong password

us.c

@@ -61,6 +61,7 @@
 #define FLAG_NOLOG 0x4
 #define SESSION_FILE_DIR "/var/run"
 #define SESSION_TIMEOUT (60*5)
+#define FAIL_PAUSE 3
 
 struct env_elem {
 	char *name;
@@ -97,6 +98,17 @@ static int get_config(struct config **, int *);
 
 extern char **environ;
 char *config_file = "/etc/us.conf";
+int tty_fd = STDOUT_FILENO;
+struct termios tio_before = {0};
+
+void int_handler(int signum)
+{
+	(void)signum;
+	if (tio_before.c_iflag || tio_before.c_oflag || tio_before.c_iflag)
+		tcsetattr(tty_fd, TCSANOW, &tio_before);
+	putchar('\n');
+	exit(signum);
+}
 
 int main(int argc, char *argv[])
 {
@@ -106,6 +118,24 @@ int main(int argc, char *argv[])
 	struct user_info t_gr_info = {0}, t_pw_info = {0};
 	int opt, err;
 	int shellflag = 0, envflag = 0, askpass = 0;
+
+	/* Save the terminal setup, don't fail since we don't know if we'll
+	 * need it, save it because some shells don't reset termios upon
+	 * program exit, if we don't reset it after a SIGINT or SIGTERM then
+	 * the controlling terminal will be stuck in no echo */
+	if (tcgetattr(tty_fd, &tio_before) == -1) {
+		tio_before.c_iflag = 0;
+		tio_before.c_oflag = 0;
+		tio_before.c_cflag = 0;
+	}
+	struct sigaction action;
+	memset(&action, 0, sizeof(action));
+	action.sa_handler = int_handler;
+	if (sigaction(SIGINT, &action, NULL) == -1)
+		die("Error setting interrupt handler:");
+	if (sigaction(SIGTERM, &action, NULL) == -1)
+		die("Error setting interrupt handler:");
+	
 	while ((opt = getopt(argc, argv, "Au:g:C:seh")) != -1) {
 		switch (opt) {
 		case 'A':
@@ -487,7 +517,6 @@ static int authenticate(uid_t uid, int ask, int persist)
 	struct passwd *pw = getpwuid(uid);
 	char *hash_p, hash[MAX_HASH];
 	char *p = pw->pw_passwd;
-	int tty_fd = STDOUT_FILENO;
 
 	if (!strcmp(p, "x") || *p == '*' || *p == '!') {
 #if defined(__linux__)
@@ -519,7 +548,7 @@ static int authenticate(uid_t uid, int ask, int persist)
 	int fd = STDIN_FILENO;
 	char *askpass = getenv("US_ASKPASS");
 	char pass[PASS_MAX] = {0};
-	struct termios tio_before, tio_pass;
+	struct termios tio_pass;
 	if (ask && askpass) {
 		pid_t pid, parent = getpid();
 		int pipefd[2];
@@ -592,6 +621,7 @@ static int authenticate(uid_t uid, int ask, int persist)
 	/* Remove password from memory, just to be sure */
 	memset(pass, 0, PASS_MAX);
 	if (strncmp(hash, enc, PASS_MAX)) {
+		sleep(FAIL_PAUSE);
 		printf("Authentication failure\n");
 		setuid(uid);
 		return -1;
@@ -759,9 +789,9 @@ static int get_config(struct config **conf, int *num)
 				break;
 			switch (n) {
 			case 0:
-				if (!strcmp(t, "+"))
+				if (!strcmp(t, "permit"))
 					c.type = 1;
-				else if (!strcmp(t, "-"))
+				else if (!strcmp(t, "deny"))
 					c.type = 0;
 				else
 					die("non valid config line %d", i);

us.conf.5

@@ -13,7 +13,7 @@ configuration file.
 .PP
 The rules have the following format:
 .IP
-.BR "+|\-"
+.BR "permit|deny"
 .BR user
 as
 .BR target
@@ -67,7 +67,7 @@ The following example will allow root to execute commands as itself without
 requiring a password and without logging:
 .PP
 .EX
-+ root as root nopass nolog
+permit root as root nopass nolog
 .EE
 .PP
 This next example allows users in the wheel group to execute commands as
@@ -75,7 +75,7 @@ root including a new environment variable IS_WHEEL set to 'yes' and the variable
 EDITOR will be set to ed, the standard unix editor:
 .PP
 .EX
-+ :wheel as root IS_WHEEL=yes,EDITOR=ed
+permit :wheel as root IS_WHEEL=yes,EDITOR=ed
 .EE
 .PP
 In this example the user maria is allowed to execute commands as a member of
@@ -83,14 +83,14 @@ the group wheel and the session is remembered so that in the next five
 minutes the password won't be needed:
 .PP
 .EX
-+ maria as :wheel persist
+permit maria as :wheel persist
 .EE
 .PP
 This time the user joe is denied to execute commands as anyone who's member of
 the group 'coolppl' because joe is uncool
 .PP
 .EX
-- joe as :coolppl
+deny joe as :coolppl
 .EE
 
 .SH LIMITATIONS