* src/login.c: Always check the return value of the pam_* APIs.

This commit is contained in:
nekral-guest 2008-09-20 21:17:26 +00:00
parent d400af51fa
commit 4d49f543dd
2 changed files with 24 additions and 6 deletions

View File

@ -1,3 +1,7 @@
2008-09-20 Nicolas François <nicolas.francois@centraliens.net>
* src/login.c: Always check the return value of the pam_* APIs.
2008-09-20 Nicolas François <nicolas.francois@centraliens.net> 2008-09-20 Nicolas François <nicolas.francois@centraliens.net>
* src/login.c: Use a dynamic buffer for usernames. * src/login.c: Use a dynamic buffer for usernames.

View File

@ -668,9 +668,11 @@ int main (int argc, char **argv)
/* if we didn't get a user on the command line, /* if we didn't get a user on the command line,
set it to NULL */ set it to NULL */
pam_get_item (pamh, PAM_USER, (const void **)ptr_pam_user); retcode = pam_get_item (pamh, PAM_USER, (const void **)ptr_pam_user);
PAM_FAIL_CHECK;
if (pam_user[0] == '\0') { if (pam_user[0] == '\0') {
pam_set_item (pamh, PAM_USER, NULL); retcode = pam_set_item (pamh, PAM_USER, NULL);
PAM_FAIL_CHECK;
} }
/* /*
@ -690,13 +692,19 @@ int main (int argc, char **argv)
#ifdef HAS_PAM_FAIL_DELAY #ifdef HAS_PAM_FAIL_DELAY
if (delay > 0) { if (delay > 0) {
retcode = pam_fail_delay(pamh, 1000000*delay); retcode = pam_fail_delay(pamh, 1000000*delay);
PAM_FAIL_CHECK;
} }
#endif #endif
retcode = pam_authenticate (pamh, 0); retcode = pam_authenticate (pamh, 0);
pam_get_item (pamh, PAM_USER, {
int saved_retcode = retcode;
retcode = pam_get_item (pamh, PAM_USER,
(const void **) ptr_pam_user); (const void **) ptr_pam_user);
PAM_FAIL_CHECK;
retcode = saved_retcode;
}
if ((NULL != pam_user) && ('\0' != pam_user[0])) { if ((NULL != pam_user) && ('\0' != pam_user[0])) {
pwd = xgetpwnam(pam_user); pwd = xgetpwnam(pam_user);
@ -759,8 +767,13 @@ int main (int argc, char **argv)
fprintf (stderr, "\nLogin incorrect\n"); fprintf (stderr, "\nLogin incorrect\n");
/* Let's give it another go around */ /*
pam_set_item (pamh, PAM_USER, NULL); * Let's give it another go around.
* Even if a username was given on the command
* line, prompt again for the username.
*/
retcode = pam_set_item (pamh, PAM_USER, NULL);
PAM_FAIL_CHECK;
} }
/* We don't get here unless they were authenticated above */ /* We don't get here unless they were authenticated above */
@ -778,6 +791,7 @@ int main (int argc, char **argv)
First get the username that we are actually using, though. First get the username that we are actually using, though.
*/ */
retcode = pam_get_item (pamh, PAM_USER, (const void **)ptr_pam_user); retcode = pam_get_item (pamh, PAM_USER, (const void **)ptr_pam_user);
PAM_FAIL_CHECK;
if (NULL != username) { if (NULL != username) {
free (username); free (username);
} }