* src/login.c: Always check the return value of the pam_* APIs.
This commit is contained in:
parent
d400af51fa
commit
4d49f543dd
@ -1,3 +1,7 @@
|
||||
2008-09-20 Nicolas François <nicolas.francois@centraliens.net>
|
||||
|
||||
* src/login.c: Always check the return value of the pam_* APIs.
|
||||
|
||||
2008-09-20 Nicolas François <nicolas.francois@centraliens.net>
|
||||
|
||||
* src/login.c: Use a dynamic buffer for usernames.
|
||||
|
24
src/login.c
24
src/login.c
@ -668,9 +668,11 @@ int main (int argc, char **argv)
|
||||
|
||||
/* if we didn't get a user on the command line,
|
||||
set it to NULL */
|
||||
pam_get_item (pamh, PAM_USER, (const void **)ptr_pam_user);
|
||||
retcode = pam_get_item (pamh, PAM_USER, (const void **)ptr_pam_user);
|
||||
PAM_FAIL_CHECK;
|
||||
if (pam_user[0] == '\0') {
|
||||
pam_set_item (pamh, PAM_USER, NULL);
|
||||
retcode = pam_set_item (pamh, PAM_USER, NULL);
|
||||
PAM_FAIL_CHECK;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -690,13 +692,19 @@ int main (int argc, char **argv)
|
||||
#ifdef HAS_PAM_FAIL_DELAY
|
||||
if (delay > 0) {
|
||||
retcode = pam_fail_delay(pamh, 1000000*delay);
|
||||
PAM_FAIL_CHECK;
|
||||
}
|
||||
#endif
|
||||
|
||||
retcode = pam_authenticate (pamh, 0);
|
||||
|
||||
pam_get_item (pamh, PAM_USER,
|
||||
{
|
||||
int saved_retcode = retcode;
|
||||
retcode = pam_get_item (pamh, PAM_USER,
|
||||
(const void **) ptr_pam_user);
|
||||
PAM_FAIL_CHECK;
|
||||
retcode = saved_retcode;
|
||||
}
|
||||
|
||||
if ((NULL != pam_user) && ('\0' != pam_user[0])) {
|
||||
pwd = xgetpwnam(pam_user);
|
||||
@ -759,8 +767,13 @@ int main (int argc, char **argv)
|
||||
|
||||
fprintf (stderr, "\nLogin incorrect\n");
|
||||
|
||||
/* Let's give it another go around */
|
||||
pam_set_item (pamh, PAM_USER, NULL);
|
||||
/*
|
||||
* Let's give it another go around.
|
||||
* Even if a username was given on the command
|
||||
* line, prompt again for the username.
|
||||
*/
|
||||
retcode = pam_set_item (pamh, PAM_USER, NULL);
|
||||
PAM_FAIL_CHECK;
|
||||
}
|
||||
|
||||
/* We don't get here unless they were authenticated above */
|
||||
@ -778,6 +791,7 @@ int main (int argc, char **argv)
|
||||
First get the username that we are actually using, though.
|
||||
*/
|
||||
retcode = pam_get_item (pamh, PAM_USER, (const void **)ptr_pam_user);
|
||||
PAM_FAIL_CHECK;
|
||||
if (NULL != username) {
|
||||
free (username);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user