[Pkg-shadow-commits] r2434 - in upstream/trunk: . src

nekral-guest at alioth.debian.org nekral-guest at alioth.debian.org
Sat Sep 20 21:17:28 UTC 2008 

Author: nekral-guest
Date: 2008-09-20 21:17:26 +0000 (Sat, 20 Sep 2008)
New Revision: 2434

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/src/login.c
Log:
	* src/login.c: Always check the return value of the pam_* APIs.


Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog	2008-09-20 20:20:19 UTC (rev 2433)
+++ upstream/trunk/ChangeLog	2008-09-20 21:17:26 UTC (rev 2434)
@@ -1,5 +1,9 @@
 2008-09-20  Nicolas François  <nicolas.francois at centraliens.net>
 
+	* src/login.c: Always check the return value of the pam_* APIs.
+
+2008-09-20  Nicolas François  <nicolas.francois at centraliens.net>
+
 	* src/login.c: Use a dynamic buffer for usernames.
 	* src/login.c: Copy the name of the user authenticated by PAM to
 	username. This simplify later logging (avoid USE_PAM

Modified: upstream/trunk/src/login.c
===================================================================
--- upstream/trunk/src/login.c	2008-09-20 20:20:19 UTC (rev 2433)
+++ upstream/trunk/src/login.c	2008-09-20 21:17:26 UTC (rev 2434)
@@ -668,9 +668,11 @@
 
 		/* if we didn't get a user on the command line,
 		   set it to NULL */
-		pam_get_item (pamh, PAM_USER, (const void **)ptr_pam_user);
+		retcode = pam_get_item (pamh, PAM_USER, (const void **)ptr_pam_user);
+		PAM_FAIL_CHECK;
 		if (pam_user[0] == '\0') {
-			pam_set_item (pamh, PAM_USER, NULL);
+			retcode = pam_set_item (pamh, PAM_USER, NULL);
+			PAM_FAIL_CHECK;
 		}
 
 		/*
@@ -690,13 +692,19 @@
 #ifdef HAS_PAM_FAIL_DELAY
 			if (delay > 0) {
 				retcode = pam_fail_delay(pamh, 1000000*delay);
+				PAM_FAIL_CHECK;
 			}
 #endif
 
 			retcode = pam_authenticate (pamh, 0);
 
-			pam_get_item (pamh, PAM_USER,
-			              (const void **) ptr_pam_user);
+			{
+				int saved_retcode = retcode;
+				retcode = pam_get_item (pamh, PAM_USER,
+				                        (const void **) ptr_pam_user);
+				PAM_FAIL_CHECK;
+				retcode = saved_retcode;
+			}
 
 			if ((NULL != pam_user) && ('\0' != pam_user[0])) {
 				pwd = xgetpwnam(pam_user);
@@ -759,8 +767,13 @@
 
 			fprintf (stderr, "\nLogin incorrect\n");
 
-			/* Let's give it another go around */
-			pam_set_item (pamh, PAM_USER, NULL);
+			/*
+			 * Let's give it another go around.
+			 * Even if a username was given on the command
+			 * line, prompt again for the username.
+			 */
+			retcode = pam_set_item (pamh, PAM_USER, NULL);
+			PAM_FAIL_CHECK;
 		}
 
 		/* We don't get here unless they were authenticated above */
@@ -778,6 +791,7 @@
 	   First get the username that we are actually using, though.
 	 */
 	retcode = pam_get_item (pamh, PAM_USER, (const void **)ptr_pam_user);
+	PAM_FAIL_CHECK;
 	if (NULL != username) {
 		free (username);
 	}

More information about the Pkg-shadow-commits mailing list