[Pkg-shadow-commits] r2432 - in upstream/trunk: . src
nekral-guest at alioth.debian.org
nekral-guest at alioth.debian.org
Sat Sep 20 20:05:24 UTC 2008
Author: nekral-guest
Date: 2008-09-20 20:05:22 +0000 (Sat, 20 Sep 2008)
New Revision: 2432
Modified:
upstream/trunk/ChangeLog
upstream/trunk/src/login.c
Log:
* src/login.c: Erase the username later since it it used for the
fake password check (in case of empty password).
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2008-09-20 20:03:04 UTC (rev 2431)
+++ upstream/trunk/ChangeLog 2008-09-20 20:05:22 UTC (rev 2432)
@@ -8,6 +8,8 @@
* src/login.c: Make sure a username is specified with -f.
* src/login.c: Explicitly tag the end of the #ifdef RLOGIN
sections.
+ * src/login.c: Erase the username later since it it used for the
+ fake password check (in case of empty password).
2008-09-20 Nicolas François <nicolas.francois at centraliens.net>
Modified: upstream/trunk/src/login.c
===================================================================
--- upstream/trunk/src/login.c 2008-09-20 20:03:04 UTC (rev 2431)
+++ upstream/trunk/src/login.c 2008-09-20 20:05:22 UTC (rev 2432)
@@ -975,14 +975,13 @@
failent.ut_type = USER_PROCESS;
failtmp (&failent);
}
- free (username);
- username = NULL;
retries--;
if (retries <= 0) {
SYSLOG ((LOG_CRIT, "REPEATED login failures%s",
fromhost));
}
+
/*
* If this was a passwordless account and we get here, login
* was denied (securetty, faillog, etc.). There was no
@@ -995,6 +994,13 @@
}
/*
+ * Authentication of this user failed.
+ * The username must be confirmed in the next try.
+ */
+ free (username);
+ username = NULL;
+
+ /*
* Wait a while (a la SVR4 /usr/bin/login) before attempting
* to login the user again. If the earlier alarm occurs
* before the sleep() below completes, login will exit.
More information about the Pkg-shadow-commits
mailing list