[Pkg-shadow-commits] r2432 - in upstream/trunk: . src

[nekral-guest at alioth.debian.org]

Author: nekral-guest
Date: 2008-09-20 20:05:22 +0000 (Sat, 20 Sep 2008)
New Revision: 2432

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/src/login.c
Log:
	* src/login.c: Erase the username later since it it used for the
	fake password check (in case of empty password).


Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog	2008-09-20 20:03:04 UTC (rev 2431)
+++ upstream/trunk/ChangeLog	2008-09-20 20:05:22 UTC (rev 2432)
@@ -8,6 +8,8 @@
 	* src/login.c: Make sure a username is specified with -f.
 	* src/login.c: Explicitly tag the end of the #ifdef RLOGIN
 	sections.
+	* src/login.c: Erase the username later since it it used for the
+	fake password check (in case of empty password).
 
 2008-09-20  Nicolas François  <nicolas.francois at centraliens.net>
 

Modified: upstream/trunk/src/login.c
===================================================================
--- upstream/trunk/src/login.c	2008-09-20 20:03:04 UTC (rev 2431)
+++ upstream/trunk/src/login.c	2008-09-20 20:05:22 UTC (rev 2432)
@@ -975,14 +975,13 @@
 			failent.ut_type = USER_PROCESS;
 			failtmp (&failent);
 		}
-		free (username);
-		username = NULL;
 
 		retries--;
 		if (retries <= 0) {
 			SYSLOG ((LOG_CRIT, "REPEATED login failures%s",
 			         fromhost));
 		}
+
 		/*
 		 * If this was a passwordless account and we get here, login
 		 * was denied (securetty, faillog, etc.). There was no
@@ -995,6 +994,13 @@
 		}
 
 		/*
+		 * Authentication of this user failed.
+		 * The username must be confirmed in the next try.
+		 */
+		free (username);
+		username = NULL;
+
+		/*
 		 * Wait a while (a la SVR4 /usr/bin/login) before attempting
 		 * to login the user again. If the earlier alarm occurs
 		 * before the sleep() below completes, login will exit.