Browse Source

fixed auth tries

open and close the pam context between each authentication attempt to prevent
errors with consecutive authentications, this is a hack but I don't know a
better way.
noproxy
Alessandro Mauri 4 months ago
parent
commit
6c929ad26d
1 changed files with 16 additions and 11 deletions
  1. +16
    -11
      us.c

+ 16
- 11
us.c View File

@ -272,24 +272,29 @@ static int authenticate (const char *uname)
{
pam_handle_t *pamh;
int pam_err, count = 0;
pam_err = pam_start("User Switcher", uname, &conv, &pamh);
if (pam_err != PAM_SUCCESS) {
fprintf(stderr, "pam_start: %s\n", pam_strerror(pamh, pam_err));
return pam_err;
}
do {
pam_err = pam_start("User Switcher", uname, &conv, &pamh);
if (pam_err != PAM_SUCCESS) {
fprintf(stderr, "pam_start: %s\n", pam_strerror(pamh, pam_err));
return pam_err;
}
pam_err = pam_authenticate(pamh, 0);
if (pam_err != PAM_SUCCESS)
if (pam_err == PAM_SUCCESS) {
pam_err = pam_acct_mgmt(pamh, 0);
}
if (pam_err != PAM_SUCCESS) {
printf("Auth failed: %s\n", pam_strerror(pamh, pam_err));
// FIXME: count gets ignored because authentication service has
// a set amount of retries giving an error:
// Have exhausted maximum number of retries for service
pam_end(pamh, pam_err);
}
count++;
} while (pam_err != PAM_SUCCESS && count < 4);
} while (pam_err != PAM_SUCCESS && count < 3);
if (pam_err != PAM_SUCCESS) {
fprintf(stderr, "better luck next time\n");
pam_end(pamh, pam_err);
return pam_err;
}
// FIXME: check again for the validity of the login for more security


Loading…
Cancel
Save