fixed auth tries

open and close the pam context between each authentication attempt to prevent
errors with consecutive authentications, this is a hack but I don't know a
better way.
noproxy
Alessandro Mauri 4 years ago
parent c21ca28ae9
commit 6c929ad26d
  1. 19
      us.c

19
us.c

@ -272,24 +272,29 @@ static int authenticate (const char *uname)
{ {
pam_handle_t *pamh; pam_handle_t *pamh;
int pam_err, count = 0; int pam_err, count = 0;
do {
pam_err = pam_start("User Switcher", uname, &conv, &pamh); pam_err = pam_start("User Switcher", uname, &conv, &pamh);
if (pam_err != PAM_SUCCESS) { if (pam_err != PAM_SUCCESS) {
fprintf(stderr, "pam_start: %s\n", pam_strerror(pamh, pam_err)); fprintf(stderr, "pam_start: %s\n", pam_strerror(pamh, pam_err));
return pam_err; return pam_err;
} }
do {
pam_err = pam_authenticate(pamh, 0); pam_err = pam_authenticate(pamh, 0);
if (pam_err != PAM_SUCCESS) if (pam_err == PAM_SUCCESS) {
pam_err = pam_acct_mgmt(pamh, 0);
}
if (pam_err != PAM_SUCCESS) {
printf("Auth failed: %s\n", pam_strerror(pamh, pam_err)); printf("Auth failed: %s\n", pam_strerror(pamh, pam_err));
// FIXME: count gets ignored because authentication service has pam_end(pamh, pam_err);
// a set amount of retries giving an error: }
// Have exhausted maximum number of retries for service
count++; count++;
} while (pam_err != PAM_SUCCESS && count < 4); } while (pam_err != PAM_SUCCESS && count < 3);
if (pam_err != PAM_SUCCESS) { if (pam_err != PAM_SUCCESS) {
fprintf(stderr, "better luck next time\n"); fprintf(stderr, "better luck next time\n");
pam_end(pamh, pam_err);
return pam_err; return pam_err;
} }
// FIXME: check again for the validity of the login for more security // FIXME: check again for the validity of the login for more security

Loading…
Cancel
Save