1141N/AFrom 504bb1aee60d570d8676a61acbe32c66d6069c45 Mon Sep 17 00:00:00 2001
1141N/AFrom: Dmitry V. Levin <ldv@altlinux.org>
1141N/ADate: Tue, 12 Jan 2010 14:38:33 +0000
1141N/ASubject: [PATCH:xdm] greeter: fix logging of failed login attempts
1141N/A
1141N/AWhen PAM rejects a login attempt, the "username" variable remains
1141N/Auninitialized, which results to garbage being syslogged instead of
1141N/Alogin name. Explicit initialization helps to avoid this issue.
1141N/A
1141N/AFixes FreeDesktop Bug #26015 <https://bugs.freedesktop.org/show_bug.cgi?id=26015>
1141N/A
1141N/ASigned-off-by: Dmitry V. Levin <ldv@altlinux.org>
1141N/ASigned-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
1141N/A---
1141N/A greeter/greet.c | 2 +-
1141N/A 1 files changed, 1 insertions(+), 1 deletions(-)
1141N/A
1141N/Adiff --git a/greeter/greet.c b/greeter/greet.c
1141N/Aindex 61c7a52..f4c972b 100644
1141N/A--- a/greeter/greet.c
1141N/A+++ b/greeter/greet.c
1141N/A@@ -500,7 +500,7 @@ greet_user_rtn GreetUser(
1141N/A struct myconv_data pcd = { d, greet, NULL };
1141N/A struct pam_conv pc = { pamconv, &pcd };
1141N/A const char * pam_fname;
1141N/A- char * username;
1141N/A+ char * username = NULL;
1141N/A const char * login_prompt;
1141N/A
1141N/A
1141N/A
1141N/A--
1141N/A1.7.3.2
1141N/A
1141N/AFrom afc752d1c483e77de9aa3cb9532a67d95fd27dd9 Mon Sep 17 00:00:00 2001
1141N/AFrom: Alan Coopersmith <alan.coopersmith@sun.com>
1141N/ADate: Tue, 16 Mar 2010 11:23:30 -0700
1141N/ASubject: [PATCH:xdm] Make sure username is not NULL when calling syslog from FailedLogin()
1141N/A
1141N/ASigned-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
1141N/A---
1141N/A greeter/greet.c | 7 ++++++-
1141N/A 1 files changed, 6 insertions(+), 1 deletions(-)
1141N/A
1141N/Adiff --git a/greeter/greet.c b/greeter/greet.c
1141N/Aindex 7f235ef..1afe2f1 100644
1141N/A--- a/greeter/greet.c
1141N/A+++ b/greeter/greet.c
1141N/A@@ -410,9 +410,14 @@ static void
1141N/A FailedLogin (struct display *d, struct greet_info *greet)
1141N/A {
1141N/A #ifdef USE_SYSLOG
1141N/A+ const char *username = greet->name;
1141N/A+
1141N/A+ if (username == NULL)
1141N/A+ username = "username unavailable";
1141N/A+
1141N/A syslog(LOG_AUTHPRIV|LOG_NOTICE,
1141N/A "LOGIN FAILURE ON %s, %s",
1141N/A- d->name, greet->name);
1141N/A+ d->name, username);
1141N/A #endif
1141N/A DrawFail (login);
1141N/A #ifndef USE_PAM
1141N/A--
1141N/A1.7.3.2
1141N/A
1141N/A
1141N/AFrom e7986c0bc2ce191ddf27b385585454e946838805 Mon Sep 17 00:00:00 2001
1141N/AFrom: Alan Coopersmith <alan.coopersmith@oracle.com>
1141N/ADate: Thu, 2 Jun 2011 21:39:16 -0700
1141N/ASubject: [PATCH:xdm] Stop using username retrieved from PAM before pam_end frees it.
1141N/A
1141N/AThe first time a failed login message was syslogged it had the right
1141N/Ausername, but subsequent ones kept reusing that pointer, even though
1141N/APAM had freed it and it may have been reused and filled with something
1141N/Aelse, resulting in garbage user names for the later login failures.
1141N/A
1141N/ASigned-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
1141N/A---
1141N/A greeter/greet.c | 4 ++++
1141N/A 1 files changed, 4 insertions(+), 0 deletions(-)
1141N/A
1141N/Adiff --git a/greeter/greet.c b/greeter/greet.c
1141N/Aindex 5182650..8426a65 100644
1141N/A--- a/greeter/greet.c
1141N/A+++ b/greeter/greet.c
1141N/A@@ -615,6 +615,10 @@ greet_user_rtn GreetUser(
1141N/A greet->name = username;
1141N/A }
1141N/A FailedLogin (d, greet);
1141N/A+ if (greet->name == username) {
1141N/A+ /* pam_end frees the value returned by pam_get_item */
1141N/A+ greet->name = NULL;
1141N/A+ }
1141N/A RUN_AND_CHECK_PAM_ERROR(pam_end,
1141N/A (*pamhp, pam_error));
1141N/A }
1141N/A--
1141N/A1.7.3.2
1141N/A