98N/AFrom 504bb1aee60d570d8676a61acbe32c66d6069c45 Mon Sep 17 00:00:00 2001
98N/AFrom: Dmitry V. Levin <ldv@altlinux.org>
1246N/ADate: Tue, 12 Jan 2010 14:38:33 +0000
98N/ASubject: [PATCH:xdm] greeter: fix logging of failed login attempts
919N/AWhen PAM rejects a login attempt, the "username" variable remains
919N/Auninitialized, which results to garbage being syslogged instead of
919N/Alogin name. Explicit initialization helps to avoid this issue.
919N/ASigned-off-by: Dmitry V. Levin <ldv@altlinux.org>
919N/ASigned-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
919N/A 1 files changed, 1 insertions(+), 1 deletions(-)
919N/A@@ -500,7 +500,7 @@ greet_user_rtn GreetUser(
98N/A struct myconv_data pcd = { d, greet, NULL };
98N/A struct pam_conv pc = { pamconv, &pcd };
98N/A const char * pam_fname;
810N/A+ char * username = NULL;
810N/A const char * login_prompt;
354N/AFrom afc752d1c483e77de9aa3cb9532a67d95fd27dd9 Mon Sep 17 00:00:00 2001
354N/AFrom: Alan Coopersmith <alan.coopersmith@sun.com>
354N/ADate: Tue, 16 Mar 2010 11:23:30 -0700
354N/ASubject: [PATCH:xdm] Make sure username is not NULL when calling syslog from FailedLogin()
810N/ASigned-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
354N/A 1 files changed, 6 insertions(+), 1 deletions(-)
810N/Aindex 7f235ef..1afe2f1 100644
810N/A@@ -410,9 +410,14 @@ static void
1029N/A FailedLogin (struct display *d, struct greet_info *greet)
1123N/A+ const char *username = greet->name;
810N/A+ username = "username unavailable";
810N/A syslog(LOG_AUTHPRIV|LOG_NOTICE,
810N/A- d->name, greet->name);
810N/AFrom e7986c0bc2ce191ddf27b385585454e946838805 Mon Sep 17 00:00:00 2001
851N/AFrom: Alan Coopersmith <alan.coopersmith@oracle.com>
810N/ADate: Thu, 2 Jun 2011 21:39:16 -0700
810N/ASubject: [PATCH:xdm] Stop using username retrieved from PAM before pam_end frees it.
810N/AThe first time a failed login message was syslogged it had the right
810N/Ausername, but subsequent ones kept reusing that pointer, even though
810N/APAM had freed it and it may have been reused and filled with something
851N/Aelse, resulting in garbage user names for the later login failures.
851N/ASigned-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
810N/A 1 files changed, 4 insertions(+), 0 deletions(-)
810N/Aindex 5182650..8426a65 100644
1246N/A@@ -615,6 +615,10 @@ greet_user_rtn GreetUser(
851N/A FailedLogin (d, greet);
851N/A+ if (greet->name == username) {
851N/A+ /* pam_end frees the value returned by pam_get_item */
98N/A RUN_AND_CHECK_PAM_ERROR(pam_end,