diff options
| author | Karel Zak | 2012-02-10 14:47:59 +0100 |
|---|---|---|
| committer | Karel Zak | 2012-02-10 14:47:59 +0100 |
| commit | fab1f6717e5b90755dd30dd37eceec3d14526ee6 (patch) | |
| tree | b49e4ed2a609a28deab0a5d343bbe890151e9f34 /login-utils/login.c | |
| parent | setsid: add "+" to getopt_long() (diff) | |
| download | kernel-qcow2-util-linux-fab1f6717e5b90755dd30dd37eceec3d14526ee6.tar.gz kernel-qcow2-util-linux-fab1f6717e5b90755dd30dd37eceec3d14526ee6.tar.xz kernel-qcow2-util-linux-fab1f6717e5b90755dd30dd37eceec3d14526ee6.zip | |
login: add LOGIN_RETRIES, cleanup retries check code
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'login-utils/login.c')
| -rw-r--r-- | login-utils/login.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/login-utils/login.c b/login-utils/login.c index 80d287d97..84d8b1bdb 100644 --- a/login-utils/login.c +++ b/login-utils/login.c @@ -761,7 +761,7 @@ static pam_handle_t *init_loginpam(struct login_context *cxt) static void loginpam_auth(struct login_context *cxt) { - int rc, failcount = 0, show_unknown; + int rc, failcount = 0, show_unknown, retries; const char *hostname = cxt->hostname ? cxt->hostname : cxt->tty_name ? cxt->tty_name : "<unknown>"; pam_handle_t *pamh = cxt->pamh; @@ -770,17 +770,18 @@ static void loginpam_auth(struct login_context *cxt) loginpam_get_username(pamh, &cxt->username); show_unknown = getlogindefs_bool("LOG_UNKFAIL_ENAB", 0); + retries = getlogindefs_num("LOGIN_RETRIES", LOGIN_MAX_TRIES); /* * There may be better ways to deal with some of these conditions, but * at least this way I don't think we'll be giving away information... * * Perhaps someday we can trust that all PAM modules will pay attention - * to failure count and get rid of MAX_LOGIN_TRIES? + * to failure count and get rid of LOGIN_MAX_TRIES? */ rc = pam_authenticate(pamh, 0); - while ((failcount++ < LOGIN_MAX_TRIES) && + while ((++failcount < retries) && ((rc == PAM_AUTH_ERR) || (rc == PAM_USER_UNKNOWN) || (rc == PAM_CRED_INSUFFICIENT) || |