diff options
author | Karel Zak | 2012-02-10 14:47:59 +0100 |
---|---|---|
committer | Karel Zak | 2012-02-10 14:47:59 +0100 |
commit | fab1f6717e5b90755dd30dd37eceec3d14526ee6 (patch) | |
tree | b49e4ed2a609a28deab0a5d343bbe890151e9f34 /login-utils | |
parent | setsid: add "+" to getopt_long() (diff) | |
download | kernel-qcow2-util-linux-fab1f6717e5b90755dd30dd37eceec3d14526ee6.tar.gz kernel-qcow2-util-linux-fab1f6717e5b90755dd30dd37eceec3d14526ee6.tar.xz kernel-qcow2-util-linux-fab1f6717e5b90755dd30dd37eceec3d14526ee6.zip |
login: add LOGIN_RETRIES, cleanup retries check code
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'login-utils')
-rw-r--r-- | login-utils/login.1 | 5 | ||||
-rw-r--r-- | login-utils/login.c | 7 |
2 files changed, 9 insertions, 3 deletions
diff --git a/login-utils/login.1 b/login-utils/login.1 index d5d372d88..26cd951ac 100644 --- a/login-utils/login.1 +++ b/login-utils/login.1 @@ -150,6 +150,11 @@ PAM module. Max time in seconds for login. The default value is 60. .RE .PP +\fBLOGIN_RETRIES\fR (number) +.RS 4 +Maximum number of login retries in case of bad password. +.RE +.PP \fBFAIL_DELAY\fR (number) .RS 4 Delay in seconds before being allowed another three tries after a login diff --git a/login-utils/login.c b/login-utils/login.c index 80d287d97..84d8b1bdb 100644 --- a/login-utils/login.c +++ b/login-utils/login.c @@ -761,7 +761,7 @@ static pam_handle_t *init_loginpam(struct login_context *cxt) static void loginpam_auth(struct login_context *cxt) { - int rc, failcount = 0, show_unknown; + int rc, failcount = 0, show_unknown, retries; const char *hostname = cxt->hostname ? cxt->hostname : cxt->tty_name ? cxt->tty_name : "<unknown>"; pam_handle_t *pamh = cxt->pamh; @@ -770,17 +770,18 @@ static void loginpam_auth(struct login_context *cxt) loginpam_get_username(pamh, &cxt->username); show_unknown = getlogindefs_bool("LOG_UNKFAIL_ENAB", 0); + retries = getlogindefs_num("LOGIN_RETRIES", LOGIN_MAX_TRIES); /* * There may be better ways to deal with some of these conditions, but * at least this way I don't think we'll be giving away information... * * Perhaps someday we can trust that all PAM modules will pay attention - * to failure count and get rid of MAX_LOGIN_TRIES? + * to failure count and get rid of LOGIN_MAX_TRIES? */ rc = pam_authenticate(pamh, 0); - while ((failcount++ < LOGIN_MAX_TRIES) && + while ((++failcount < retries) && ((rc == PAM_AUTH_ERR) || (rc == PAM_USER_UNKNOWN) || (rc == PAM_CRED_INSUFFICIENT) || |