From 4d49f543ddb95d5e95b3e6c9adc2f937b4a04710 Mon Sep 17 00:00:00 2001
From: nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
Date: Sat, 20 Sep 2008 21:17:26 +0000
Subject: [PATCH] 	* src/login.c: Always check the return value of the
 pam_* APIs.

---
 ChangeLog   |  4 ++++
 src/login.c | 26 ++++++++++++++++++++------
 2 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8cd81110..f0b4a8d5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2008-09-20  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* src/login.c: Always check the return value of the pam_* APIs.
+
 2008-09-20  Nicolas François  <nicolas.francois@centraliens.net>
 
 	* src/login.c: Use a dynamic buffer for usernames.
diff --git a/src/login.c b/src/login.c
index 2b4d8482..5cde73ab 100644
--- a/src/login.c
+++ b/src/login.c
@@ -668,9 +668,11 @@ int main (int argc, char **argv)
 
 		/* if we didn't get a user on the command line,
 		   set it to NULL */
-		pam_get_item (pamh, PAM_USER, (const void **)ptr_pam_user);
+		retcode = pam_get_item (pamh, PAM_USER, (const void **)ptr_pam_user);
+		PAM_FAIL_CHECK;
 		if (pam_user[0] == '\0') {
-			pam_set_item (pamh, PAM_USER, NULL);
+			retcode = pam_set_item (pamh, PAM_USER, NULL);
+			PAM_FAIL_CHECK;
 		}
 
 		/*
@@ -690,13 +692,19 @@ int main (int argc, char **argv)
 #ifdef HAS_PAM_FAIL_DELAY
 			if (delay > 0) {
 				retcode = pam_fail_delay(pamh, 1000000*delay);
+				PAM_FAIL_CHECK;
 			}
 #endif
 
 			retcode = pam_authenticate (pamh, 0);
 
-			pam_get_item (pamh, PAM_USER,
-			              (const void **) ptr_pam_user);
+			{
+				int saved_retcode = retcode;
+				retcode = pam_get_item (pamh, PAM_USER,
+				                        (const void **) ptr_pam_user);
+				PAM_FAIL_CHECK;
+				retcode = saved_retcode;
+			}
 
 			if ((NULL != pam_user) && ('\0' != pam_user[0])) {
 				pwd = xgetpwnam(pam_user);
@@ -759,8 +767,13 @@ int main (int argc, char **argv)
 
 			fprintf (stderr, "\nLogin incorrect\n");
 
-			/* Let's give it another go around */
-			pam_set_item (pamh, PAM_USER, NULL);
+			/*
+			 * Let's give it another go around.
+			 * Even if a username was given on the command
+			 * line, prompt again for the username.
+			 */
+			retcode = pam_set_item (pamh, PAM_USER, NULL);
+			PAM_FAIL_CHECK;
 		}
 
 		/* We don't get here unless they were authenticated above */
@@ -778,6 +791,7 @@ int main (int argc, char **argv)
 	   First get the username that we are actually using, though.
 	 */
 	retcode = pam_get_item (pamh, PAM_USER, (const void **)ptr_pam_user);
+	PAM_FAIL_CHECK;
 	if (NULL != username) {
 		free (username);
 	}