Make sure that pwent gets set before calling audit_fail_login, otherwise

2008-01-05 Brian Cameron <brian.cameron@sun.com> * daemon/verify-pam.c: Make sure that pwent gets set before calling audit_fail_login, otherwise the audit record is not set properly. svn path=/branches/gnome-2-20/; revision=6650
author: Brian Cameron <brian.cameron@sun.com> 2009-01-06 00:23:21 +0000
committer: Brian Cameron <bcameron@src.gnome.org> 2009-01-06 00:23:21 +0000
commit: 4e7d75fae3210d524b1cce8b7fdc2174e6a27fe3 (patch)
tree: dfa36426eb598d3d3c1075d94b2a20121cb9cfaf
parent: afdb6ce1064c4bcb4412dcc6388baa6715af2e13 (diff)
download: gdm-4e7d75fae3210d524b1cce8b7fdc2174e6a27fe3.tar.gz
2 files changed, 27 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index b34d98b2..c73664c3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2008-01-05 Brian Cameron <brian.cameron@sun.com>
+
+	* daemon/verify-pam.c: Make sure that pwent gets set before
+	  calling audit_fail_login, otherwise the audit record is not
+	  set properly.
+
 2008-12-10 Brian Cameron <brian.cameron@sun.com>
 
 	* Release 2.20.9:
diff --git a/daemon/verify-pam.c b/daemon/verify-pam.c
index 3546ca8b..7c8ad4e2 100644
--- a/daemon/verify-pam.c
+++ b/daemon/verify-pam.c
@@ -1264,6 +1264,19 @@ gdm_verify_user (GdmDisplay *d,
 	return login;
 
  pamerr:
+	/*
+	 * Take care of situation where we get here before setting pwent.
+	 * Since login can be passed in as NULL, get the actual value if
+	 * possible.
+	 */
+	if ((pam_get_item (pamh, PAM_USER, &p)) == PAM_SUCCESS) {
+		g_free (login);
+		login = g_strdup ((const char *)p);
+	}
+	if (pwent == NULL && login != NULL) {
+		pwent = getpwnam (login);
+	}
+
 #ifdef  HAVE_ADT
 	audit_fail_login (d, pw_change, pwent, pamerr);
 #endif	/* HAVE_ADT */
@@ -1450,11 +1463,6 @@ gdm_verify_setup_user (GdmDisplay *d, const gchar *login, char **new_login)
 		*new_login = g_strdup (after_login);
 	}
 
-#ifdef  HAVE_ADT
-	/* to set up for same auditing calls as in gdm_verify_user */
-	pwent = getpwnam (login);
-#endif	/* HAVE_ADT */
-
 	/* Check if the user's account is healthy. */
 	pamerr = pam_acct_mgmt (pamh, null_tok);
 	switch (pamerr) {
@@ -1590,6 +1598,14 @@ gdm_verify_setup_user (GdmDisplay *d, const gchar *login, char **new_login)
 	return TRUE;
 
  setup_pamerr:
+	/*
+	 * Take care of situation where we get here before setting pwent.
+	 * Note login is never NULL when this function is called.
+	 */
+	if (pwent == NULL) {
+		pwent = getpwnam (login);
+	}
+
 #ifdef  HAVE_ADT
 	audit_fail_login (d, pw_change, pwent, pamerr);
 #endif	/* HAVE_ADT */
author	Brian Cameron <brian.cameron@sun.com>	2009-01-06 00:23:21 +0000
committer	Brian Cameron <bcameron@src.gnome.org>	2009-01-06 00:23:21 +0000
commit	4e7d75fae3210d524b1cce8b7fdc2174e6a27fe3 (patch)
tree	dfa36426eb598d3d3c1075d94b2a20121cb9cfaf
parent	afdb6ce1064c4bcb4412dcc6388baa6715af2e13 (diff)
download	gdm-4e7d75fae3210d524b1cce8b7fdc2174e6a27fe3.tar.gz