[Bug 1058] Updating protected password database in HP-UX

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Jun 29 16:23:23 EST 2005


------- Additional Comments From dtucker at zip.com.au  2005-06-29 16:23 -------
(From update of attachment 932)
>+                pr=getprpwnam((char *)username);
>+                if(!pr->uflg.fg_nlogins)

You need to check getprpwnam for failure (ie pr == NULL) otherwise this will
segfault if getprpwnam fails.

>+                        pr->uflg.fg_nlogins=1;

The man pages (putprpwnam, from memory) say that you must copy and update the
record rather than mangling the one that getprpwnam returns.

>+if(!authctxt->postponed && !authenticated && options.use_pam && strcmp(method,"
>none") && strcmp(method, "password") && strcmp(method, "challenge-res
>+ponse") && strcmp(method, "keyboard-interactive/pam"))
>+       PRIVSEP(update_trusted_badlogins(authctxt->user));

Why not use the CUSTOM_FAILED_LOGIN hook?  That's what it's for, and would not
require as much code.

In principle, I'm OK with updating the failed login counter for Trusted Mode.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-bugs mailing list