On Tue, Mar 16, 2010 at 17:01:22 -0700, Alan Coopersmith wrote:
> diff --git a/greeter/verify.c b/greeter/verify.c
> index 73493ca..6e3f14b 100644
> --- a/greeter/verify.c
> +++ b/greeter/verify.c
> @@ -350,6 +350,16 @@ Verify (struct display *d, struct greet_info *greet,
> struct verify_info *verify)
> return 0;
> }
>
> + /*
> + * Only accept root logins if allowRootLogin resource is not false
> + */
> + if ((p->pw_uid == 0) && !greet->allow_root_login) {
> + Debug("root logins not allowed\n");
> + if (greet->password != NULL)
> + bzero(greet->password, strlen(greet->password));
> + return 0;
> + }
> +
I guess there's no way to avoid having that code twice in Verify()?
On a related note, the /etc/shells check is also restricted to OpenBSD,
although it looks like it makes sense for more than that. Likewise for
the expired password check, I guess. Then again, PAM can check that for
me, so meh.
Cheers,
Julien
_______________________________________________
[email protected]: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
