From: Thayne McCombs Date: Fri, 4 Sep 2020 08:33:54 +0000 (-0600) Subject: login: add option to not reset username on each attempt X-Git-Tag: v2.37-rc1~483 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=df09e21c244fd438c73aad12720993c6536ad009;p=thirdparty%2Futil-linux.git login: add option to not reset username on each attempt [kzak@redhat.com: - use different message on failed password] Addresses: https://github.com/karelzak/util-linux/pull/1138 Addresses: https://github.com/karelzak/util-linux/issues/6 Signed-off-by: Karel Zak --- diff --git a/login-utils/login.1 b/login-utils/login.1 index 9bebaa0dec..be770d19b0 100644 --- a/login-utils/login.1 +++ b/login-utils/login.1 @@ -225,6 +225,15 @@ value is .IR 3 . .RE .PP +.B LOGIN_KEEP_USERNAME +(boolean) +.RS 4 +Tell +.B login +to only re-prompt for the password if authentication failed, but the username is valid. The default value is +.IR no . +.RE +.PP .B FAIL_DELAY (number) .RS 4 diff --git a/login-utils/login.c b/login-utils/login.c index d11560a15e..248cfb2e30 100644 --- a/login-utils/login.c +++ b/login-utils/login.c @@ -826,7 +826,7 @@ static pam_handle_t *init_loginpam(struct login_context *cxt) static void loginpam_auth(struct login_context *cxt) { - int rc, show_unknown; + int rc, show_unknown, keep_username; unsigned int retries, failcount = 0; const char *hostname = cxt->hostname ? cxt->hostname : cxt->tty_name ? cxt->tty_name : ""; @@ -837,6 +837,7 @@ static void loginpam_auth(struct login_context *cxt) show_unknown = getlogindefs_bool("LOG_UNKFAIL_ENAB", 0); retries = getlogindefs_num("LOGIN_RETRIES", LOGIN_MAX_TRIES); + keep_username = getlogindefs_bool("LOGIN_KEEP_USERNAME", 0); /* * There may be better ways to deal with some of these conditions, but @@ -871,9 +872,13 @@ static void loginpam_auth(struct login_context *cxt) log_btmp(cxt); log_audit(cxt, 0); - fprintf(stderr, _("Login incorrect\n\n")); - pam_set_item(pamh, PAM_USER, NULL); + if (!keep_username || rc == PAM_USER_UNKNOWN) { + pam_set_item(pamh, PAM_USER, NULL); + fprintf(stderr, _("Login incorrect\n\n")); + } else + fprintf(stderr, _("Password incorrect\n\n")); + rc = pam_authenticate(pamh, 0); }