+ for (i = 0; i < countof(methods); i++)
+ {
+ if (!methods[i].initted_p)
+ continue;
+
+ if (si->cached_passwd != NULL && methods[i].valid_p)
+ si->unlock_state = (methods[i].valid_p(si->cached_passwd, verbose_p) == True)
+ ? ul_success : ul_fail;
+ else if (methods[i].try_unlock != NULL)
+ methods[i].try_unlock(si, verbose_p, methods[i].valid_p);
+ else if (methods[i].valid_p)
+ try_unlock_password(si, verbose_p, methods[i].valid_p);
+ else /* Ze goggles, zey do nozing! */
+ fprintf(stderr, "%s: authentication method %s does nothing.\n",
+ blurb(), methods[i].name);
+
+ check_for_leaks (methods[i].name);
+
+ /* If password authentication failed, but the password was NULL
+ (meaning the user just hit RET) then treat that as "cancel".
+ This means that if the password is literally NULL, it will
+ work; but if not, then NULL passwords are treated as cancel.
+ */
+ if (si->unlock_state == ul_fail &&
+ si->cached_passwd &&
+ !*si->cached_passwd)
+ {
+ fprintf (stderr, "%s: assuming null password means cancel.\n",
+ blurb());
+ si->unlock_state = ul_cancel;
+ }
+
+ if (si->unlock_state == ul_success)
+ {
+ /* If we successfully authenticated by method N, but attempting
+ to authenticate by method N-1 failed, mention that (since if
+ an earlier authentication method fails and a later one succeeds,
+ something screwy is probably going on.)
+ */
+ if (verbose_p && i > 0)
+ {
+ for (j = 0; j < i; j++)
+ if (methods[j].initted_p)
+ fprintf (stderr,
+ "%s: authentication via %s failed.\n",
+ blurb(), methods[j].name);
+ fprintf (stderr,
+ "%s: authentication via %s succeeded.\n",
+ blurb(), methods[i].name);
+ }
+ goto DONE; /* Successfully authenticated! */
+ }
+ else if (si->unlock_state == ul_cancel ||
+ si->unlock_state == ul_time)
+ {
+ /* If any auth method gets a cancel or timeout, don't try the
+ next auth method! We're done! */
+ fprintf (stderr,
+ "%s: authentication via %s %s.\n",
+ blurb(), methods[i].name,
+ (si->unlock_state == ul_cancel
+ ? "cancelled" : "timed out"));
+ goto DONE;
+ }
+ }