X-Git-Url: http://git.hungrycats.org/cgi-bin/gitweb.cgi?p=xscreensaver;a=blobdiff_plain;f=driver%2Fpasswd.c;h=066bc81f9c608d6a0178c5be12605b30556efaaf;hp=99fdee08c62744b45d5df7a307dee208fa071613;hb=6b1c86cf395f59389e4ece4ea8f4bea2c332745b;hpb=488f2fa8fbdbc77e91a70da2962d73af49e6cace

diff --git a/driver/passwd.c b/driver/passwd.c
index 99fdee08..066bc81f 100644
--- a/driver/passwd.c
+++ b/driver/passwd.c
@@ -23,8 +23,19 @@
 # include <unistd.h>
 #endif
 
+#ifndef VMS
+# include <pwd.h>		/* for getpwuid() */
+#else /* VMS */
+# include "vms-pwd.h"
+#endif /* VMS */
+
+#ifdef HAVE_SYSLOG
+# include <syslog.h>
+#endif /* HAVE_SYSLOG */
+
 #include <X11/Intrinsic.h>
 
+#include "xscreensaver.h"
 #include "auth.h"
 
 extern const char *blurb(void);
@@ -159,6 +170,9 @@ try_unlock_password(saver_info *si,
 
   memset(&message, 0, sizeof(message));
 
+  if (verbose_p)
+    fprintf(stderr, "%s: non-PAM password auth.\n", blurb());
+
   /* Call the auth_conv function with "Password:", then feed
    * the result into valid_p()
    */
@@ -170,7 +184,13 @@ try_unlock_password(saver_info *si,
   if (!response)
     return;
 
-  si->unlock_state = valid_p(response->response, verbose_p) ? ul_success : ul_fail;
+  if (valid_p (response->response, verbose_p))
+    si->unlock_state = ul_success;	       /* yay */
+  else if (si->unlock_state == ul_cancel ||
+           si->unlock_state == ul_time)
+    ;					       /* more specific failures ok */
+  else
+    si->unlock_state = ul_fail;		       /* generic failure */
 
   if (response->response)
     free(response->response);
@@ -178,6 +198,48 @@ try_unlock_password(saver_info *si,
 }
 
 
+/* Write a password failure to the system log.
+ */
+static void
+do_syslog (saver_info *si, Bool verbose_p)
+{
+# ifdef HAVE_SYSLOG
+  struct passwd *pw = getpwuid (getuid ());
+  char *d = DisplayString (si->dpy);
+  char *u = (pw && pw->pw_name ? pw->pw_name : "???");
+  int opt = 0;
+  int fac = 0;
+
+#  ifdef LOG_PID
+  opt = LOG_PID;
+#  endif
+
+#  if defined(LOG_AUTHPRIV)
+  fac = LOG_AUTHPRIV;
+#  elif defined(LOG_AUTH)
+  fac = LOG_AUTH;
+#  else
+  fac = LOG_DAEMON;
+#  endif
+
+  if (!d) d = "";
+
+#  undef FMT
+#  define FMT "FAILED LOGIN %d ON DISPLAY \"%s\", FOR \"%s\""
+
+  if (verbose_p)
+    fprintf (stderr, "%s: syslog: " FMT "\n", blurb(), 
+             si->unlock_failures, d, u);
+
+  openlog (progname, opt, fac);
+  syslog (LOG_NOTICE, FMT, si->unlock_failures, d, u);
+  closelog ();
+
+# endif /* HAVE_SYSLOG */
+}
+
+
+
 /**
  * Runs through each authentication driver calling its try_unlock function.
  * Called xss_authenticate() because AIX beat us to the name authenticate().
@@ -230,6 +292,12 @@ xss_authenticate(saver_info *si, Bool verbose_p)
   if (verbose_p)
     fprintf(stderr, "%s: All authentication mechanisms failed.\n", blurb());
 
+  if (si->unlock_state == ul_fail)
+    {
+      si->unlock_failures++;
+      do_syslog (si, verbose_p);
+    }
+
 DONE:
   if (si->auth_finished_cb)
     si->auth_finished_cb (si);