summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTomas Mraz <tm@t8m.info>2005-01-04 08:42:42 +0000
committerTomas Mraz <tm@t8m.info>2005-01-04 08:42:42 +0000
commit9390445e42cb9365ef2618d1e9db3fe0fd96f6b6 (patch)
tree49d363877f87377bb7db25d47fb89272ad21cc50
parent662e029b090059e93918dd1a911916206de8b505 (diff)
Relevant BUGIDs: Red Hat bz 120694
Purpose of commit: bugfix Commit summary: --------------- skip logging of 'user unknown' authentication failure if the user has passwd entry
-rw-r--r--CHANGELOG3
-rw-r--r--modules/pam_unix/support.c14
2 files changed, 12 insertions, 5 deletions
diff --git a/CHANGELOG b/CHANGELOG
index d44bf77d..48029a88 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -62,7 +62,8 @@ BerliOS Bugs are marked with (BerliOS #XXXX).
0.79: please submit patches for this section with actual code/doc
patches!
-
+* pam_unix: don't log user unknown failure when he can be properly
+ authenticated by another module
0.78: Do Nov 18 14:48:36 CET 2004
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 5138a875..cf01e3c2 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -698,6 +698,8 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
}
} else {
D(("user's record unavailable"));
+ p = NULL;
+ retval = PAM_AUTHINFO_UNAVAIL;
if (on(UNIX_AUDIT, ctrl)) {
/* this might be a typo and the user has given a password
instead of a username. Careful with this. */
@@ -705,11 +707,14 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
"check pass; user (%s) unknown", name);
} else {
name = NULL;
- _log_err(LOG_ALERT, pamh,
- "check pass; user unknown");
+ if (on(UNIX_DEBUG, ctrl) || pwd == NULL) {
+ _log_err(LOG_ALERT, pamh,
+ "check pass; user unknown");
+ } else {
+ /* don't log failure as another pam module can succeed */
+ goto cleanup;
+ }
}
- p = NULL;
- retval = PAM_AUTHINFO_UNAVAIL;
}
} else {
int salt_len = strlen(salt);
@@ -831,6 +836,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
}
}
+cleanup:
if (data_name)
_pam_delete(data_name);
if (salt)