Relevant BUGIDs: Debian bug #537848

Purpose of commit: bugfix

Commit summary:
---------------
2009-09-10  Steve Langasek  <vorlon@debian.org>

	* modules/pam_securetty/pam_securetty.c: pam_securetty should not
	return PAM_USER_UNKNOWN when the tty is secure, regardless of what
	was entered as a username.
	Patch from Nicolas François <nicolas.francois@centraliens.net>.

1 files changed, 6 insertions, 5 deletions

diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c
index ec796d9e..a3c2010d 100644
--- a/modules/pam_securetty/pam_securetty.c
+++ b/modules/pam_securetty/pam_securetty.c
@@ -86,13 +86,11 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
     }
 
     user_pwd = pam_modutil_getpwnam(pamh, username);
-    if (user_pwd == NULL) {
-	return PAM_USER_UNKNOWN;
-    } else if (user_pwd->pw_uid != 0) { /* If the user is not root,
-					   securetty's does not apply
-					   to them */
+    if (user_pwd != NULL && user_pwd->pw_uid != 0) {
+	/* If the user is not root, securetty's does not apply to them */
 	return PAM_SUCCESS;
     }
+    /* The user is now either root or an invalid / mistyped username */
 
     retval = pam_get_item(pamh, PAM_TTY, &void_uttyname);
     uttyname = void_uttyname;
@@ -151,6 +149,9 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
 		     uttyname);
 
 	    retval = PAM_AUTH_ERR;
+	    if (user_pwd == NULL) {
+		retval = PAM_USER_UNKNOWN;
+	    }
     } else {
 	if (ctrl & PAM_DEBUG_ARG) {
 	    pam_syslog(pamh, LOG_DEBUG, "access allowed for '%s' on '%s'",