summaryrefslogtreecommitdiff
path: root/modules/pam_securetty
diff options
context:
space:
mode:
authorSteve Langasek <vorlon@debian.org>2009-09-10 10:19:57 +0000
committerSteve Langasek <vorlon@debian.org>2009-09-10 10:19:57 +0000
commit78badec1b121a83fca3e7a42a440a1bb14b24329 (patch)
treeb18f6bdfbbcd6ac1f97254492083bbefad467a7c /modules/pam_securetty
parentde99a00248cdd5d41994056ccc1815a8f1e779b6 (diff)
Relevant BUGIDs: Debian bug #537848
Purpose of commit: bugfix Commit summary: --------------- 2009-09-10 Steve Langasek <vorlon@debian.org> * modules/pam_securetty/pam_securetty.c: pam_securetty should not return PAM_USER_UNKNOWN when the tty is secure, regardless of what was entered as a username. Patch from Nicolas Fran├žois <nicolas.francois@centraliens.net>.
Diffstat (limited to 'modules/pam_securetty')
-rw-r--r--modules/pam_securetty/pam_securetty.c11
1 files changed, 6 insertions, 5 deletions
diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c
index ec796d9e..a3c2010d 100644
--- a/modules/pam_securetty/pam_securetty.c
+++ b/modules/pam_securetty/pam_securetty.c
@@ -86,13 +86,11 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
}
user_pwd = pam_modutil_getpwnam(pamh, username);
- if (user_pwd == NULL) {
- return PAM_USER_UNKNOWN;
- } else if (user_pwd->pw_uid != 0) { /* If the user is not root,
- securetty's does not apply
- to them */
+ if (user_pwd != NULL && user_pwd->pw_uid != 0) {
+ /* If the user is not root, securetty's does not apply to them */
return PAM_SUCCESS;
}
+ /* The user is now either root or an invalid / mistyped username */
retval = pam_get_item(pamh, PAM_TTY, &void_uttyname);
uttyname = void_uttyname;
@@ -151,6 +149,9 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
uttyname);
retval = PAM_AUTH_ERR;
+ if (user_pwd == NULL) {
+ retval = PAM_USER_UNKNOWN;
+ }
} else {
if (ctrl & PAM_DEBUG_ARG) {
pam_syslog(pamh, LOG_DEBUG, "access allowed for '%s' on '%s'",