Relevant BUGIDs: Red Hat bz 120694

Purpose of commit: bugfix

Commit summary:
---------------
skip logging of 'user unknown' authentication failure if the user
has passwd entry

1 files changed, 10 insertions, 4 deletions

diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 5138a875..cf01e3c2 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -698,6 +698,8 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 			}
 		} else {
 			D(("user's record unavailable"));
+			p = NULL;
+			retval = PAM_AUTHINFO_UNAVAIL;
 			if (on(UNIX_AUDIT, ctrl)) {
 				/* this might be a typo and the user has given a password
 				   instead of a username. Careful with this. */
@@ -705,11 +707,14 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 				         "check pass; user (%s) unknown", name);
 			} else {
 				name = NULL;
-				_log_err(LOG_ALERT, pamh,
-				         "check pass; user unknown");
+				if (on(UNIX_DEBUG, ctrl) || pwd == NULL) {
+				    _log_err(LOG_ALERT, pamh,
+				            "check pass; user unknown");
+				} else {
+				    /* don't log failure as another pam module can succeed */
+				    goto cleanup;
+				}
 			}
-			p = NULL;
-			retval = PAM_AUTHINFO_UNAVAIL;
 		}
 	} else {
 	    int salt_len = strlen(salt);
@@ -831,6 +836,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 		}
 	}
 
+cleanup:
 	if (data_name)
 		_pam_delete(data_name);
 	if (salt)