summaryrefslogtreecommitdiff
path: root/modules/pam_unix
diff options
context:
space:
mode:
authorOlaf Mandel <o.mandel@menlosystems.com>2019-05-23 16:09:44 +0000
committerTomáš Mráz <t8m@users.noreply.github.com>2019-05-23 19:48:24 +0200
commitb49488bc884454323553bb95b01a7765312fb515 (patch)
tree682a7c4947e570890fca08765775b3c61d12648a /modules/pam_unix
parentb136bff25e93be6f11de74aca03569022364b973 (diff)
pam_succeed_if: Request user data only when needed
Allow for conditions that just check the user field to also work for users not known to the system. Before this caused a PAM_USER_UNKNOWN even if no extra data for an existing user was needed. E.g. auth sufficient pam_succeed_if.so user = NotKnownToSystem modules/pam_succeed_if/pam_succeed_if.c (evaluate): Change the pwd parameter to an input/output parameter. Lazily request pwd with pam_modutil_getpwnam() if needed and return PAM_USER_UNKNOWN on failure. modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Don't request the pwd if !use_uid anymore and shift the output from audit to after the evaluate() call. Also make sure not to give the normal failure message if the lazy pwd loading failed.
Diffstat (limited to 'modules/pam_unix')
0 files changed, 0 insertions, 0 deletions