From 78badec1b121a83fca3e7a42a440a1bb14b24329 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Thu, 10 Sep 2009 10:19:57 +0000 Subject: Relevant BUGIDs: Debian bug #537848 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Purpose of commit: bugfix Commit summary: --------------- 2009-09-10 Steve Langasek * modules/pam_securetty/pam_securetty.c: pam_securetty should not return PAM_USER_UNKNOWN when the tty is secure, regardless of what was entered as a username. Patch from Nicolas François . --- modules/pam_securetty/pam_securetty.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'modules/pam_securetty') diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c index ec796d9e..a3c2010d 100644 --- a/modules/pam_securetty/pam_securetty.c +++ b/modules/pam_securetty/pam_securetty.c @@ -86,13 +86,11 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, } user_pwd = pam_modutil_getpwnam(pamh, username); - if (user_pwd == NULL) { - return PAM_USER_UNKNOWN; - } else if (user_pwd->pw_uid != 0) { /* If the user is not root, - securetty's does not apply - to them */ + if (user_pwd != NULL && user_pwd->pw_uid != 0) { + /* If the user is not root, securetty's does not apply to them */ return PAM_SUCCESS; } + /* The user is now either root or an invalid / mistyped username */ retval = pam_get_item(pamh, PAM_TTY, &void_uttyname); uttyname = void_uttyname; @@ -151,6 +149,9 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, uttyname); retval = PAM_AUTH_ERR; + if (user_pwd == NULL) { + retval = PAM_USER_UNKNOWN; + } } else { if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "access allowed for '%s' on '%s'", -- cgit v1.2.3