diff options
| author | Steve Langasek <steve.langasek@canonical.com> | 2020-08-11 14:54:35 -0700 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@canonical.com> | 2020-08-11 15:00:33 -0700 |
| commit | 239d9c3181694bda5a0531ac579612c46c3b4e6d (patch) | |
| tree | 43c04725cde922627215f4c32665ea832dd456d1 /modules/pam_unix/unix_chkpwd.c | |
| parent | aa2142277bf5fb4a884c6119180e41258817705b (diff) | |
| parent | f6d08ed47a3da3c08345bce2ca366e961c52ad7c (diff) | |
| download | pam-239d9c3181694bda5a0531ac579612c46c3b4e6d.tar.gz pam-239d9c3181694bda5a0531ac579612c46c3b4e6d.tar.bz2 pam-239d9c3181694bda5a0531ac579612c46c3b4e6d.zip | |
Merge upstream version 1.4.0
Diffstat (limited to 'modules/pam_unix/unix_chkpwd.c')
| -rw-r--r-- | modules/pam_unix/unix_chkpwd.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c index 39c84dbf..88647e58 100644 --- a/modules/pam_unix/unix_chkpwd.c +++ b/modules/pam_unix/unix_chkpwd.c @@ -2,7 +2,7 @@ * This program is designed to run setuid(root) or with sufficient * privilege to read all of the unix password databases. It is designed * to provide a mechanism for the current user (defined by this - * process' uid) to verify their own password. + * process's uid) to verify their own password. * * The password is read from the standard input. The exit status of * this program indicates whether the user is authenticated or not. @@ -188,7 +188,14 @@ int main(int argc, char *argv[]) #endif helper_log_err(LOG_NOTICE, "password check failed for user (%s)", user); } - return PAM_AUTH_ERR; + /* if helper_verify_password() returned PAM_USER_UNKNOWN, the + most appropriate error to propagate to + _unix_verify_password() is PAM_AUTHINFO_UNAVAIL; otherwise + return general failure */ + if (retval == PAM_USER_UNKNOWN) + return PAM_AUTHINFO_UNAVAIL; + else + return PAM_AUTH_ERR; } else { if (getuid() != 0) { #ifdef HAVE_LIBAUDIT |