diff options
| author | Olaf Mandel <o.mandel@menlosystems.com> | 2019-05-23 16:09:44 +0000 |
|---|---|---|
| committer | Tomáš Mráz <t8m@users.noreply.github.com> | 2019-05-23 19:48:24 +0200 |
| commit | b49488bc884454323553bb95b01a7765312fb515 (patch) | |
| tree | 682a7c4947e570890fca08765775b3c61d12648a /modules/pam_unix | |
| parent | b136bff25e93be6f11de74aca03569022364b973 (diff) | |
| download | pam-b49488bc884454323553bb95b01a7765312fb515.tar.gz pam-b49488bc884454323553bb95b01a7765312fb515.tar.bz2 pam-b49488bc884454323553bb95b01a7765312fb515.zip | |
pam_succeed_if: Request user data only when needed
Allow for conditions that just check the user field to also work for
users not known to the system. Before this caused a PAM_USER_UNKNOWN
even if no extra data for an existing user was needed. E.g.
auth sufficient pam_succeed_if.so user = NotKnownToSystem
modules/pam_succeed_if/pam_succeed_if.c (evaluate): Change the pwd
parameter to an input/output parameter. Lazily request pwd with
pam_modutil_getpwnam() if needed and return PAM_USER_UNKNOWN on failure.
modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Don't
request the pwd if !use_uid anymore and shift the output from audit to
after the evaluate() call. Also make sure not to give the normal failure
message if the lazy pwd loading failed.
Diffstat (limited to 'modules/pam_unix')
0 files changed, 0 insertions, 0 deletions