1 files changed, 8 insertions, 10 deletions

diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 9dde2aee..9947f12a 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -601,6 +601,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
 	int remember = -1;
 	int rounds = 0;
 	int pass_min_len = 0;
+	struct passwd *pwd;
 
 	/* <DO NOT free() THESE> */
 	const char *user;
@@ -646,21 +647,18 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
 	 * getpwnam() doesn't tell you *where* the information it gives you
 	 * came from, nor should it.  That's our job.
 	 */
-	if (_unix_comesfromsource(pamh, user, 1, on(UNIX_NIS, ctrl)) == 0) {
+	if (_unix_getpwnam(pamh, user, 1, on(UNIX_NIS, ctrl), &pwd) == 0) {
 		pam_syslog(pamh, LOG_DEBUG,
 			 "user \"%s\" does not exist in /etc/passwd%s",
 			 user, on(UNIX_NIS, ctrl) ? " or NIS" : "");
 		return PAM_USER_UNKNOWN;
-	} else {
-		struct passwd *pwd;
-		_unix_getpwnam(pamh, user, 1, 1, &pwd);
-		if (pwd == NULL) {
-			pam_syslog(pamh, LOG_DEBUG,
-				"user \"%s\" has corrupted passwd entry",
-				user);
-			return PAM_USER_UNKNOWN;
-		}
+	} else if (pwd == NULL) {
+		pam_syslog(pamh, LOG_DEBUG,
+			 "user \"%s\" has corrupted passwd entry",
+			 user);
+		return PAM_USER_UNKNOWN;
 	}
+	_pam_drop(pwd);
 
 	/*
 	 * This is not an AUTH module!