diff options
Diffstat (limited to 'modules/pam_unix/unix_chkpwd.c')
| -rw-r--r-- | modules/pam_unix/unix_chkpwd.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c index 39c84dbf..88647e58 100644 --- a/modules/pam_unix/unix_chkpwd.c +++ b/modules/pam_unix/unix_chkpwd.c @@ -2,7 +2,7 @@ * This program is designed to run setuid(root) or with sufficient * privilege to read all of the unix password databases. It is designed * to provide a mechanism for the current user (defined by this - * process' uid) to verify their own password. + * process's uid) to verify their own password. * * The password is read from the standard input. The exit status of * this program indicates whether the user is authenticated or not. @@ -188,7 +188,14 @@ int main(int argc, char *argv[]) #endif helper_log_err(LOG_NOTICE, "password check failed for user (%s)", user); } - return PAM_AUTH_ERR; + /* if helper_verify_password() returned PAM_USER_UNKNOWN, the + most appropriate error to propagate to + _unix_verify_password() is PAM_AUTHINFO_UNAVAIL; otherwise + return general failure */ + if (retval == PAM_USER_UNKNOWN) + return PAM_AUTHINFO_UNAVAIL; + else + return PAM_AUTH_ERR; } else { if (getuid() != 0) { #ifdef HAVE_LIBAUDIT |