1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
From: Martin Schwenke <martin@meltin.net>
Date: Mon, 11 Sep 2023 14:00:42 -0600
Subject: distinguish between password manipulation failure and missing user.
---
modules/pam_unix/passverify.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 81b10d8..7ff8bf0 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -804,7 +804,7 @@ PAMH_ARG_DECL(int unix_update_passwd,
struct passwd *tmpent = NULL;
struct stat st;
FILE *pwfile, *opwfile;
- int err = 1;
+ int err = 1, found = 0;
int oldmask;
#ifdef WITH_SELINUX
char *prev_context_raw = NULL;
@@ -875,6 +875,7 @@ PAMH_ARG_DECL(int unix_update_passwd,
tmpent->pw_passwd = assigned_passwd.charp;
err = 0;
+ found = 1;
}
if (putpwent(tmpent, pwfile)) {
D(("error writing entry to password file: %m"));
@@ -917,7 +918,7 @@ done:
return PAM_SUCCESS;
} else {
unlink(PW_TMPFILE);
- return PAM_AUTHTOK_ERR;
+ return found ? PAM_AUTHTOK_ERR : PAM_USER_UNKNOWN;
}
}
|
