When root tries to su to a non-existent user, pam_authenticate() will

normally succeed (because root can su to anyone), but pam_acct_mgmt() will most likely fail, causing su to log a confusing "pam_acct_mgmt: error in service module" message. To avoid this, call getpwnam() before pam_acct_mgmt(). Sponsored by: registrar.no
svn path=/head/; revision=124166
2004-01-06 09:47:24 +00:00 · 2004-01-06 09:47:24 +00:00 · 60f4b54d8f · 2020-12-20 02:59:44 +00:00
commit 60f4b54d8f
parent 09bebfadee
1 changed files with 4 additions and 4 deletions
--- a/usr.bin/su/su.c
+++ b/usr.bin/su/su.c
@ -254,6 +254,9 @@ main(int argc, char *argv[])
 	else
 		syslog(LOG_ERR, "pam_get_item(PAM_USER): %s",
 		    pam_strerror(pamh, retcode));
+	pwd = getpwnam(user);
+	if (pwd == NULL)
+		errx(1, "unknown login: %s", user);

 	retcode = pam_acct_mgmt(pamh, 0);
 	if (retcode == PAM_NEW_AUTHTOK_REQD) {
@ -271,10 +274,7 @@ main(int argc, char *argv[])
 		errx(1, "Sorry");
 	}

-	/* get target login information, default to root */
-	pwd = getpwnam(user);
-	if (pwd == NULL)
-		errx(1, "unknown login: %s", user);
+	/* get target login information */
 	if (class == NULL)
 		lc = login_getpwclass(pwd);
 	else {