d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

When root tries to su to a non-existent user, pam_authenticate() will

Browse Source 
normally succeed (because root can su to anyone), but pam_acct_mgmt()
will most likely fail, causing su to log a confusing "pam_acct_mgmt:
error in service module" message.  To avoid this, call getpwnam()
before pam_acct_mgmt().

Sponsored by:	registrar.no
This commit is contained in:
des 2004-01-06 09:47:24 +00:00
parent 7452e76589
commit 77da48ef10
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
usr.bin/su/su.c
View File

@ -254,6 +254,9 @@ main(int argc, char *argv[])
else else
syslog(LOG_ERR, "pam_get_item(PAM_USER): %s", syslog(LOG_ERR, "pam_get_item(PAM_USER): %s",
pam_strerror(pamh, retcode)); pam_strerror(pamh, retcode));
pwd = getpwnam(user);
if (pwd == NULL)
errx(1, "unknown login: %s", user);
retcode = pam_acct_mgmt(pamh, 0); retcode = pam_acct_mgmt(pamh, 0);
if (retcode == PAM_NEW_AUTHTOK_REQD) { if (retcode == PAM_NEW_AUTHTOK_REQD) {
@ -271,10 +274,7 @@ main(int argc, char *argv[])
errx(1, "Sorry"); errx(1, "Sorry");
} }
/* get target login information, default to root */ /* get target login information */
pwd = getpwnam(user);
if (pwd == NULL)
errx(1, "unknown login: %s", user);
if (class == NULL) if (class == NULL)
lc = login_getpwclass(pwd); lc = login_getpwclass(pwd);
else { else {