When root tries to su to a non-existent user, pam_authenticate() will

normally succeed (because root can su to anyone), but pam_acct_mgmt()
will most likely fail, causing su to log a confusing "pam_acct_mgmt:
error in service module" message.  To avoid this, call getpwnam()
before pam_acct_mgmt().

Sponsored by:	registrar.no
This commit is contained in:
des 2004-01-06 09:47:24 +00:00
parent 7452e76589
commit 77da48ef10

View File

@ -254,6 +254,9 @@ main(int argc, char *argv[])
else
syslog(LOG_ERR, "pam_get_item(PAM_USER): %s",
pam_strerror(pamh, retcode));
pwd = getpwnam(user);
if (pwd == NULL)
errx(1, "unknown login: %s", user);
retcode = pam_acct_mgmt(pamh, 0);
if (retcode == PAM_NEW_AUTHTOK_REQD) {
@ -271,10 +274,7 @@ main(int argc, char *argv[])
errx(1, "Sorry");
}
/* get target login information, default to root */
pwd = getpwnam(user);
if (pwd == NULL)
errx(1, "unknown login: %s", user);
/* get target login information */
if (class == NULL)
lc = login_getpwclass(pwd);
else {