When we receive PAM_AUTHINFO_UNAVAIL just display the default

2007-05-08  Brian Cameron  <brian.cameron@sun.com>

        * daemon/verify-pam.c: When we receive PAM_AUTHINFO_UNAVAIL
          just display the default "authentication failed" message.
          This ensures that the error message is the same for
          invalid user and incorrect password, making it harder to
          tell whether an account is a valid one or not.

svn path=/trunk/; revision=4893

2 files changed, 16 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 7b32ecb1..fbdacb7a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
 2007-05-08  Brian Cameron  <brian.cameron@sun.com>
 
+	* daemon/verify-pam.c: When we receive PAM_AUTHINFO_UNAVAIL
+	  just display the default "authentication failed" message.
+	  This ensures that the error message is the same for 
+	  invalid user and incorrect password, making it harder to
+	  tell whether an account is a valid one or not.
+
+2007-05-08  Brian Cameron  <brian.cameron@sun.com>
+
 	* config/PostLogin: Change reference from $LOGIN to $LOGNAME
 	  in documentation comment.  Fixes bug 436805.  Patch by Loic
 	  Minier <lool+gnome@via.ecp.fr>
diff --git a/daemon/verify-pam.c b/daemon/verify-pam.c
index 14a4454a..2f3a615e 100644
--- a/daemon/verify-pam.c
+++ b/daemon/verify-pam.c
@@ -1170,9 +1170,15 @@ gdm_verify_user (GdmDisplay *d,
 	 * message from the PAM subsystem */
 	if ( ! error_msg_given &&
 	     gdm_slave_action_pending ()) {
-		/* I'm not sure yet if I should display this message for any other issues - heeten */
+		/*
+		 * I'm not sure yet if I should display this message for any
+		 * other issues - heeten
+		 * Adding AUTHINFO_UNAVAIL to the list - its what an unknown
+		 * user is.
+		 */
 		if (pamerr == PAM_AUTH_ERR ||
-		    pamerr == PAM_USER_UNKNOWN) {
+		    pamerr == PAM_USER_UNKNOWN ||
+		    pamerr == PAM_AUTHINFO_UNAVAIL) {
 			gboolean is_capslock = FALSE;
 			const char *basemsg;
 			char *msg;