pam_shells: return PAM_USER_UNKNOWN if getpwnam failsHEAD master

Until before, in this case PAM_AUTH_ERR was returned. This leads to unknown users being logged with the unknown username. Now it resembles the behaviour of other modules like pam_unix in this case.
author: Jonathan Krebs <jonny@git2022.olpp.net> 2023-05-15 13:57:46 +0200
committer: Dmitry V. Levin <ldv@strace.io> 2023-05-17 20:18:03 +0000
commit: 52e49e17acba24d2a1dd211bae857043c20931f7 (patch)
tree: 84245e93f34fb2e168de81b1c453cb07c7fb6925 /modules/pam_shells/pam_shells.c
parent: e75e15c7eea15b3aa48026be209239179b747222 (diff)
download: linux-pam-git-master.tar.gz
1 files changed, 10 insertions, 2 deletions
diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c
index abebdd0c..05c09c65 100644
--- a/modules/pam_shells/pam_shells.c
+++ b/modules/pam_shells/pam_shells.c
@@ -61,8 +61,16 @@ static int perform_check(pam_handle_t *pamh)
     }
 
     pw = pam_modutil_getpwnam(pamh, userName);
-    if (pw == NULL || pw->pw_shell == NULL) {
-	return PAM_AUTH_ERR;		/* user doesn't exist */
+    if (pw == NULL) {
+	return PAM_USER_UNKNOWN;
+    }
+    if (pw->pw_shell == NULL) {
+	/* TODO: when does this happen? I would join it with
+	 * the case userShell[0] == '\0' below.
+	 *
+	 * For now, keep the existing stricter behaviour
+	 */
+	return PAM_AUTH_ERR;
     }
     userShell = pw->pw_shell;
     if (userShell[0] == '\0')
author	Jonathan Krebs <jonny@git2022.olpp.net>	2023-05-15 13:57:46 +0200
committer	Dmitry V. Levin <ldv@strace.io>	2023-05-17 20:18:03 +0000
commit	52e49e17acba24d2a1dd211bae857043c20931f7 (patch)
tree	84245e93f34fb2e168de81b1c453cb07c7fb6925 /modules/pam_shells/pam_shells.c
parent	e75e15c7eea15b3aa48026be209239179b747222 (diff)
download	linux-pam-git-master.tar.gz