Relevant BUGIDs: 872943

Purpose of commit: bugfix

Commit summary:
---------------

Fix return value for unknown user (This is PAM_USER_UNKNOWN and
not PAM_AUTHINFO_UNAVAIL).

diff --git a/CHANGELOG b/CHANGELOG
index 9d0d6a3cfe141593e3bc18ac695dc464b0eba0ac..a31f576013ccd8e1d1c08edfe639330f1ca2a864 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -66,8 +66,10 @@ BerliOS Bugs are marked with (BerliOS #XXXX).
   authenticated by another module (t8m)
 * configure: don't abort if no cracklib dictinaries were found, but
   warn user that pam_cracklib will not be built (kukuk)
-* modules/pam_unix/support.c: Fix return value, if user aborts while
+* modules/pam_unix/support.c: Fix return value if user aborts while
   changes the password (Bug 872945 - kukuk)
+* modules/pam_unix/support.c: Fix return value for an unknown user
+  (Bug 872943 - kukuk)
 * pam_limits: support for new Linux kernel 2.6 limits (from toby cabot
   - t8m)
 * pam_tally: major rewrite of the module (t8m)

diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 8411488471c63d4af603b9101065012fe8a3a261..a9df0c5feb855daaf57d2161a118c739a7b14ea3 100644 (file)
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -699,7 +699,10 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
                } else {
                        D(("user's record unavailable"));
                        p = NULL;
-                       retval = PAM_AUTHINFO_UNAVAIL;
+                       if (pwd == NULL)
+                               retval = PAM_USER_UNKNOWN;
+                       else
+                               retval = PAM_AUTHINFO_UNAVAIL;
                        if (on(UNIX_AUDIT, ctrl)) {
                                /* this might be a typo and the user has given a password
                                   instead of a username. Careful with this. */