]> granicus.if.org Git - sudo/commitdiff
projects / sudo / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a87dfc7)
If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more useful
authorTodd C. Miller <Todd.Miller@courtesan.com>
Mon, 11 Oct 2010 12:55:31 +0000 (08:55 -0400)
committerTodd C. Miller <Todd.Miller@courtesan.com>
Mon, 11 Oct 2010 12:55:31 +0000 (08:55 -0400)
message and return AUTH_FATAL so sudo does not keep trying to validate
the user.

--HG--
branch : 1.7

auth/pam.c patch | blob | history

diff --git a/auth/pam.c b/auth/pam.c
index ca2ef10695754e0c49c4610ed2f67567b6b92e0e..c2a5b3e38af2f9e0115fbe645401652e9d68e426 100644 (file)
--- a/auth/pam.c
+++ b/auth/pam.c
@@ -147,9 +147,9 @@ pam_verify(pw, prompt, auth)
                case PAM_SUCCESS:
                    return(AUTH_SUCCESS);
                case PAM_AUTH_ERR:
-                   log_error(NO_EXIT|NO_MAIL, "pam_acct_mgmt: %d",
-                       *pam_status);
-                   return(AUTH_FAILURE);
+                   log_error(NO_EXIT|NO_MAIL,
+                       "account validation failure, is your account locked?");
+                   return(AUTH_FATAL);
                case PAM_NEW_AUTHTOK_REQD:
                    log_error(NO_EXIT|NO_MAIL, "%s, %s",
                        "Account or password is expired",
Unnamed repository; edit this file 'description' to name the repository.