From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Tue, 23 Nov 1999 18:27:00 +0000 (+0000)
Subject: make pam errors other than PAM_PERM_DENIED fatal
X-Git-Tag: SUDO_1_6_1~23
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1c5e61db4b4e2645c734a6999ff1186ad7bfe3c6;p=sudo

make pam errors other than PAM_PERM_DENIED fatal
---

diff --git a/auth/pam.c b/auth/pam.c
index 3cdb218ae..cdc9bfb78 100644
--- a/auth/pam.c
+++ b/auth/pam.c
@@ -100,9 +100,10 @@ pam_verify(pw, prompt, auth)
     if ((error = pam_authenticate(pamh, PAM_SILENT)) == PAM_SUCCESS)
 	return(AUTH_SUCCESS);
 
-    if (error != PAM_PERM_DENIED) {
-	if ((s = pam_strerror(pamh, error)))
-	    log_error(NO_EXIT|NO_MAIL, "pam_authenticate: %s\n", s);
+    /* Any error other than PAM_PERM_DENIED may indicate a config problem. */
+    if (error != PAM_PERM_DENIED && (s = pam_strerror(pamh, error))) {
+	log_error(NO_EXIT|NO_MAIL, "pam_authenticate: %s\n", s);
+	return(AUTH_FATAL);
     }
     return(AUTH_FAILURE);
 }