From: Tomas Mraz Date: Tue, 4 Jan 2005 08:42:42 +0000 (+0000) Subject: Relevant BUGIDs: Red Hat bz 120694 X-Git-Tag: Linux-PAM-0-79~25 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9390445e42cb9365ef2618d1e9db3fe0fd96f6b6;p=linux-pam Relevant BUGIDs: Red Hat bz 120694 Purpose of commit: bugfix Commit summary: --------------- skip logging of 'user unknown' authentication failure if the user has passwd entry --- diff --git a/CHANGELOG b/CHANGELOG index d44bf77d..48029a88 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -62,7 +62,8 @@ BerliOS Bugs are marked with (BerliOS #XXXX). 0.79: please submit patches for this section with actual code/doc patches! - +* pam_unix: don't log user unknown failure when he can be properly + authenticated by another module 0.78: Do Nov 18 14:48:36 CET 2004 diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 5138a875..cf01e3c2 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -698,6 +698,8 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name } } else { D(("user's record unavailable")); + p = NULL; + retval = PAM_AUTHINFO_UNAVAIL; if (on(UNIX_AUDIT, ctrl)) { /* this might be a typo and the user has given a password instead of a username. Careful with this. */ @@ -705,11 +707,14 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name "check pass; user (%s) unknown", name); } else { name = NULL; - _log_err(LOG_ALERT, pamh, - "check pass; user unknown"); + if (on(UNIX_DEBUG, ctrl) || pwd == NULL) { + _log_err(LOG_ALERT, pamh, + "check pass; user unknown"); + } else { + /* don't log failure as another pam module can succeed */ + goto cleanup; + } } - p = NULL; - retval = PAM_AUTHINFO_UNAVAIL; } } else { int salt_len = strlen(salt); @@ -831,6 +836,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name } } +cleanup: if (data_name) _pam_delete(data_name); if (salt)