From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Mon, 11 Oct 2010 12:55:31 +0000 (-0400)
Subject: If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more useful
X-Git-Tag: SUDO_1_7_5~131
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b6580ba1db2a2a7b2ab3c7bf5c37815cf8bd1717;p=sudo

If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more useful
message and return AUTH_FATAL so sudo does not keep trying to validate
the user.

--HG--
branch : 1.7
---

diff --git a/auth/pam.c b/auth/pam.c
index ca2ef1069..c2a5b3e38 100644
--- a/auth/pam.c
+++ b/auth/pam.c
@@ -147,9 +147,9 @@ pam_verify(pw, prompt, auth)
 		case PAM_SUCCESS:
 		    return(AUTH_SUCCESS);
 		case PAM_AUTH_ERR:
-		    log_error(NO_EXIT|NO_MAIL, "pam_acct_mgmt: %d",
-			*pam_status);
-		    return(AUTH_FAILURE);
+		    log_error(NO_EXIT|NO_MAIL,
+			"account validation failure, is your account locked?");
+		    return(AUTH_FATAL);
 		case PAM_NEW_AUTHTOK_REQD:
 		    log_error(NO_EXIT|NO_MAIL, "%s, %s",
 			"Account or password is expired",