diff options
author | des <des@FreeBSD.org> | 2004-01-06 09:47:24 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2004-01-06 09:47:24 +0000 |
commit | 77da48ef10288d0fa66b5cf39c619d85bfabc975 (patch) | |
tree | f0e070a00451ee52ace5530283071a264b342e67 /usr.bin | |
parent | 7452e76589c3544aeda69ca97dfcbd139dc08c09 (diff) | |
download | FreeBSD-src-77da48ef10288d0fa66b5cf39c619d85bfabc975.zip FreeBSD-src-77da48ef10288d0fa66b5cf39c619d85bfabc975.tar.gz |
When root tries to su to a non-existent user, pam_authenticate() will
normally succeed (because root can su to anyone), but pam_acct_mgmt()
will most likely fail, causing su to log a confusing "pam_acct_mgmt:
error in service module" message. To avoid this, call getpwnam()
before pam_acct_mgmt().
Sponsored by: registrar.no
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/su/su.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index b70e994..e3c193f 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -254,6 +254,9 @@ main(int argc, char *argv[]) else syslog(LOG_ERR, "pam_get_item(PAM_USER): %s", pam_strerror(pamh, retcode)); + pwd = getpwnam(user); + if (pwd == NULL) + errx(1, "unknown login: %s", user); retcode = pam_acct_mgmt(pamh, 0); if (retcode == PAM_NEW_AUTHTOK_REQD) { @@ -271,10 +274,7 @@ main(int argc, char *argv[]) errx(1, "Sorry"); } - /* get target login information, default to root */ - pwd = getpwnam(user); - if (pwd == NULL) - errx(1, "unknown login: %s", user); + /* get target login information */ if (class == NULL) lc = login_getpwclass(pwd); else { |