When root tries to su to a non-existent user, pam_authenticate() will

normally succeed (because root can su to anyone), but pam_acct_mgmt() will most likely fail, causing su to log a confusing "pam_acct_mgmt: error in service module" message. To avoid this, call getpwnam() before pam_acct_mgmt(). Sponsored by: registrar.no
author: des <des@FreeBSD.org> 2004-01-06 09:47:24 +0000
committer: des <des@FreeBSD.org> 2004-01-06 09:47:24 +0000
commit: 77da48ef10288d0fa66b5cf39c619d85bfabc975 (patch)
tree: f0e070a00451ee52ace5530283071a264b342e67 /usr.bin
parent: 7452e76589c3544aeda69ca97dfcbd139dc08c09 (diff)
download: FreeBSD-src-77da48ef10288d0fa66b5cf39c619d85bfabc975.zip
FreeBSD-src-77da48ef10288d0fa66b5cf39c619d85bfabc975.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c
index b70e994..e3c193f 100644
--- a/usr.bin/su/su.c
+++ b/usr.bin/su/su.c
@@ -254,6 +254,9 @@ main(int argc, char *argv[])
 	else
 		syslog(LOG_ERR, "pam_get_item(PAM_USER): %s",
 		    pam_strerror(pamh, retcode));
+	pwd = getpwnam(user);
+	if (pwd == NULL)
+		errx(1, "unknown login: %s", user);
 
 	retcode = pam_acct_mgmt(pamh, 0);
 	if (retcode == PAM_NEW_AUTHTOK_REQD) {
@@ -271,10 +274,7 @@ main(int argc, char *argv[])
 		errx(1, "Sorry");
 	}
 
-	/* get target login information, default to root */
-	pwd = getpwnam(user);
-	if (pwd == NULL)
-		errx(1, "unknown login: %s", user);
+	/* get target login information */
 	if (class == NULL)
 		lc = login_getpwclass(pwd);
 	else {
author	des <des@FreeBSD.org>	2004-01-06 09:47:24 +0000
committer	des <des@FreeBSD.org>	2004-01-06 09:47:24 +0000
commit	77da48ef10288d0fa66b5cf39c619d85bfabc975 (patch)
tree	f0e070a00451ee52ace5530283071a264b342e67 /usr.bin
parent	7452e76589c3544aeda69ca97dfcbd139dc08c09 (diff)
download	FreeBSD-src-77da48ef10288d0fa66b5cf39c619d85bfabc975.zip FreeBSD-src-77da48ef10288d0fa66b5cf39c619d85bfabc975.tar.gz