- Don't log uninitialized username if PAM_OPT_AUTH_AS_SELF set
- Root uid check logic inverted
-- Luke
--- /Network/Servers/lennie/Volumes/u/Users/lukeh/CVSRoot/freebsd/src/lib/libpam/modules/pam_wheel/pam_wheel.c Sat Aug 4 19:19:31 2001
+++ pam_wheel.c Fri Aug 10 01:14:16 2001
@@ -39,7 +39,11 @@
#define PAM_SM_AUTH
#include <security/pam_modules.h>
#include <pam_mod_misc.h>
enum { PAM_OPT_DENY=PAM_OPT_STD_MAX, PAM_OPT_GROUP, PAM_OPT_TRUST,
PAM_OPT_AUTH_AS_SELF };
@@ -76,19 +80,24 @@
PAM_LOG("Options processed");
- if (pam_test_option(&options, PAM_OPT_AUTH_AS_SELF, NULL))
- pwd = getpwnam(getlogin());
- else {
+ if (pam_test_option(&options, PAM_OPT_AUTH_AS_SELF, NULL)) {
+ user = getlogin();
+ } else {
retval = pam_get_user(pamh, &user, NULL);
- if (retval != PAM_SUCCESS)
+ if (retval != PAM_SUCCESS) {
PAM_RETURN(retval);
- pwd = getpwnam(user);
+ }
}
PAM_LOG("Got user: %s", user);
+ pwd = getpwnam(user);
+ if (pwd == NULL) {
+ PAM_RETURN(PAM_USER_UNKNOWN);
+ }
+
/* Ignore if already uid 0 */
- if (pwd->pw_uid)
+ if (pwd->pw_uid == 0)
PAM_RETURN(PAM_IGNORE);
PAM_LOG("Not superuser");
--
Luke Howard | lukehoward.com
PADL Software | www.padl.com
