summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--modules/pam_shells/pam_shells.8.xml8
-rw-r--r--modules/pam_shells/pam_shells.c12
2 files changed, 18 insertions, 2 deletions
diff --git a/modules/pam_shells/pam_shells.8.xml b/modules/pam_shells/pam_shells.8.xml
index b9f90e94..e1b35a3e 100644
--- a/modules/pam_shells/pam_shells.8.xml
+++ b/modules/pam_shells/pam_shells.8.xml
@@ -75,6 +75,14 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term>PAM_USER_UNKNOWN</term>
+ <listitem>
+ <para>
+ The user does not exist or the user's login shell could not be determined.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term>PAM_SERVICE_ERR</term>
<listitem>
<para>
diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c
index abebdd0c..05c09c65 100644
--- a/modules/pam_shells/pam_shells.c
+++ b/modules/pam_shells/pam_shells.c
@@ -61,8 +61,16 @@ static int perform_check(pam_handle_t *pamh)
}
pw = pam_modutil_getpwnam(pamh, userName);
- if (pw == NULL || pw->pw_shell == NULL) {
- return PAM_AUTH_ERR; /* user doesn't exist */
+ if (pw == NULL) {
+ return PAM_USER_UNKNOWN;
+ }
+ if (pw->pw_shell == NULL) {
+ /* TODO: when does this happen? I would join it with
+ * the case userShell[0] == '\0' below.
+ *
+ * For now, keep the existing stricter behaviour
+ */
+ return PAM_AUTH_ERR;
}
userShell = pw->pw_shell;
if (userShell[0] == '\0')
View Lorry Controller Status