isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ignore PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED errors from

Browse Source 
pam_acct_mgmt() if authentication is disabled for the user.
Bug #843
This commit is contained in:
Todd C. Miller
2018-07-26 12:31:29 -06:00
parent dc1e0e7168
commit 394524fd5d
6 changed files with 19 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/sudoers/auth/sudo_auth.c
View File

@@ -168,7 +168,7 @@ sudo_auth_init(struct passwd *pw)
* Returns true on success, false on failure and -1 on error.
*/
int
sudo_auth_approval(struct passwd *pw, int validated)
sudo_auth_approval(struct passwd *pw, int validated, bool exempt)
{
sudo_auth *auth;
debug_decl(sudo_auth_approval, SUDOERS_DEBUG_AUTH)
@@ -176,7 +176,7 @@ sudo_auth_approval(struct passwd *pw, int validated)
/* Call approval routines. */
for (auth = auth_switch; auth->name; auth++) {
if (auth->approval && !IS_DISABLED(auth)) {
int status = (auth->approval)(pw, auth);
int status = (auth->approval)(pw, auth, exempt);
if (status != AUTH_SUCCESS) {
/* Assume error msg already printed. */
log_auth_failure(validated, 0);