From 940a7da9d162d1363b7ca5d050f86556cd5762a0 Mon Sep 17 00:00:00 2001
From: ysf <34326+ysf@users.noreply.github.com>
Date: Tue, 8 Mar 2022 13:02:01 +0100
Subject: [PATCH] security: fix improper PAM authorization handling (#6819)

Co-authored-by: Joe Chen <jc@unknwon.io>
---
 CHANGELOG.md             | 1 +
 internal/auth/pam/pam.go | 8 ++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1a1a4def7..59bc75c91 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,6 +22,7 @@ All notable changes to Gogs are documented in this file.
 ### Fixed
 
 - _Security:_ Potential SSRF in repository migration. [#6754](https://github.com/gogs/gogs/issues/6754)
+- _Security:_ Improper PAM authorization handling. [#6810](https://github.com/gogs/gogs/issues/6810)
 - Unable to use LDAP authentication on ARM machines. [#6761](https://github.com/gogs/gogs/issues/6761)
 
 ### Removed
diff --git a/internal/auth/pam/pam.go b/internal/auth/pam/pam.go
index 0777bf7c2..cbd3500d6 100644
--- a/internal/auth/pam/pam.go
+++ b/internal/auth/pam/pam.go
@@ -25,6 +25,10 @@ func (c *Config) doAuth(login, password string) error {
 	if err != nil {
 		return err
 	}
-
-	return t.Authenticate(0)
+	
+	err = t.Authenticate(0)
+	if err != nil {
+		return err
+	}
+	return t.AcctMgmt(0)
 }