bin/107612: pam_nologin(8) ignore the login class capability
nologin except default class.
TANAKA Hiroyuki
kattyo at abk.nu
Sat Jan 6 03:50:21 PST 2007
>Number: 107612
>Category: bin
>Synopsis: pam_nologin(8) ignore the login class capability nologin except default class.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Jan 06 11:50:20 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: TANAKA Hiroyuki
>Release: 6.2-RC1
>Organization:
>Environment:
FreeBSD tachikoma 6.2-RC1 FreeBSD 6.2-RC1 #0: Thu Nov 16 05:12:08 UTC 2006 root at opus.cse.buffalo.edu:/usr/obj/usr/src/sys/SMP i386
>Description:
The pam_nologin module is only use the "default" entry in /etc/login.conf database.
I want to use login class for local users to control nologin with specific pam entries.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
--- pam_nologin.c.org Sat Apr 13 07:27:21 2002
+++ pam_nologin.c Sat Jan 6 20:18:32 2007
@@ -73,7 +73,11 @@
PAM_LOG("Got user: %s", user);
- lc = login_getclass(NULL);
+ pwd = getpwnam(user);
+ if (pwd && pwd->pw_uid == 0)
+ retval = PAM_SUCCESS;
+
+ lc = login_getpwclass(pwd);
nologin = login_getcapstr(lc, "nologin", nologin_def, nologin_def);
login_close(lc);
lc = NULL;
@@ -84,15 +88,10 @@
PAM_LOG("Opened %s file", NOLOGIN);
- pwd = getpwnam(user);
- if (pwd && pwd->pw_uid == 0)
- retval = PAM_SUCCESS;
- else {
- if (!pwd)
- retval = PAM_USER_UNKNOWN;
- else
- retval = PAM_AUTH_ERR;
- }
+ if (!pwd)
+ retval = PAM_USER_UNKNOWN;
+ else
+ retval = PAM_AUTH_ERR;
if (fstat(fd, &st) < 0)
return (retval);
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list