svn commit: r271256 - head/lib/libpam/modules/pam_login_access

Andriy Gapon avg at FreeBSD.org
Sun Sep 14 07:13:49 UTC 2014 

On 08/09/2014 12:19, Dag-Erling Smørgrav wrote:
> Author: des
> Date: Mon Sep  8 09:19:01 2014
> New Revision: 271256
> URL: http://svnweb.freebsd.org/changeset/base/271256
> 
> Log:
>   Fail rather than segfault if neither PAM_TTY nor PAM_RHOST is set.
>   
>   PR:		83099
>   MFC after:	3 days

Thanks! But please see a line comment below.

> Modified:
>   head/lib/libpam/modules/pam_login_access/pam_login_access.c
> 
> Modified: head/lib/libpam/modules/pam_login_access/pam_login_access.c
> ==============================================================================
> --- head/lib/libpam/modules/pam_login_access/pam_login_access.c	Mon Sep  8 09:16:07 2014	(r271255)
> +++ head/lib/libpam/modules/pam_login_access/pam_login_access.c	Mon Sep  8 09:19:01 2014	(r271256)
> @@ -79,7 +79,14 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int
>  
>  	gethostname(hostname, sizeof hostname);
>  
> -	if (rhost == NULL || *(const char *)rhost == '\0') {
> +	if (rhost != NULL && *(const char *)rhost != '\0') {
> +		PAM_LOG("Checking login.access for user %s from host %s",
> +		    (const char *)user, (const char *)rhost);
> +		if (login_access(user, rhost) != 0)
> +			return (PAM_SUCCESS);
> +		PAM_VERBOSE_ERROR("%s is not allowed to log in from %s",
> +		    user, rhost);
> +	} else if (tty != NULL || *(const char *)tty != '\0') {


I think that the operator should be && here as well.


>  		PAM_LOG("Checking login.access for user %s on tty %s",
>  		    (const char *)user, (const char *)tty);
>  		if (login_access(user, tty) != 0)
> @@ -87,12 +94,8 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int
>  		PAM_VERBOSE_ERROR("%s is not allowed to log in on %s",
>  		    user, tty);
>  	} else {
> -		PAM_LOG("Checking login.access for user %s from host %s",
> -		    (const char *)user, (const char *)rhost);
> -		if (login_access(user, rhost) != 0)
> -			return (PAM_SUCCESS);
> -		PAM_VERBOSE_ERROR("%s is not allowed to log in from %s",
> -		    user, rhost);
> +		PAM_VERBOSE_ERROR("PAM_RHOST or PAM_TTY required");
> +		return (PAM_AUTHINFO_UNAVAIL);
>  	}
>  
>  	return (PAM_AUTH_ERR);
> 


-- 
Andriy Gapon

More information about the svn-src-all mailing list