svn commit: r271256 - head/lib/libpam/modules/pam_login_access
Andriy Gapon
avg at FreeBSD.org
Sun Sep 14 07:13:49 UTC 2014
On 08/09/2014 12:19, Dag-Erling Smørgrav wrote:
> Author: des
> Date: Mon Sep 8 09:19:01 2014
> New Revision: 271256
> URL: http://svnweb.freebsd.org/changeset/base/271256
>
> Log:
> Fail rather than segfault if neither PAM_TTY nor PAM_RHOST is set.
>
> PR: 83099
> MFC after: 3 days
Thanks! But please see a line comment below.
> Modified:
> head/lib/libpam/modules/pam_login_access/pam_login_access.c
>
> Modified: head/lib/libpam/modules/pam_login_access/pam_login_access.c
> ==============================================================================
> --- head/lib/libpam/modules/pam_login_access/pam_login_access.c Mon Sep 8 09:16:07 2014 (r271255)
> +++ head/lib/libpam/modules/pam_login_access/pam_login_access.c Mon Sep 8 09:19:01 2014 (r271256)
> @@ -79,7 +79,14 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int
>
> gethostname(hostname, sizeof hostname);
>
> - if (rhost == NULL || *(const char *)rhost == '\0') {
> + if (rhost != NULL && *(const char *)rhost != '\0') {
> + PAM_LOG("Checking login.access for user %s from host %s",
> + (const char *)user, (const char *)rhost);
> + if (login_access(user, rhost) != 0)
> + return (PAM_SUCCESS);
> + PAM_VERBOSE_ERROR("%s is not allowed to log in from %s",
> + user, rhost);
> + } else if (tty != NULL || *(const char *)tty != '\0') {
I think that the operator should be && here as well.
> PAM_LOG("Checking login.access for user %s on tty %s",
> (const char *)user, (const char *)tty);
> if (login_access(user, tty) != 0)
> @@ -87,12 +94,8 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int
> PAM_VERBOSE_ERROR("%s is not allowed to log in on %s",
> user, tty);
> } else {
> - PAM_LOG("Checking login.access for user %s from host %s",
> - (const char *)user, (const char *)rhost);
> - if (login_access(user, rhost) != 0)
> - return (PAM_SUCCESS);
> - PAM_VERBOSE_ERROR("%s is not allowed to log in from %s",
> - user, rhost);
> + PAM_VERBOSE_ERROR("PAM_RHOST or PAM_TTY required");
> + return (PAM_AUTHINFO_UNAVAIL);
> }
>
> return (PAM_AUTH_ERR);
>
--
Andriy Gapon
More information about the svn-src-all
mailing list