svn commit: r272280 - head/lib/libpam/modules/pam_login_access
Dag-Erling Smørgrav
des at FreeBSD.org
Mon Sep 29 08:57:36 UTC 2014
Author: des
Date: Mon Sep 29 08:57:36 2014
New Revision: 272280
URL: http://svnweb.freebsd.org/changeset/base/272280
Log:
Instead of failing when neither PAM_TTY nor PAM_RHOST are available, call
login_access() with "**unknown**" as the second argument. This will allow
"ALL" rules to match.
Reported by: Tim Daneliuk <tundra at tundraware.com>
Tested by: dim@
PR: 83099 193927
MFC after: 3 days
Modified:
head/lib/libpam/modules/pam_login_access/pam_login_access.c
Modified: head/lib/libpam/modules/pam_login_access/pam_login_access.c
==============================================================================
--- head/lib/libpam/modules/pam_login_access/pam_login_access.c Mon Sep 29 01:17:42 2014 (r272279)
+++ head/lib/libpam/modules/pam_login_access/pam_login_access.c Mon Sep 29 08:57:36 2014 (r272280)
@@ -94,8 +94,10 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int
PAM_VERBOSE_ERROR("%s is not allowed to log in on %s",
user, tty);
} else {
- PAM_VERBOSE_ERROR("PAM_RHOST or PAM_TTY required");
- return (PAM_AUTHINFO_UNAVAIL);
+ PAM_LOG("Checking login.access for user %s", user);
+ if (login_access(user, "***unknown***") != 0)
+ return (PAM_SUCCESS);
+ PAM_VERBOSE_ERROR("%s is not allowed to log in", user);
}
return (PAM_AUTH_ERR);
More information about the svn-src-all
mailing list