Background: recently des tries to fight problem that OPIE not sense
localhost when called from PAM, but does it incorrectly. Moreover, he
tries to fix OPIE config instead of fixing PAM bug: PAM not follows OPIE
API.
In non-PAM environment OPIE always sense localhost because its host
variable always have "" value indicating localhost. Now PAM tries to break
this, sending "localhost" string to OPIE instead of "" string. Because of
that OPIE stop sense of localhost and des tries to fix OPIE config to add
additional things here not needed by standard OPIE setup at all.
Note that passing anything else than "" for localhost to OPIE is not
supported by OPIE API and illegal. I mean NULL or "localhost" values now
passed by PAM.
Here is real fix for this problem for review. It includes backing out of
/etc/opieaccess incorrect change.
--- opieaccess.bak Sun Feb 16 04:25:20 2003
+++ opieaccess Sun Feb 16 04:27:04 2003
@@ -3,11 +3,10 @@
# This file controls whether UNIX passwords are to be permitted. Rules
# are matched in order, and the search terminates when the first matching
# rule has been found. Default action is "deny". See opieaccess(5) for
-# more information.
+# more information. Local host is already permitted by default.
#
# Each rule has the form:
#
# permit address netmask
# deny address netmask
#
-permit 127.0.0.1 255.255.255.255
--- pam_opieaccess.c.bak Sun Feb 16 02:26:49 2003
+++ pam_opieaccess.c Sun Feb 16 03:32:57 2003
@@ -42,6 +42,7 @@
#include <sys/types.h>
#include <opie.h>
#include <pwd.h>
+#include <strings.h>
#include <unistd.h>
#include <syslog.h>
@@ -73,8 +74,8 @@
r = pam_get_item(pamh, PAM_RHOST, (const void **)&rhost);
if (r != PAM_SUCCESS)
return (r);
- if (rhost == NULL)
- rhost = "localhost";
+ if (rhost == NULL || strcasecmp(rhost, "localhost") == 0)
+ rhost = "";
if (opieaccessfile(rhost) != 0 && opiealways(pwent->pw_dir) != 0)
return (PAM_SUCCESS);
--
Andrey A. Chernov
http://ache.pp.ru/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
