On 08/09/2014 12:19, Dag-Erling Smørgrav wrote: > Author: des > Date: Mon Sep 8 09:19:01 2014 > New Revision: 271256 > URL: http://svnweb.freebsd.org/changeset/base/271256 > > Log: > Fail rather than segfault if neither PAM_TTY nor PAM_RHOST is set. > > PR: 83099 > MFC after: 3 days
Thanks! But please see a line comment below. > Modified: > head/lib/libpam/modules/pam_login_access/pam_login_access.c > > Modified: head/lib/libpam/modules/pam_login_access/pam_login_access.c > ============================================================================== > --- head/lib/libpam/modules/pam_login_access/pam_login_access.c Mon Sep > 8 09:16:07 2014 (r271255) > +++ head/lib/libpam/modules/pam_login_access/pam_login_access.c Mon Sep > 8 09:19:01 2014 (r271256) > @@ -79,7 +79,14 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int > > gethostname(hostname, sizeof hostname); > > - if (rhost == NULL || *(const char *)rhost == '\0') { > + if (rhost != NULL && *(const char *)rhost != '\0') { > + PAM_LOG("Checking login.access for user %s from host %s", > + (const char *)user, (const char *)rhost); > + if (login_access(user, rhost) != 0) > + return (PAM_SUCCESS); > + PAM_VERBOSE_ERROR("%s is not allowed to log in from %s", > + user, rhost); > + } else if (tty != NULL || *(const char *)tty != '\0') { I think that the operator should be && here as well. > PAM_LOG("Checking login.access for user %s on tty %s", > (const char *)user, (const char *)tty); > if (login_access(user, tty) != 0) > @@ -87,12 +94,8 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int > PAM_VERBOSE_ERROR("%s is not allowed to log in on %s", > user, tty); > } else { > - PAM_LOG("Checking login.access for user %s from host %s", > - (const char *)user, (const char *)rhost); > - if (login_access(user, rhost) != 0) > - return (PAM_SUCCESS); > - PAM_VERBOSE_ERROR("%s is not allowed to log in from %s", > - user, rhost); > + PAM_VERBOSE_ERROR("PAM_RHOST or PAM_TTY required"); > + return (PAM_AUTHINFO_UNAVAIL); > } > > return (PAM_AUTH_ERR); > -- Andriy Gapon _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"