Re: svn commit: r271256 - head/lib/libpam/modules/pam_login_access

Sun, 14 Sep 2014 00:14:09 -0700 

On 08/09/2014 12:19, Dag-Erling Smørgrav wrote:
> Author: des
> Date: Mon Sep  8 09:19:01 2014
> New Revision: 271256
> URL: http://svnweb.freebsd.org/changeset/base/271256
> 
> Log:
>   Fail rather than segfault if neither PAM_TTY nor PAM_RHOST is set.
>   
>   PR:         83099
>   MFC after:  3 days

Thanks! But please see a line comment below.

> Modified:
>   head/lib/libpam/modules/pam_login_access/pam_login_access.c
> 
> Modified: head/lib/libpam/modules/pam_login_access/pam_login_access.c
> ==============================================================================
> --- head/lib/libpam/modules/pam_login_access/pam_login_access.c       Mon Sep 
>  8 09:16:07 2014        (r271255)
> +++ head/lib/libpam/modules/pam_login_access/pam_login_access.c       Mon Sep 
>  8 09:19:01 2014        (r271256)
> @@ -79,7 +79,14 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int
>  
>       gethostname(hostname, sizeof hostname);
>  
> -     if (rhost == NULL || *(const char *)rhost == '\0') {
> +     if (rhost != NULL && *(const char *)rhost != '\0') {
> +             PAM_LOG("Checking login.access for user %s from host %s",
> +                 (const char *)user, (const char *)rhost);
> +             if (login_access(user, rhost) != 0)
> +                     return (PAM_SUCCESS);
> +             PAM_VERBOSE_ERROR("%s is not allowed to log in from %s",
> +                 user, rhost);
> +     } else if (tty != NULL || *(const char *)tty != '\0') {


I think that the operator should be && here as well.


>               PAM_LOG("Checking login.access for user %s on tty %s",
>                   (const char *)user, (const char *)tty);
>               if (login_access(user, tty) != 0)
> @@ -87,12 +94,8 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int
>               PAM_VERBOSE_ERROR("%s is not allowed to log in on %s",
>                   user, tty);
>       } else {
> -             PAM_LOG("Checking login.access for user %s from host %s",
> -                 (const char *)user, (const char *)rhost);
> -             if (login_access(user, rhost) != 0)
> -                     return (PAM_SUCCESS);
> -             PAM_VERBOSE_ERROR("%s is not allowed to log in from %s",
> -                 user, rhost);
> +             PAM_VERBOSE_ERROR("PAM_RHOST or PAM_TTY required");
> +             return (PAM_AUTHINFO_UNAVAIL);
>       }
>  
>       return (PAM_AUTH_ERR);
> 


-- 
Andriy Gapon
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to