d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Instead of failing when neither PAM_TTY nor PAM_RHOST are available, call

Browse Source 
login_access() with "**unknown**" as the second argument.  This will allow
"ALL" rules to match.

Reported by:	Tim Daneliuk <tundra@tundraware.com>
Tested by:	dim@
PR:		83099 193927
MFC after:	3 days
This commit is contained in:
des 2014-09-29 08:57:36 +00:00
parent 6ad59c5594
commit cb586e6a88
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/libpam/modules/pam_login_access/pam_login_access.c
View File

@ -94,8 +94,10 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
PAM_VERBOSE_ERROR("%s is not allowed to log in on %s",
user, tty);
} else {
PAM_VERBOSE_ERROR("PAM_RHOST or PAM_TTY required");
return (PAM_AUTHINFO_UNAVAIL);
PAM_LOG("Checking login.access for user %s", user);
if (login_access(user, "***unknown***") != 0)
return (PAM_SUCCESS);
PAM_VERBOSE_ERROR("%s is not allowed to log in", user);
}
return (PAM_AUTH_ERR);