From owner-freebsd-bugs@FreeBSD.ORG Sat Jan 6 11:50:20 2007 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E8A9716A403 for ; Sat, 6 Jan 2007 11:50:20 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id B0D3613C458 for ; Sat, 6 Jan 2007 11:50:20 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l06BoKh1018449 for ; Sat, 6 Jan 2007 11:50:20 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l06BoKiY018448; Sat, 6 Jan 2007 11:50:20 GMT (envelope-from gnats) Resent-Date: Sat, 6 Jan 2007 11:50:20 GMT Resent-Message-Id: <200701061150.l06BoKiY018448@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, TANAKA Hiroyuki Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 13D7916A407 for ; Sat, 6 Jan 2007 11:47:16 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [69.147.83.33]) by mx1.freebsd.org (Postfix) with ESMTP id 04F5A13C44C for ; Sat, 6 Jan 2007 11:47:16 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id l06BlFhu005333 for ; Sat, 6 Jan 2007 11:47:15 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id l06BlFdV005332; Sat, 6 Jan 2007 11:47:15 GMT (envelope-from nobody) Message-Id: <200701061147.l06BlFdV005332@www.freebsd.org> Date: Sat, 6 Jan 2007 11:47:15 GMT From: TANAKA Hiroyuki To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.0 Cc: Subject: bin/107612: pam_nologin(8) ignore the login class capability nologin except default class. X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jan 2007 11:50:21 -0000 >Number: 107612 >Category: bin >Synopsis: pam_nologin(8) ignore the login class capability nologin except default class. >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Jan 06 11:50:20 GMT 2007 >Closed-Date: >Last-Modified: >Originator: TANAKA Hiroyuki >Release: 6.2-RC1 >Organization: >Environment: FreeBSD tachikoma 6.2-RC1 FreeBSD 6.2-RC1 #0: Thu Nov 16 05:12:08 UTC 2006 root@opus.cse.buffalo.edu:/usr/obj/usr/src/sys/SMP i386 >Description: The pam_nologin module is only use the "default" entry in /etc/login.conf database. I want to use login class for local users to control nologin with specific pam entries. >How-To-Repeat: >Fix: Patch attached with submission follows: --- pam_nologin.c.org Sat Apr 13 07:27:21 2002 +++ pam_nologin.c Sat Jan 6 20:18:32 2007 @@ -73,7 +73,11 @@ PAM_LOG("Got user: %s", user); - lc = login_getclass(NULL); + pwd = getpwnam(user); + if (pwd && pwd->pw_uid == 0) + retval = PAM_SUCCESS; + + lc = login_getpwclass(pwd); nologin = login_getcapstr(lc, "nologin", nologin_def, nologin_def); login_close(lc); lc = NULL; @@ -84,15 +88,10 @@ PAM_LOG("Opened %s file", NOLOGIN); - pwd = getpwnam(user); - if (pwd && pwd->pw_uid == 0) - retval = PAM_SUCCESS; - else { - if (!pwd) - retval = PAM_USER_UNKNOWN; - else - retval = PAM_AUTH_ERR; - } + if (!pwd) + retval = PAM_USER_UNKNOWN; + else + retval = PAM_AUTH_ERR; if (fstat(fd, &st) < 0) return (retval); >Release-Note: >Audit-Trail: >Unformatted: