Date: Sun, 16 Feb 2003 04:41:58 +0300 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: des@freebsd.org, current@freebsd.org Subject: OPIE breakage: backout & patch for review Message-ID: <20030216014158.GA73950@nagual.pp.ru>
next in thread | raw e-mail | index | archive | help
Background: recently des tries to fight problem that OPIE not sense localhost when called from PAM, but does it incorrectly. Moreover, he tries to fix OPIE config instead of fixing PAM bug: PAM not follows OPIE API. In non-PAM environment OPIE always sense localhost because its host variable always have "" value indicating localhost. Now PAM tries to break this, sending "localhost" string to OPIE instead of "" string. Because of that OPIE stop sense of localhost and des tries to fix OPIE config to add additional things here not needed by standard OPIE setup at all. Note that passing anything else than "" for localhost to OPIE is not supported by OPIE API and illegal. I mean NULL or "localhost" values now passed by PAM. Here is real fix for this problem for review. It includes backing out of /etc/opieaccess incorrect change. --- opieaccess.bak Sun Feb 16 04:25:20 2003 +++ opieaccess Sun Feb 16 04:27:04 2003 @@ -3,11 +3,10 @@ # This file controls whether UNIX passwords are to be permitted. Rules # are matched in order, and the search terminates when the first matching # rule has been found. Default action is "deny". See opieaccess(5) for -# more information. +# more information. Local host is already permitted by default. # # Each rule has the form: # # permit address netmask # deny address netmask # -permit 127.0.0.1 255.255.255.255 --- pam_opieaccess.c.bak Sun Feb 16 02:26:49 2003 +++ pam_opieaccess.c Sun Feb 16 03:32:57 2003 @@ -42,6 +42,7 @@ #include <sys/types.h> #include <opie.h> #include <pwd.h> +#include <strings.h> #include <unistd.h> #include <syslog.h> @@ -73,8 +74,8 @@ r = pam_get_item(pamh, PAM_RHOST, (const void **)&rhost); if (r != PAM_SUCCESS) return (r); - if (rhost == NULL) - rhost = "localhost"; + if (rhost == NULL || strcasecmp(rhost, "localhost") == 0) + rhost = ""; if (opieaccessfile(rhost) != 0 && opiealways(pwent->pw_dir) != 0) return (PAM_SUCCESS); -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030216014158.GA73950>