From owner-freebsd-current Sat Feb 15 17:42: 2 2003 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B26CB37B401; Sat, 15 Feb 2003 17:42:00 -0800 (PST) Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 94BA343F3F; Sat, 15 Feb 2003 17:41:59 -0800 (PST) (envelope-from ache@pobrecita.freebsd.ru) Received: from pobrecita.freebsd.ru (ache@localhost [127.0.0.1]) by nagual.pp.ru (8.12.7/8.12.7) with ESMTP id h1G1fwEJ074143; Sun, 16 Feb 2003 04:41:58 +0300 (MSK) (envelope-from ache@pobrecita.freebsd.ru) Received: (from ache@localhost) by pobrecita.freebsd.ru (8.12.7/8.12.6/Submit) id h1G1fwnw074142; Sun, 16 Feb 2003 04:41:58 +0300 (MSK) (envelope-from ache) Date: Sun, 16 Feb 2003 04:41:58 +0300 From: "Andrey A. Chernov" To: des@freebsd.org, current@freebsd.org Subject: OPIE breakage: backout & patch for review Message-ID: <20030216014158.GA73950@nagual.pp.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.1i Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Background: recently des tries to fight problem that OPIE not sense localhost when called from PAM, but does it incorrectly. Moreover, he tries to fix OPIE config instead of fixing PAM bug: PAM not follows OPIE API. In non-PAM environment OPIE always sense localhost because its host variable always have "" value indicating localhost. Now PAM tries to break this, sending "localhost" string to OPIE instead of "" string. Because of that OPIE stop sense of localhost and des tries to fix OPIE config to add additional things here not needed by standard OPIE setup at all. Note that passing anything else than "" for localhost to OPIE is not supported by OPIE API and illegal. I mean NULL or "localhost" values now passed by PAM. Here is real fix for this problem for review. It includes backing out of /etc/opieaccess incorrect change. --- opieaccess.bak Sun Feb 16 04:25:20 2003 +++ opieaccess Sun Feb 16 04:27:04 2003 @@ -3,11 +3,10 @@ # This file controls whether UNIX passwords are to be permitted. Rules # are matched in order, and the search terminates when the first matching # rule has been found. Default action is "deny". See opieaccess(5) for -# more information. +# more information. Local host is already permitted by default. # # Each rule has the form: # # permit address netmask # deny address netmask # -permit 127.0.0.1 255.255.255.255 --- pam_opieaccess.c.bak Sun Feb 16 02:26:49 2003 +++ pam_opieaccess.c Sun Feb 16 03:32:57 2003 @@ -42,6 +42,7 @@ #include #include #include +#include #include #include @@ -73,8 +74,8 @@ r = pam_get_item(pamh, PAM_RHOST, (const void **)&rhost); if (r != PAM_SUCCESS) return (r); - if (rhost == NULL) - rhost = "localhost"; + if (rhost == NULL || strcasecmp(rhost, "localhost") == 0) + rhost = ""; if (opieaccessfile(rhost) != 0 && opiealways(pwent->pw_dir) != 0) return (PAM_SUCCESS); -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message