From owner-svn-src-all@FreeBSD.ORG Mon Sep 8 09:19:01 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B84CB625; Mon, 8 Sep 2014 09:19:01 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A43BD1E08; Mon, 8 Sep 2014 09:19:01 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s889J156050815; Mon, 8 Sep 2014 09:19:01 GMT (envelope-from des@FreeBSD.org) Received: (from des@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s889J1QL050814; Mon, 8 Sep 2014 09:19:01 GMT (envelope-from des@FreeBSD.org) Message-Id: <201409080919.s889J1QL050814@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: des set sender to des@FreeBSD.org using -f From: Dag-Erling Smørgrav Date: Mon, 8 Sep 2014 09:19:01 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r271256 - head/lib/libpam/modules/pam_login_access X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Sep 2014 09:19:01 -0000 Author: des Date: Mon Sep 8 09:19:01 2014 New Revision: 271256 URL: http://svnweb.freebsd.org/changeset/base/271256 Log: Fail rather than segfault if neither PAM_TTY nor PAM_RHOST is set. PR: 83099 MFC after: 3 days Modified: head/lib/libpam/modules/pam_login_access/pam_login_access.c Modified: head/lib/libpam/modules/pam_login_access/pam_login_access.c ============================================================================== --- head/lib/libpam/modules/pam_login_access/pam_login_access.c Mon Sep 8 09:16:07 2014 (r271255) +++ head/lib/libpam/modules/pam_login_access/pam_login_access.c Mon Sep 8 09:19:01 2014 (r271256) @@ -79,7 +79,14 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int gethostname(hostname, sizeof hostname); - if (rhost == NULL || *(const char *)rhost == '\0') { + if (rhost != NULL && *(const char *)rhost != '\0') { + PAM_LOG("Checking login.access for user %s from host %s", + (const char *)user, (const char *)rhost); + if (login_access(user, rhost) != 0) + return (PAM_SUCCESS); + PAM_VERBOSE_ERROR("%s is not allowed to log in from %s", + user, rhost); + } else if (tty != NULL || *(const char *)tty != '\0') { PAM_LOG("Checking login.access for user %s on tty %s", (const char *)user, (const char *)tty); if (login_access(user, tty) != 0) @@ -87,12 +94,8 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int PAM_VERBOSE_ERROR("%s is not allowed to log in on %s", user, tty); } else { - PAM_LOG("Checking login.access for user %s from host %s", - (const char *)user, (const char *)rhost); - if (login_access(user, rhost) != 0) - return (PAM_SUCCESS); - PAM_VERBOSE_ERROR("%s is not allowed to log in from %s", - user, rhost); + PAM_VERBOSE_ERROR("PAM_RHOST or PAM_TTY required"); + return (PAM_AUTHINFO_UNAVAIL); } return (PAM_AUTH_ERR);