From owner-freebsd-current Fri Oct 12 14:59:54 2001 Delivered-To: freebsd-current@freebsd.org Received: from mailout04.sul.t-online.de (mailout04.sul.t-online.com [194.25.134.18]) by hub.freebsd.org (Postfix) with ESMTP id BD5B737B421 for ; Fri, 12 Oct 2001 14:59:37 -0700 (PDT) Received: from fwd02.sul.t-online.de by mailout04.sul.t-online.de with smtp id 15sAL8-0005ef-02; Fri, 12 Oct 2001 23:59:34 +0200 Received: from server.rock.net (340029380333-0001@[217.224.30.75]) by fmrl02.sul.t-online.com with esmtp id 15sAL2-15yebQC; Fri, 12 Oct 2001 23:59:28 +0200 Received: from t-online.de (server [172.23.7.1]) by server.rock.net (8.12.1/Rock) with ESMTP id f9CLsx0o078793 for ; Fri, 12 Oct 2001 23:54:59 +0200 (MEST) Message-ID: <3BC766B3.D4238619@t-online.de> Date: Fri, 12 Oct 2001 23:54:59 +0200 From: Daniel Rock X-Mailer: Mozilla 4.76 [de] (X11; U; SunOS 5.8 i86pc) X-Accept-Language: de, en MIME-Version: 1.0 To: current@freebsd.org Subject: Semantic change in su with pam Content-Type: multipart/mixed; boundary="------------F98286DFCC4B668D2A2AECA3" X-Sender: 340029380333-0001@t-dialin.net Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Dies ist eine mehrteilige Nachricht im MIME-Format. --------------F98286DFCC4B668D2A2AECA3 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi, just noticed a slight semantic change while using su: Before pam, you can disable the wheel check if this group is empty. Now this isn't possible any more. I know I just could comment out pam_wheel from /etc/pam.conf but what about the following solution: Adding another flag for pam_wheel, which reintroduces the old syntax. It is quite simple and straightforward (see attached patch). Any comments? Daniel --------------F98286DFCC4B668D2A2AECA3 Content-Type: text/plain; charset=us-ascii; name="pam.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="pam.diff" Index: pam_wheel.c =================================================================== RCS file: /data/cvs/src/lib/libpam/modules/pam_wheel/pam_wheel.c,v retrieving revision 1.5 diff -u -r1.5 pam_wheel.c --- pam_wheel.c 26 Aug 2001 18:09:00 -0000 1.5 +++ pam_wheel.c 12 Oct 2001 21:41:05 -0000 @@ -42,7 +42,7 @@ #include enum { PAM_OPT_DENY=PAM_OPT_STD_MAX, PAM_OPT_GROUP, PAM_OPT_TRUST, - PAM_OPT_AUTH_AS_SELF, PAM_OPT_NOROOT_OK }; + PAM_OPT_AUTH_AS_SELF, PAM_OPT_NOROOT_OK, PAM_OPT_NULL_IGN }; static struct opttab other_options[] = { { "deny", PAM_OPT_DENY }, @@ -50,6 +50,7 @@ { "trust", PAM_OPT_TRUST }, { "auth_as_self", PAM_OPT_AUTH_AS_SELF }, { "noroot_ok", PAM_OPT_NOROOT_OK }, + { "null_ignore", PAM_OPT_NULL_IGN }, { NULL, 0 } }; @@ -127,6 +128,8 @@ if (pam_test_option(&options, PAM_OPT_DENY, NULL)) PAM_RETURN(PAM_IGNORE); else { + if(pam_test_option(&options, PAM_OPT_NULL_IGN, NULL)) + PAM_RETURN(PAM_IGNORE); PAM_VERBOSE_ERROR("Permission denied"); PAM_RETURN(PAM_AUTH_ERR); } --------------F98286DFCC4B668D2A2AECA3-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message