Date: Mon, 29 Sep 2014 08:57:36 +0000 (UTC) From: Dag-Erling Smørgrav <des@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r272280 - head/lib/libpam/modules/pam_login_access Message-ID: <201409290857.s8T8vamj094031@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: des Date: Mon Sep 29 08:57:36 2014 New Revision: 272280 URL: http://svnweb.freebsd.org/changeset/base/272280 Log: Instead of failing when neither PAM_TTY nor PAM_RHOST are available, call login_access() with "**unknown**" as the second argument. This will allow "ALL" rules to match. Reported by: Tim Daneliuk <tundra@tundraware.com> Tested by: dim@ PR: 83099 193927 MFC after: 3 days Modified: head/lib/libpam/modules/pam_login_access/pam_login_access.c Modified: head/lib/libpam/modules/pam_login_access/pam_login_access.c ============================================================================== --- head/lib/libpam/modules/pam_login_access/pam_login_access.c Mon Sep 29 01:17:42 2014 (r272279) +++ head/lib/libpam/modules/pam_login_access/pam_login_access.c Mon Sep 29 08:57:36 2014 (r272280) @@ -94,8 +94,10 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int PAM_VERBOSE_ERROR("%s is not allowed to log in on %s", user, tty); } else { - PAM_VERBOSE_ERROR("PAM_RHOST or PAM_TTY required"); - return (PAM_AUTHINFO_UNAVAIL); + PAM_LOG("Checking login.access for user %s", user); + if (login_access(user, "***unknown***") != 0) + return (PAM_SUCCESS); + PAM_VERBOSE_ERROR("%s is not allowed to log in", user); } return (PAM_AUTH_ERR);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201409290857.s8T8vamj094031>