Date: Sat, 6 Jan 2007 11:47:15 GMT From: TANAKA Hiroyuki<kattyo@abk.nu> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/107612: pam_nologin(8) ignore the login class capability nologin except default class. Message-ID: <200701061147.l06BlFdV005332@www.freebsd.org> Resent-Message-ID: <200701061150.l06BoKiY018448@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 107612 >Category: bin >Synopsis: pam_nologin(8) ignore the login class capability nologin except default class. >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Jan 06 11:50:20 GMT 2007 >Closed-Date: >Last-Modified: >Originator: TANAKA Hiroyuki >Release: 6.2-RC1 >Organization: >Environment: FreeBSD tachikoma 6.2-RC1 FreeBSD 6.2-RC1 #0: Thu Nov 16 05:12:08 UTC 2006 root@opus.cse.buffalo.edu:/usr/obj/usr/src/sys/SMP i386 >Description: The pam_nologin module is only use the "default" entry in /etc/login.conf database. I want to use login class for local users to control nologin with specific pam entries. >How-To-Repeat: >Fix: Patch attached with submission follows: --- pam_nologin.c.org Sat Apr 13 07:27:21 2002 +++ pam_nologin.c Sat Jan 6 20:18:32 2007 @@ -73,7 +73,11 @@ PAM_LOG("Got user: %s", user); - lc = login_getclass(NULL); + pwd = getpwnam(user); + if (pwd && pwd->pw_uid == 0) + retval = PAM_SUCCESS; + + lc = login_getpwclass(pwd); nologin = login_getcapstr(lc, "nologin", nologin_def, nologin_def); login_close(lc); lc = NULL; @@ -84,15 +88,10 @@ PAM_LOG("Opened %s file", NOLOGIN); - pwd = getpwnam(user); - if (pwd && pwd->pw_uid == 0) - retval = PAM_SUCCESS; - else { - if (!pwd) - retval = PAM_USER_UNKNOWN; - else - retval = PAM_AUTH_ERR; - } + if (!pwd) + retval = PAM_USER_UNKNOWN; + else + retval = PAM_AUTH_ERR; if (fstat(fd, &st) < 0) return (retval); >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701061147.l06BlFdV005332>