diff options
| author | Thorsten Kukuk <kukuk@thkukuk.de> | 2005-08-18 11:22:19 +0000 |
|---|---|---|
| committer | Thorsten Kukuk <kukuk@thkukuk.de> | 2005-08-18 11:22:19 +0000 |
| commit | 9b4ed6689660825a5edb3153c8608a7d15b6ee1e (patch) | |
| tree | 6c9292e9a016cce8cc6ef3676d00051b73dba66b | |
| parent | 41646d56c2d9f73da79b9b2c2d415e747e13d9ca (diff) | |
| download | pam-9b4ed6689660825a5edb3153c8608a7d15b6ee1e.tar.gz pam-9b4ed6689660825a5edb3153c8608a7d15b6ee1e.tar.bz2 pam-9b4ed6689660825a5edb3153c8608a7d15b6ee1e.zip | |
Relevant BUGIDs: none
Purpose of commit: bugfix
Commit summary:
---------------
Be fail-close on user lookups, always log failures, not just with "debug".
Based on patch for Linux-PAM-0.75 from Solar Designer.
| -rw-r--r-- | CHANGELOG | 2 | ||||
| -rw-r--r-- | modules/pam_securetty/pam_securetty.c | 10 |
2 files changed, 5 insertions, 7 deletions
@@ -74,6 +74,8 @@ BerliOS Bugs are marked with (BerliOS #XXXX). * pam_userdb: Fix regression - crash when crypt param not specified (t8m) * libpam: Remove pam_authenticate_secondary stub (kukuk) * Use autoconf/automake/libtool (kukuk) +* pam_securetty: Be fail-close on user lookups, always log failures, + not just with "debug" (Solar Designer) 0.80: Wed Jul 13 13:23:20 CEST 2005 * pam_tally: test for NULL data before dereferencing them (t8m) diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c index 7a29d956..c45ef351 100644 --- a/modules/pam_securetty/pam_securetty.c +++ b/modules/pam_securetty/pam_securetty.c @@ -93,15 +93,13 @@ static int securetty_perform_check(pam_handle_t *pamh, int flags, int ctrl, retval = pam_get_user(pamh, &username, NULL); if (retval != PAM_SUCCESS || username == NULL) { - if (ctrl & PAM_DEBUG_ARG) { - _pam_log(LOG_WARNING, "cannot determine username"); - } + _pam_log(LOG_WARNING, "cannot determine username"); return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE:PAM_SERVICE_ERR); } user_pwd = _pammodutil_getpwnam(pamh, username); if (user_pwd == NULL) { - return PAM_IGNORE; + return PAM_USER_UNKNOWN; } else if (user_pwd->pw_uid != 0) { /* If the user is not root, securetty's does not apply to them */ @@ -111,9 +109,7 @@ static int securetty_perform_check(pam_handle_t *pamh, int flags, int ctrl, retval = pam_get_item(pamh, PAM_TTY, &void_uttyname); uttyname = void_uttyname; if (retval != PAM_SUCCESS || uttyname == NULL) { - if (ctrl & PAM_DEBUG_ARG) { - _pam_log(LOG_WARNING, "cannot determine user's tty"); - } + _pam_log(LOG_WARNING, "cannot determine user's tty"); return PAM_SERVICE_ERR; } |