Applied debian patches

2 files changed, 15 insertions, 5 deletions

diff --git a/modules/pam_access/access.conf b/modules/pam_access/access.conf
index dbaadf67..cec2be0c 100644
--- a/modules/pam_access/access.conf
+++ b/modules/pam_access/access.conf
@@ -40,8 +40,15 @@
 # logged-in user. Both the user's primary group is matched, as well as
 # groups in which users are explicitly listed.
 #
+# TTY NAMES: Must be in the form returned by ttyname(3) less the initial
+# "/dev" (e.g. tty1 or vc/1)
+#
 ##############################################################################
 # 
+# Disallow non-root logins on tty1
+#
+#-:ALL EXCEPT root:tty1
+# 
 # Disallow console logins to all but a few accounts.
 #
 #-:ALL EXCEPT wheel shutdown sync:LOCAL
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index 42e03527..4f6cf574 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -194,10 +194,11 @@ login_access (pam_handle_t *pamh, struct login_info *item)
 	    line[end] = 0;			/* strip trailing whitespace */
 	    if (line[0] == 0)			/* skip blank lines */
 		continue;
+
+	    /* Allow trailing: in last field fo froms */
 	    if (!(perm = strtok(line, fs))
 		|| !(users = strtok((char *) 0, fs))
-		|| !(froms = strtok((char *) 0, fs))
-		|| strtok((char *) 0, fs)) {
+  	        || !(froms = strtok((char *) 0, fs))) {
 		_log_err("%s: line %d: bad field count",
 			 item->config_file, lineno);
 		continue;
@@ -438,10 +439,12 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc
 	        return PAM_ABORT;
 	     }
         }
-        if (strncmp("/dev/",from,5) == 0) {          /* strip leading /dev/ */
-	    from += 5;
-        }
 
+	if (from[0] == '/') { 	/* full path */
+		from++;
+		from = strchr(from, '/');
+		from++;
+        }
     }
 
     if ((user_pw=_pammodutil_getpwnam(pamh, user))==NULL) return (PAM_USER_UNKNOWN);