Relevant BUGIDs:

Purpose of commit: new feature Commit summary: --------------- Support for NULL tty for pam_access. 2005-09-23 Tomas Mraz <t8m@centrum.cz> * modules/pam_access/pam_access.c (from_match): Support NULL from. (string_match): Support NULL string, add NONE keyword matching it. (pam_sm_acct_mgmt): Don't fail when ttyname returns NULL. * modules/pam_access/access.conf: NONE keyword description * modules/pam_access/README: NONE keyword description
author: Tomas Mraz <tm@t8m.info> 2005-09-26 09:56:28 +0000
committer: Tomas Mraz <tm@t8m.info> 2005-09-26 09:56:28 +0000
commit: a3741192151aaf4b4d26f97fe470c9e7ea34703e (patch)
tree: f7de8e9a740e59c23275123d6b3b9f7db389e3cc /modules
parent: 1d12d6d2cd9da861ae21d07e343b817a6ee14a57 (diff)
download: pam-a3741192151aaf4b4d26f97fe470c9e7ea34703e.tar.gz
pam-a3741192151aaf4b4d26f97fe470c9e7ea34703e.tar.bz2
pam-a3741192151aaf4b4d26f97fe470c9e7ea34703e.zip
3 files changed, 23 insertions, 18 deletions
diff --git a/modules/pam_access/README b/modules/pam_access/README
index ddd4725f..c3f81d11 100644
--- a/modules/pam_access/README
+++ b/modules/pam_access/README
@@ -28,8 +28,8 @@
 # The third field should be a list of one or more tty names (for
 # non-networked logins), host names, domain names (begin with "."), host
 # addresses, internet network numbers (end with "."), ALL (always
-# matches) or LOCAL (matches any string that does not contain a "."
-# character).
+# matches), NONE (matches no tty on non-networked logins) or
+# LOCAL (matches any string that does not contain a "." character).
 #
 # If you run NIS you can use @netgroupname in host or user patterns; this
 # even works for @usergroup@@hostgroup patterns. Weird.
diff --git a/modules/pam_access/access.conf b/modules/pam_access/access.conf
index cec2be0c..98da5faa 100644
--- a/modules/pam_access/access.conf
+++ b/modules/pam_access/access.conf
@@ -28,8 +28,8 @@
 # The third field should be a list of one or more tty names (for
 # non-networked logins), host names, domain names (begin with "."), host
 # addresses, internet network numbers (end with "."), ALL (always
-# matches) or LOCAL (matches any string that does not contain a "."
-# character).
+# matches), NONE (matches no tty on non-networked logins) or
+# LOCAL (matches any string that does not contain a "." character).
 #
 # If you run NIS you can use @netgroupname in host or user patterns; this
 # even works for @usergroup@@hostgroup patterns. Weird.
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index 55b7818d..867cd9a1 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -316,11 +316,13 @@ from_match (pam_handle_t *pamh UNUSED, char *tok, struct login_info *item)
      * if it matches the head of the string.
      */
 
-    if (tok[0] == '@') {			/* netgroup */
+    if (string != NULL && tok[0] == '@') {			/* netgroup */
 	return (netgroup_match(tok + 1, string, (char *) 0));
-    } else if (string_match (tok, string)) /* ALL or exact match */
-      return YES;
-    else if (tok[0] == '.') {			/* domain: match last fields */
+    } else if (string_match(tok, string)) {	/* ALL or exact match */
+	return (YES);
+    } else if (string == NULL) {
+	return (NO);
+    } else if (tok[0] == '.') {			/* domain: match last fields */
 	if ((str_len = strlen(string)) > (tok_len = strlen(tok))
 	    && strcasecmp(tok, string + str_len - tok_len) == 0)
 	    return (YES);
@@ -371,11 +373,16 @@ string_match (const char *tok, const char *string)
     /*
      * If the token has the magic value "ALL" the match always succeeds.
      * Otherwise, return YES if the token fully matches the string.
+	 * "NONE" token matches NULL string.
      */
 
     if (strcasecmp(tok, "ALL") == 0) {		/* all: always matches */
 	return (YES);
-    } else if (strcasecmp(tok, string) == 0) {	/* try exact match */
+    } else if (string != NULL) {
+	if (strcasecmp(tok, string) == 0) {	/* try exact match */
+	    return (YES);
+	}
+    } else if (strcasecmp(tok, "NONE") == 0) {
 	return (YES);
     }
     return (NO);
@@ -418,19 +425,17 @@ pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED,
             || void_from == NULL) {
             D(("PAM_TTY not set, probing stdin"));
 	    from = ttyname(STDIN_FILENO);
-	    if (from == NULL) {
-	        pam_syslog(pamh, LOG_ERR, "couldn't get the tty name");
-	        return PAM_ABORT;
-	     }
-	    if (pam_set_item(pamh, PAM_TTY, from) != PAM_SUCCESS) {
-	        pam_syslog(pamh, LOG_ERR, "couldn't set tty name");
-	        return PAM_ABORT;
-	     }
+	    if (from != NULL) {
+	        if (pam_set_item(pamh, PAM_TTY, from) != PAM_SUCCESS) {
+	            pam_syslog(pamh, LOG_ERR, "couldn't set tty name");
+	            return PAM_ABORT;
+	        }
+	    }
         }
 	else
 	  from = void_from;
 
-	if (from[0] == '/') { 	/* full path */
+	if (from != NULL && from[0] == '/') { 	/* full path */
 		from++;
 		from = strchr(from, '/');
 		from++;
author	Tomas Mraz <tm@t8m.info>	2005-09-26 09:56:28 +0000
committer	Tomas Mraz <tm@t8m.info>	2005-09-26 09:56:28 +0000
commit	a3741192151aaf4b4d26f97fe470c9e7ea34703e (patch)
tree	f7de8e9a740e59c23275123d6b3b9f7db389e3cc /modules
parent	1d12d6d2cd9da861ae21d07e343b817a6ee14a57 (diff)
download	pam-a3741192151aaf4b4d26f97fe470c9e7ea34703e.tar.gz pam-a3741192151aaf4b4d26f97fe470c9e7ea34703e.tar.bz2 pam-a3741192151aaf4b4d26f97fe470c9e7ea34703e.zip