diff options
| author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2014-09-29 08:57:36 +0000 |
|---|---|---|
| committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2014-09-29 08:57:36 +0000 |
| commit | 4c37ae306534d24ed765a45115de2bebb2255b87 (patch) | |
| tree | e791dcd4277eb42897a671ad2050353488961302 /lib | |
| parent | 82ac9f2bf78b62e8e164c613d3142e78a0028fe8 (diff) | |
| download | src-4c37ae306534d24ed765a45115de2bebb2255b87.tar.gz src-4c37ae306534d24ed765a45115de2bebb2255b87.zip | |
Instead of failing when neither PAM_TTY nor PAM_RHOST are available, call
login_access() with "**unknown**" as the second argument. This will allow
"ALL" rules to match.
Reported by: Tim Daneliuk <tundra@tundraware.com>
Tested by: dim@
PR: 83099 193927
MFC after: 3 days
Notes
Notes:
svn path=/head/; revision=272280
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libpam/modules/pam_login_access/pam_login_access.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/libpam/modules/pam_login_access/pam_login_access.c b/lib/libpam/modules/pam_login_access/pam_login_access.c index a29eb7dc3862..eb9cc57e1e64 100644 --- a/lib/libpam/modules/pam_login_access/pam_login_access.c +++ b/lib/libpam/modules/pam_login_access/pam_login_access.c @@ -94,8 +94,10 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, PAM_VERBOSE_ERROR("%s is not allowed to log in on %s", user, tty); } else { - PAM_VERBOSE_ERROR("PAM_RHOST or PAM_TTY required"); - return (PAM_AUTHINFO_UNAVAIL); + PAM_LOG("Checking login.access for user %s", user); + if (login_access(user, "***unknown***") != 0) + return (PAM_SUCCESS); + PAM_VERBOSE_ERROR("%s is not allowed to log in", user); } return (PAM_AUTH_ERR); |