diff options
| author | des <des@FreeBSD.org> | 2014-09-29 08:57:36 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2014-09-29 08:57:36 +0000 |
| commit | cb586e6a884d1533545e11c569db5d97563aa2cc (patch) | |
| tree | e791dcd4277eb42897a671ad2050353488961302 /lib/libpam/modules | |
| parent | 6ad59c5594c70920fad1d6ec1315d6b6e9e9537d (diff) | |
| download | FreeBSD-src-cb586e6a884d1533545e11c569db5d97563aa2cc.zip FreeBSD-src-cb586e6a884d1533545e11c569db5d97563aa2cc.tar.gz | |
Instead of failing when neither PAM_TTY nor PAM_RHOST are available, call
login_access() with "**unknown**" as the second argument. This will allow
"ALL" rules to match.
Reported by: Tim Daneliuk <tundra@tundraware.com>
Tested by: dim@
PR: 83099 193927
MFC after: 3 days
Diffstat (limited to 'lib/libpam/modules')
| -rw-r--r-- | lib/libpam/modules/pam_login_access/pam_login_access.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/libpam/modules/pam_login_access/pam_login_access.c b/lib/libpam/modules/pam_login_access/pam_login_access.c index a29eb7d..eb9cc57 100644 --- a/lib/libpam/modules/pam_login_access/pam_login_access.c +++ b/lib/libpam/modules/pam_login_access/pam_login_access.c @@ -94,8 +94,10 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, PAM_VERBOSE_ERROR("%s is not allowed to log in on %s", user, tty); } else { - PAM_VERBOSE_ERROR("PAM_RHOST or PAM_TTY required"); - return (PAM_AUTHINFO_UNAVAIL); + PAM_LOG("Checking login.access for user %s", user); + if (login_access(user, "***unknown***") != 0) + return (PAM_SUCCESS); + PAM_VERBOSE_ERROR("%s is not allowed to log in", user); } return (PAM_AUTH_ERR); |
