Merge from head@274682

5 files changed, 40 insertions, 9 deletions

diff --git a/lib/libpam/libpam/Makefile b/lib/libpam/libpam/Makefile
index a654cf7..7a425e0 100644
--- a/lib/libpam/libpam/Makefile
+++ b/lib/libpam/libpam/Makefile
@@ -66,6 +66,7 @@ SRCS=	openpam_asprintf.c \
 	openpam_straddch.c \
 	openpam_strlcat.c \
 	openpam_strlcpy.c \
+	openpam_strlset.c \
 	openpam_subst.c \
 	openpam_ttyconv.c \
 	openpam_vasprintf.c \
@@ -175,4 +176,8 @@ ADD_HEADERS=	security/pam_mod_misc.h
 INCS=		${HEADERS} ${ADD_HEADERS}
 INCSDIR=	${INCLUDEDIR}/security
 
+.if ${MK_TESTS} != "no"
+SUBDIR+=        tests
+.endif
+
 .include <bsd.lib.mk>
diff --git a/lib/libpam/libpam/tests/Makefile b/lib/libpam/libpam/tests/Makefile
new file mode 100644
index 0000000..2ad64e2
--- /dev/null
+++ b/lib/libpam/libpam/tests/Makefile
@@ -0,0 +1,19 @@
+# $FreeBSD$
+
+OPENPAM = ${.CURDIR}/../../../../contrib/openpam
+.PATH: ${OPENPAM}/t
+
+TESTSDIR = ${TESTSBASE}/lib/libpam
+
+COMMONSRC = t_file.c t_main.c
+.for test in t_openpam_ctype t_openpam_readlinev t_openpam_readword
+TAP_TESTS_C += ${test}
+SRCS.${test} = ${test}.c ${COMMONSRC}
+.endfor
+CFLAGS +=-I${OPENPAM}/include -I${OPENPAM}/lib/libpam -I${OPENPAM}/t
+WARNS ?= 6
+
+DPADD = ${LIBPAM}
+LDADD = ${MINUSLPAM}
+
+.include <bsd.test.mk>
diff --git a/lib/libpam/modules/pam_login_access/pam_login_access.c b/lib/libpam/modules/pam_login_access/pam_login_access.c
index 945d5eb..fe16662 100644
--- a/lib/libpam/modules/pam_login_access/pam_login_access.c
+++ b/lib/libpam/modules/pam_login_access/pam_login_access.c
@@ -79,20 +79,27 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
 
 	gethostname(hostname, sizeof hostname);
 
-	if (rhost == NULL || *(const char *)rhost == '\0') {
+	if (rhost != NULL && *(const char *)rhost != '\0') {
+		PAM_LOG("Checking login.access for user %s from host %s",
+		    (const char *)user, (const char *)rhost);
+		if (login_access(user, rhost) != 0)
+			return (PAM_SUCCESS);
+		PAM_VERBOSE_ERROR("%s is not allowed to log in from %s",
+		    (const char *)user, (const char *)rhost);
+	} else if (tty != NULL && *(const char *)tty != '\0') {
 		PAM_LOG("Checking login.access for user %s on tty %s",
 		    (const char *)user, (const char *)tty);
 		if (login_access(user, tty) != 0)
 			return (PAM_SUCCESS);
 		PAM_VERBOSE_ERROR("%s is not allowed to log in on %s",
-		    user, tty);
+		    (const char *)user, (const char *)tty);
 	} else {
-		PAM_LOG("Checking login.access for user %s from host %s",
-		    (const char *)user, (const char *)rhost);
-		if (login_access(user, rhost) != 0)
+		PAM_LOG("Checking login.access for user %s",
+		    (const char *)user);
+		if (login_access(user, "***unknown***") != 0)
 			return (PAM_SUCCESS);
-		PAM_VERBOSE_ERROR("%s is not allowed to log in from %s",
-		    user, rhost);
+		PAM_VERBOSE_ERROR("%s is not allowed to log in",
+		    (const char *)user);
 	}
 
 	return (PAM_AUTH_ERR);
diff --git a/lib/libpam/modules/pam_opie/pam_opie.c b/lib/libpam/modules/pam_opie/pam_opie.c
index bfb875f..9625373 100644
--- a/lib/libpam/modules/pam_opie/pam_opie.c
+++ b/lib/libpam/modules/pam_opie/pam_opie.c
@@ -62,7 +62,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 	struct passwd *pwd;
 	int retval, i;
 	const char *(promptstr[]) = { "%s\nPassword: ", "%s\nPassword [echo on]: "};
-	char challenge[OPIE_CHALLENGE_MAX];
+	char challenge[OPIE_CHALLENGE_MAX + 1];
 	char principal[OPIE_PRINCIPAL_MAX];
 	const char *user;
 	char *response;
diff --git a/lib/libpam/modules/pam_ssh/Makefile b/lib/libpam/modules/pam_ssh/Makefile
index 886610a..5643f32 100644
--- a/lib/libpam/modules/pam_ssh/Makefile
+++ b/lib/libpam/modules/pam_ssh/Makefile
@@ -14,7 +14,7 @@ WARNS?=	3
 CFLAGS+= -I${SSHDIR} -include ssh_namespace.h
 
 DPADD=	${LIBSSH} ${LIBCRYPTO} ${LIBCRYPT}
-LDADD=	-lssh -lcrypto -lcrypt
+LDADD=	${LDSSH} -lcrypto -lcrypt
 USEPRIVATELIB= ssh
 
 .include <bsd.lib.mk>