From af39bbe73340d1b90d37d1ef358434119c952638 Mon Sep 17 00:00:00 2001
From: des <des@FreeBSD.org>
Date: Sat, 15 Feb 2003 23:26:49 +0000
Subject: Assume "localhost" if no remote host was specified.  This is safe
 from a POLA point of view since the stock /etc/opieaccess now allows
 localhost.

---
 lib/libpam/modules/pam_opieaccess/pam_opieaccess.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'lib/libpam')

diff --git a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c b/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c
index 67cbfc0..3201dc2 100644
--- a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c
+++ b/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c
@@ -57,7 +57,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 {
 	struct opie opie;
 	struct passwd *pwent;
-	char *luser, *rhost;
+	const char *luser, *rhost;
 	int r;
 
 	r = pam_get_item(pamh, PAM_USER, (const void **)&luser);
@@ -73,9 +73,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 	r = pam_get_item(pamh, PAM_RHOST, (const void **)&rhost);
 	if (r != PAM_SUCCESS)
 		return (r);
+	if (rhost == NULL)
+		rhost = "localhost";
 
-	if ((rhost == NULL || opieaccessfile(rhost)) &&
-	    opiealways(pwent->pw_dir) != 0)
+	if (opieaccessfile(rhost) != 0 && opiealways(pwent->pw_dir) != 0)
 		return (PAM_SUCCESS);
 
 	PAM_VERBOSE_ERROR("Refused; remote host is not in opieaccess");
-- 
cgit v1.1