Relevant BUGIDs: patch 476967

Purpose of commit: bugfix

Commit summary:
---------------
Patch from Nalin Dahyabhai: an empty tty value is not fatal when the
user isn't root.

diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c
index c69180ab5a7f0348d3fe33e61f72e307fa8e6675..a5ae0df8ed1e6e257790c4b4583ec171d6d88ad6 100644 (file)
--- a/modules/pam_securetty/pam_securetty.c
+++ b/modules/pam_securetty/pam_securetty.c
@@ -97,14 +97,6 @@ static int securetty_perform_check(pam_handle_t *pamh, int flags, int ctrl,
        return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE:PAM_SERVICE_ERR);
     }
 
-    retval = pam_get_item(pamh, PAM_TTY, (const void **)&uttyname);
-    if (retval != PAM_SUCCESS || uttyname == NULL) {
-        if (ctrl & PAM_DEBUG_ARG) {
-            _pam_log(LOG_WARNING, "cannot determine user's tty");
-       }
-       return PAM_SERVICE_ERR;
-    }
-
     /* The PAM_TTY item may be prefixed with "/dev/" - skip that */
     if (strncmp(TTY_PREFIX, uttyname, sizeof(TTY_PREFIX)-1) == 0) {
        uttyname += sizeof(TTY_PREFIX)-1;
@@ -119,6 +111,14 @@ static int securetty_perform_check(pam_handle_t *pamh, int flags, int ctrl,
        return PAM_SUCCESS;
     }
 
+    retval = pam_get_item(pamh, PAM_TTY, (const void **)&uttyname);
+    if (retval != PAM_SUCCESS || uttyname == NULL) {
+        if (ctrl & PAM_DEBUG_ARG) {
+            _pam_log(LOG_WARNING, "cannot determine user's tty");
+       }
+       return PAM_SERVICE_ERR;
+    }
+
     if (stat(SECURETTY_FILE, &ttyfileinfo)) {
        _pam_log(LOG_NOTICE, "Couldn't open " SECURETTY_FILE);
        return PAM_SUCCESS; /* for compatibility with old securetty handling,