Relevant BUGIDs: 124394

Purpose of commit: bugfix

Commit summary:
---------------
* pam_tally - check for PAM_TTY if PAM_RHOST is not set when writing
  to faillog

diff --git a/CHANGELOG b/CHANGELOG
index 8d063dcaf9b20b1a71053ab005b867431a5f6f18..d46217b540e0fbe12e0229ae852ff30ab19aa037 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -35,6 +35,8 @@ Where you should replace XXXXX with a bug-id.
 0.74: please submit patches for this section with actual code/doc
       patches!
 
+* pam_tally - check for PAM_TTY if PAM_RHOST is not set when writing
+  to faillog (Bug 124394 - baggins)
 * use O_NOFOLLOW if available when opening debug log (Bug 124385 - baggins)
 * pam_cracklib - removed comments about pam_unix not working with
   pam_cracklib, added information about use_authtok parameter

diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c
index 436ce956a475ba6d2e4055a5056d2d38a9eb62f4..e5e17b9558cb369c7929508f4ce5bb21ba0ba873 100644 (file)
--- a/modules/pam_tally/pam_tally.c
+++ b/modules/pam_tally/pam_tally.c
@@ -295,7 +295,8 @@ static int tally_bump (int inc,
       *TALLY = NULL;
     const char
       *user  = NULL,
-      *remote_host = NULL;
+      *remote_host = NULL,
+      *cur_tty = NULL;
 
     int i=pam_get_uid(pamh, &uid, &user);
     if ( i != PAM_SUCCESS ) RETURN_ERROR( i );
@@ -306,7 +307,13 @@ static int tally_bump (int inc,
     (void) pam_get_item(pamh, PAM_RHOST, (const void **)&remote_host);
     if (!remote_host)
     {
-       strcpy(faillog.fail_line, "unknown");
+       (void) pam_get_item(pamh, PAM_TTY, (const void **)&cur_tty);
+       if (!cur_tty)
+           strcpy(faillog.fail_line, "unknown");
+       else {
+           strncpy(faillog.fail_line, cur_tty, (size_t)sizeof(faillog.fail_line));
+           faillog.fail_line[sizeof(faillog.fail_line)-1] = 0;
+       }
     }
     else
     {