+2005-09-23 Tomas Mraz <t8m@centrum.cz>
+
+ * modules/pam_access/pam_access.c (from_match): Support NULL from.
+ (string_match): Support NULL string, add NONE keyword matching it.
+ (pam_sm_acct_mgmt): Don't fail when ttyname returns NULL.
+ * modules/pam_access/access.conf: NONE keyword description
+ * modules/pam_access/README: NONE keyword description
+
2005-09-22 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_xauth/pam_xauth.c: (check_acl, pam_sm_open_session,
# The third field should be a list of one or more tty names (for
# non-networked logins), host names, domain names (begin with "."), host
# addresses, internet network numbers (end with "."), ALL (always
-# matches) or LOCAL (matches any string that does not contain a "."
-# character).
+# matches), NONE (matches no tty on non-networked logins) or
+# LOCAL (matches any string that does not contain a "." character).
#
# If you run NIS you can use @netgroupname in host or user patterns; this
# even works for @usergroup@@hostgroup patterns. Weird.
# The third field should be a list of one or more tty names (for
# non-networked logins), host names, domain names (begin with "."), host
# addresses, internet network numbers (end with "."), ALL (always
-# matches) or LOCAL (matches any string that does not contain a "."
-# character).
+# matches), NONE (matches no tty on non-networked logins) or
+# LOCAL (matches any string that does not contain a "." character).
#
# If you run NIS you can use @netgroupname in host or user patterns; this
# even works for @usergroup@@hostgroup patterns. Weird.
* if it matches the head of the string.
*/
- if (tok[0] == '@') { /* netgroup */
+ if (string != NULL && tok[0] == '@') { /* netgroup */
return (netgroup_match(tok + 1, string, (char *) 0));
- } else if (string_match (tok, string)) /* ALL or exact match */
- return YES;
- else if (tok[0] == '.') { /* domain: match last fields */
+ } else if (string_match(tok, string)) { /* ALL or exact match */
+ return (YES);
+ } else if (string == NULL) {
+ return (NO);
+ } else if (tok[0] == '.') { /* domain: match last fields */
if ((str_len = strlen(string)) > (tok_len = strlen(tok))
&& strcasecmp(tok, string + str_len - tok_len) == 0)
return (YES);
/*
* If the token has the magic value "ALL" the match always succeeds.
* Otherwise, return YES if the token fully matches the string.
+ * "NONE" token matches NULL string.
*/
if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */
return (YES);
- } else if (strcasecmp(tok, string) == 0) { /* try exact match */
+ } else if (string != NULL) {
+ if (strcasecmp(tok, string) == 0) { /* try exact match */
+ return (YES);
+ }
+ } else if (strcasecmp(tok, "NONE") == 0) {
return (YES);
}
return (NO);
|| void_from == NULL) {
D(("PAM_TTY not set, probing stdin"));
from = ttyname(STDIN_FILENO);
- if (from == NULL) {
- pam_syslog(pamh, LOG_ERR, "couldn't get the tty name");
- return PAM_ABORT;
- }
- if (pam_set_item(pamh, PAM_TTY, from) != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_ERR, "couldn't set tty name");
- return PAM_ABORT;
- }
+ if (from != NULL) {
+ if (pam_set_item(pamh, PAM_TTY, from) != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_ERR, "couldn't set tty name");
+ return PAM_ABORT;
+ }
+ }
}
else
from = void_from;
- if (from[0] == '/') { /* full path */
+ if (from != NULL && from[0] == '/') { /* full path */
from++;
from = strchr(from, '/');
from++;
projects / linux-pam / commitdiff