From 9b4ed6689660825a5edb3153c8608a7d15b6ee1e Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 18 Aug 2005 11:22:19 +0000 Subject: [PATCH] Relevant BUGIDs: none Purpose of commit: bugfix Commit summary: --------------- Be fail-close on user lookups, always log failures, not just with "debug". Based on patch for Linux-PAM-0.75 from Solar Designer. --- CHANGELOG | 2 ++ modules/pam_securetty/pam_securetty.c | 10 +++------- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 25663bfc..62e26283 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -74,6 +74,8 @@ BerliOS Bugs are marked with (BerliOS #XXXX). * pam_userdb: Fix regression - crash when crypt param not specified (t8m) * libpam: Remove pam_authenticate_secondary stub (kukuk) * Use autoconf/automake/libtool (kukuk) +* pam_securetty: Be fail-close on user lookups, always log failures, + not just with "debug" (Solar Designer) 0.80: Wed Jul 13 13:23:20 CEST 2005 * pam_tally: test for NULL data before dereferencing them (t8m) diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c index 7a29d956..c45ef351 100644 --- a/modules/pam_securetty/pam_securetty.c +++ b/modules/pam_securetty/pam_securetty.c @@ -93,15 +93,13 @@ static int securetty_perform_check(pam_handle_t *pamh, int flags, int ctrl, retval = pam_get_user(pamh, &username, NULL); if (retval != PAM_SUCCESS || username == NULL) { - if (ctrl & PAM_DEBUG_ARG) { - _pam_log(LOG_WARNING, "cannot determine username"); - } + _pam_log(LOG_WARNING, "cannot determine username"); return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE:PAM_SERVICE_ERR); } user_pwd = _pammodutil_getpwnam(pamh, username); if (user_pwd == NULL) { - return PAM_IGNORE; + return PAM_USER_UNKNOWN; } else if (user_pwd->pw_uid != 0) { /* If the user is not root, securetty's does not apply to them */ @@ -111,9 +109,7 @@ static int securetty_perform_check(pam_handle_t *pamh, int flags, int ctrl, retval = pam_get_item(pamh, PAM_TTY, &void_uttyname); uttyname = void_uttyname; if (retval != PAM_SUCCESS || uttyname == NULL) { - if (ctrl & PAM_DEBUG_ARG) { - _pam_log(LOG_WARNING, "cannot determine user's tty"); - } + _pam_log(LOG_WARNING, "cannot determine user's tty"); return PAM_SERVICE_ERR; } -- 2.40.0