Group :: System/Base
RPM: SimplePAMApps
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Patch: SimplePAMApps-0.60-alt-login-do-not-set-PAM_RUSER-and-PAM_RHOST.patch
Download
Download
From 4c2f92118562a0c625ecadd3cf442d8673c669a7 Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@altlinux.org>
Date: Fri, 3 Jul 2020 08:00:00 +0000
Subject: [PATCH] login: do not set PAM_RUSER and PAM_RHOST unnecessarily
Do not set PAM_RUSER to "[system]", it makes no sense.
Do not set PAM_RHOST unless -h option is specified,
this fixes PAM_TTY support in pam_access because
PAM_RHOST has a higher priority than PAM_TTY in pam_access.
Resolves: https://bugzilla.altlinux.org/38655
---
SimplePAMApps/pamapps/login/login.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/SimplePAMApps/pamapps/login/login.c b/SimplePAMApps/pamapps/login/login.c
index 4dee826..815cbb2 100644
--- a/SimplePAMApps/pamapps/login/login.c
+++ b/SimplePAMApps/pamapps/login/login.c
@@ -115,8 +115,7 @@ static pam_handle_t *pamh=NULL;
static char const *user=NULL;
static const char *terminal_name=NULL;
static int login_flags=0;
-static const char *login_remote_host="localhost";
-static const char *login_remote_user="[system]";
+static const char *login_remote_host=NULL;
static const char *login_prompt = "login: "; /* default first time round */
static const char *user_prompt = "login: "; /* default second, third... */
@@ -493,12 +492,12 @@ void main(int argc, const char **argv)
D(("login prompt: %s", login_prompt));
retval = pam_set_item( pamh, PAM_USER_PROMPT
, (const void *) login_prompt );
- D(("rhost: %s", login_remote_host));
- (void) pam_set_item(pamh, PAM_RHOST
- , (const void *) login_remote_host );
- D(("requesting user: %s", login_remote_user));
- (void) pam_set_item(pamh, PAM_RUSER
- , (const void *) login_remote_user );
+ if (login_remote_host)
+ {
+ D(("rhost: %s", login_remote_host));
+ (void) pam_set_item(pamh, PAM_RHOST
+ , (const void *) login_remote_host );
+ }
D(("terminal[%p]: %s", pamh, terminal_name));
(void) pam_set_item( pamh, PAM_TTY, (const void *) terminal_name );
}
--
ldv