Fail closed for NetBSD. If /etc/pam.d and /etc/pam.conf are missing, then

return PAM_SYSTEM_ERR. This is done by checking that chains have at least
one member.
This commit is contained in:
christos 2005-01-12 01:38:23 +00:00
parent f9f7b262bb
commit 0e59802be5

View File

@ -97,6 +97,12 @@ openpam_dispatch(pam_handle_t *pamh,
RETURNC(PAM_SYSTEM_ERR);
}
#ifdef __NetBSD__
/* Require chains to exist, so that we don't fail open */
if (chain == NULL)
RETURNC(PAM_SYSTEM_ERR);
#endif
/* execute */
for (err = fail = 0; chain != NULL; chain = chain->next) {
if (chain->module->func[primitive] == NULL) {