Fail closed for NetBSD. If /etc/pam.d and /etc/pam.conf are missing, then
return PAM_SYSTEM_ERR. This is done by checking that chains have at least one member.
This commit is contained in:
parent
f9f7b262bb
commit
0e59802be5
6
dist/openpam/lib/openpam_dispatch.c
vendored
6
dist/openpam/lib/openpam_dispatch.c
vendored
@ -97,6 +97,12 @@ openpam_dispatch(pam_handle_t *pamh,
|
||||
RETURNC(PAM_SYSTEM_ERR);
|
||||
}
|
||||
|
||||
#ifdef __NetBSD__
|
||||
/* Require chains to exist, so that we don't fail open */
|
||||
if (chain == NULL)
|
||||
RETURNC(PAM_SYSTEM_ERR);
|
||||
#endif
|
||||
|
||||
/* execute */
|
||||
for (err = fail = 0; chain != NULL; chain = chain->next) {
|
||||
if (chain->module->func[primitive] == NULL) {
|
||||
|
Loading…
Reference in New Issue
Block a user