[src/trunk]: src/dist/openpam/lib Never fail open: auth chain *must* have at ...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/c97924172da3
branches:  trunk
changeset: 574907:c97924172da3
user:      christos <christos%NetBSD.org@localhost>
date:      Wed Mar 16 15:28:55 2005 +0000

description:
Never fail open: auth chain *must* have at least one required or binding
element.

diffstat:

 dist/openpam/lib/openpam_configure.c |  20 ++++++++++++++++++++
 1 files changed, 20 insertions(+), 0 deletions(-)

diffs (30 lines):

diff -r 2268a54ed4f4 -r c97924172da3 dist/openpam/lib/openpam_configure.c
--- a/dist/openpam/lib/openpam_configure.c      Wed Mar 16 15:05:25 2005 +0000
+++ b/dist/openpam/lib/openpam_configure.c      Wed Mar 16 15:28:55 2005 +0000
@@ -329,6 +329,26 @@
                if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0)
                        goto load_err;
        }
+#ifdef __NetBSD__
+       /*
+        * On NetBSD we require the AUTH chain to have a binding
+        * or a required module.
+        */
+       {
+               pam_chain_t *this = pamh->chains[PAM_AUTH];
+               for (; this != NULL; this = this->next)
+                       if (this->flag == PAM_BINDING ||
+                           this->flag == PAM_REQUIRED)
+                               break;
+               if (this == NULL) {
+                       openpam_log(PAM_LOG_ERROR,
+                           "No required or binding component "
+                           "in service %s, facility %s",
+                           service, _pam_facility_name[PAM_AUTH]);
+                       goto load_err;
+               }
+       }
+#endif
        return (PAM_SUCCESS);
  load_err:
        openpam_clear_chains(pamh->chains);