Relevant BUGIDs: 547051, 547521

Purpose of commit: bugfixes

Commit summary:
---------------
Both of these fixes inspired by use with X based services.
The first makes a TTY of the form hostname:0 work (if you specify a different
separator with the module argument "fieldsep=".
The second treats "" for a RHOST the same way it would treat a NULL value.

CHANGELOG

@@ -55,6 +55,8 @@ bug report - outstanding bugs are listed here:
 0.76: please submit patches for this section with actual code/doc
       patches!
 
+* pam_access: added the 'fieldsep=' argument (Bug 547051 - agmorgan),
+  made a PAM_RHOST of "" equivalent to NULL (Bug 547521 - agmorgan).
 * pam_limits: keep well know behaviour of maxlogins default ('*') limit
   (Bug 533664 - baggins)
 * pam_unix: more from Nalin log password changes (Bug 517743 - agmorgan)

doc/modules/pam_access.sgml

@@ -22,8 +22,6 @@ Alexei Nogin <alexei@nogin.dnttm.ru>
 
 <tag><bf>Maintainer:</bf></tag>
 	
-Author
-
 <tag><bf>Management groups provided:</bf></tag>
 
 account
@@ -59,7 +57,8 @@ Provides logdaemon style login access control.
 
 <tag><bf>Recognized arguments:</bf></tag>
 
-<tt>accessfile=<it>/path/to/file.conf</it></tt>
+<tt>accessfile=<it>/path/to/file.conf</it></tt>;
+<tt>fieldsep=<it>separators</it></tt>
 
 <tag><bf>Description:</bf></tag>
 
@@ -79,7 +78,17 @@ arguments:
 indicate an alternative <em/access/ configuration file to override 
 the default. This can be useful when different services need different 
 access lists. 
- 
+
+<item><tt>fieldsep=<it>separators</it></tt> -
+this option modifies the field separator character that
+<tt/pam_access/ will recognize when parsing the access configuration
+file. For example: <tt>fieldsep=|</tt> will cause the default `:'
+character to be treated as part of a field value and `|' becomes the
+field separator. Doing this is useful in conjuction with a system that
+wants to use pam_access with X based applications, since the
+<tt/PAM_TTY/ item is likely to be of the form "hostname:0" which
+includes a `:' character in its value.
+
 </itemize> 
 
 <tag><bf>Examples/suggested usage:</bf></tag>

modules/pam_access/access.conf

@@ -8,6 +8,12 @@
 # 
 # Format of the login access control table is three fields separated by a
 # ":" character:
+#
+# [Note, if you supply a 'fieldsep=|' argument to the pam_access.so
+# module, you can change the field separation character to be
+# '|'. This is useful for configurations where you are trying to use
+# pam_access with X applications that provide PAM_TTY values that are
+# the display variable like "host:0".]
 # 
 # 	permission : users : origins
 # 

modules/pam_access/pam_access.c

@@ -87,7 +87,7 @@ int strcasecmp(const char *s1, const char *s2);
 
  /* Delimiters for fields and for lists of users, ttys or hosts. */
 
-static const char fs[] = ":";			/* field separator */
+static const char *fs = ":";			/* field separator */
 static const char sep[] = ", \t";		/* list-element separator */
 
  /* Constants to be used in assignments only, not in comparisons... */
@@ -126,7 +126,12 @@ static int parse_args(struct login_info *loginfo, int argc, const char **argv)
     int i;
 
     for (i=0; i<argc; ++i) {
-	if (!strncmp("accessfile=", argv[i], 11)) {
+	if (!strncmp("fieldsep=", argv[i], 9)) {
+
+	    /* the admin wants to override the default field separators */
+	    fs = argv[i]+9;
+
+	} else if (!strncmp("accessfile=", argv[i], 11)) {
 	    FILE *fp = fopen(11 + argv[i], "r");
 
 	    if (fp) {
@@ -427,7 +432,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc
 	return PAM_ABORT;
     }
 
-    if (from==NULL) {
+    if ((from==NULL) || (*from=='\0')) {
 
         /* local login, set tty name */