Pluggable Auth Modules

Tracker: Bugs

5 0.75: pam_limits user maxlogins is off-by-one - ID: 493294

Last Update: Comment added ( nobody )

Details:

Setting a maximum number of logins using the pam_limits
module results in an off-by-one number of logins. The
user is allowed to log in once to often.

Create an entry in /etc/security/limits.conf like:

testuser - maxlogins 1

and test. testuser can login twice.

The attached patch is tested to fix it in pam-0.74 and
pam CVS.

Explanation:
in check_logins(), there is a loop over the utmp
entries that increments count. count is then checked
against limit -- however it should use >= instead of >
because the current login isn't complete, and hence
isn't written to the utmp file yet.

Submitted:

Berend De Schouwer ( bdeschouwer ) - 2001-12-14 13:50

Priority:

Status:

Closed

Resolution:

Fixed

Assigned:

Andrew G. Morgan

Category:

modules

Group:

bugfix

Visibility:

Public

Comments ( 3 )

Date: 2007-10-06 09:15 Sender: nobody Logged In: NO how to use the patch file? and my pam version is pam-0.75-51
Date: 2002-07-08 13:22 Sender: nobody Logged In: NO There are lots of patches and fixes in CVS and 0.75 has been out for months, isn't it time for a new release? I have 55 patches in my spec file so far and looking at another one right now because of this pam_limits bug here.
Date: 2002-01-19 07:11 Sender: agmorgan Logged In: YES user_id=37107 So, it turns out that you are right, but there is a legitimate reason for the behavior of the module as it was implemented. I've fixed the default behavior to match the one you indicate, and also added a new module argument "utmp_early" to make the module work as it used to. I'd be happy if you could look over the following CVS changes and try the resulting module out and file any problems as a follow up bug report. Thanks for taking the time to point out the crux of this problem. Cheers Andrew Checking in CHANGELOG; /cvsroot/pam/Linux-PAM/CHANGELOG,v <-- CHANGELOG new revision: 1.120; previous revision: 1.119 done Checking in doc/modules/pam_limits.sgml; /cvsroot/pam/Linux-PAM/doc/modules/pam_limits.sgml,v <-- pam_limits.sgml new revision: 1.6; previous revision: 1.5 done Checking in modules/pam_limits/README; /cvsroot/pam/Linux-PAM/modules/pam_limits/README,v <-- README new revision: 1.6; previous revision: 1.5 done Checking in modules/pam_limits/pam_limits.c; /cvsroot/pam/Linux-PAM/modules/pam_limits/pam_limits.c,v <-- pam_limits.c new revision: 1.11; previous revision: 1.10 done

Log in to comment.

Attached File ( 1 )

Filename	Description	Download
pam_limits.user.patch		Download

Changes ( 6 )

Field	Old Value	Date	By
status_id	Open	2002-01-19 07:11	agmorgan
resolution_id	None	2002-01-19 07:11	agmorgan
assigned_to	nobody	2002-01-19 07:11	agmorgan
summary	pam_limits user maxlogins is off-by-one	2002-01-19 07:11	agmorgan
close_date	-	2002-01-19 07:11	agmorgan
File Added	14698: pam_limits.user.patch	2001-12-14 13:50	bdeschouwer

Pluggable Auth Modules

Tracker: Bugs

Comments ( 3 )

Log in to comment.

Attached File ( 1 )

Changes ( 6 )

About SourceForge

Find Software

Develop Software

Community

Help