[session.c]
     Do not allow logins if /etc/nologin exists but is not readable by the user
     logging in.  Noted by Jan.Pechanec at Sun, ok djm@ deraadt@
This commit is contained in:
Darren Tucker 2010-01-12 19:45:26 +11:00
parent c6cc90b465
commit 1b0c2455da
2 changed files with 8 additions and 2 deletions

View File

@ -27,6 +27,10 @@
[roaming_common.c] [roaming_common.c]
delete with extreme prejudice a debug() that fired with every keypress; delete with extreme prejudice a debug() that fired with every keypress;
ok dtucker deraadt ok dtucker deraadt
- dtucker@cvs.openbsd.org 2010/01/12 01:31:05
[session.c]
Do not allow logins if /etc/nologin exists but is not readable by the user
logging in. Noted by Jan.Pechanec at Sun, ok djm@ deraadt@
20100110 20100110
- (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c]

View File

@ -1,4 +1,4 @@
/* $OpenBSD: session.c,v 1.249 2009/11/20 00:15:41 dtucker Exp $ */ /* $OpenBSD: session.c,v 1.250 2010/01/12 01:31:05 dtucker Exp $ */
/* /*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved * All rights reserved
@ -1387,10 +1387,12 @@ do_nologin(struct passwd *pw)
if (pw->pw_uid) if (pw->pw_uid)
f = fopen(_PATH_NOLOGIN, "r"); f = fopen(_PATH_NOLOGIN, "r");
#endif #endif
if (f) { if (f != NULL || errno == EPERM) {
/* /etc/nologin exists. Print its contents and exit. */ /* /etc/nologin exists. Print its contents and exit. */
logit("User %.100s not allowed because %s exists", logit("User %.100s not allowed because %s exists",
pw->pw_name, _PATH_NOLOGIN); pw->pw_name, _PATH_NOLOGIN);
if (f == NULL)
exit(254);
while (fgets(buf, sizeof(buf), f)) while (fgets(buf, sizeof(buf), f))
fputs(buf, stderr); fputs(buf, stderr);
fclose(f); fclose(f);