- guenther@cvs.openbsd.org 2012/03/15 03:10:27

[session.c] root should always be excluded from the test for /etc/nologin instead of having it always enforced even when marked as ignorenologin. This regressed when the logic was incompletely flipped around in rev 1.251 ok halex@ millert@
2012-04-22 11:08:10 +10:00 · 2012-04-22 11:08:10 +10:00 · 29cd188887
parent a563cced06
commit 29cd188887
2 changed files with 8 additions and 2 deletions
--- a/6
+++ b/6
@ -3,6 +3,12 @@
   - djm@cvs.openbsd.org 2012/02/29 11:21:26
     [ssh-keygen.c]
     allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@
+   - guenther@cvs.openbsd.org 2012/03/15 03:10:27
+     [session.c]
+     root should always be excluded from the test for /etc/nologin instead
+     of having it always enforced even when marked as ignorenologin.  This
+     regressed when the logic was incompletely flipped around in rev 1.251
+     ok halex@ millert@

 20120420
 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
--- a/session.c
+++ b/session.c
@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.259 2011/10/24 02:13:13 djm Exp $ */
+/* $OpenBSD: session.c,v 1.260 2012/03/15 03:10:27 guenther Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@ -1390,7 +1390,7 @@ do_nologin(struct passwd *pw)
 	struct stat sb;

 #ifdef HAVE_LOGIN_CAP
-	if (login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid)
+	if (login_getcapbool(lc, "ignorenologin", 0) || pw->pw_uid == 0)
 		return;
 	nl = login_getcapstr(lc, "nologin", def_nl, def_nl);
 #else