diff options
author | Darren Tucker <dtucker@zip.com.au> | 2010-01-12 19:45:26 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2010-01-12 19:45:26 +1100 |
commit | 1b0c2455daf26b9eca30210f7628b7e4667501ad (patch) | |
tree | ff63ea5e8339474020c352515a2b095561431c06 /session.c | |
parent | c6cc90b4653ad605072f11986cdbfc8a9d968185 (diff) | |
download | openssh-git-1b0c2455daf26b9eca30210f7628b7e4667501ad.tar.gz |
- dtucker@cvs.openbsd.org 2010/01/12 01:31:05
[session.c]
Do not allow logins if /etc/nologin exists but is not readable by the user
logging in. Noted by Jan.Pechanec at Sun, ok djm@ deraadt@
Diffstat (limited to 'session.c')
-rw-r--r-- | session.c | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.249 2009/11/20 00:15:41 dtucker Exp $ */ +/* $OpenBSD: session.c,v 1.250 2010/01/12 01:31:05 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -1387,10 +1387,12 @@ do_nologin(struct passwd *pw) if (pw->pw_uid) f = fopen(_PATH_NOLOGIN, "r"); #endif - if (f) { + if (f != NULL || errno == EPERM) { /* /etc/nologin exists. Print its contents and exit. */ logit("User %.100s not allowed because %s exists", pw->pw_name, _PATH_NOLOGIN); + if (f == NULL) + exit(254); while (fgets(buf, sizeof(buf), f)) fputs(buf, stderr); fclose(f); |