diff options
| author | Jan Pechanec <Jan.Pechanec@Sun.COM> | 2010-03-01 03:13:24 -0800 |
|---|---|---|
| committer | Jan Pechanec <Jan.Pechanec@Sun.COM> | 2010-03-01 03:13:24 -0800 |
| commit | fbaf5b3e92ba3bfee8b866a9e1f3cf089e58b2ab (patch) | |
| tree | 1eac6de363c4d00a8f577115a34584454225b0a5 /usr/src/cmd/ssh/sshd | |
| parent | 59fb210ba43ce937b0c77d33aa95c1b386da785f (diff) | |
| download | illumos-joyent-fbaf5b3e92ba3bfee8b866a9e1f3cf089e58b2ab.tar.gz | |
6875954 fork error is reported with wrong errno in sshd.c
6916082 sshd(1M) ignores nologin(4) if /etc/nologin is not world readable
Diffstat (limited to 'usr/src/cmd/ssh/sshd')
| -rw-r--r-- | usr/src/cmd/ssh/sshd/session.c | 28 | ||||
| -rw-r--r-- | usr/src/cmd/ssh/sshd/sshd.c | 14 |
2 files changed, 21 insertions, 21 deletions
diff --git a/usr/src/cmd/ssh/sshd/session.c b/usr/src/cmd/ssh/sshd/session.c index 97653a0f9d..871b06c758 100644 --- a/usr/src/cmd/ssh/sshd/session.c +++ b/usr/src/cmd/ssh/sshd/session.c @@ -32,7 +32,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -1233,29 +1233,29 @@ do_rc_files(Session *s, const char *shell) } } +/* Disallow logins if /etc/nologin exists. This does not apply to root. */ static void do_nologin(struct passwd *pw) { FILE *f = NULL; char buf[1024]; + struct stat sb; -#ifdef HAVE_LOGIN_CAP - if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid) - f = fopen(login_getcapstr(lc, "nologin", _PATH_NOLOGIN, - _PATH_NOLOGIN), "r"); -#else - if (pw->pw_uid) - f = fopen(_PATH_NOLOGIN, "r"); -#endif - if (f) { - /* /etc/nologin exists. Print its contents and exit. */ - log("User %.100s not allowed because %s exists", - pw->pw_name, _PATH_NOLOGIN); + if (pw->pw_uid == 0) + return; + + if (stat(_PATH_NOLOGIN, &sb) == -1) + return; + + /* /etc/nologin exists. Print its contents if we can and exit. */ + log("User %.100s not allowed because %s exists.", pw->pw_name, + _PATH_NOLOGIN); + if ((f = fopen(_PATH_NOLOGIN, "r")) != NULL) { while (fgets(buf, sizeof(buf), f)) fputs(buf, stderr); fclose(f); - exit(254); } + exit(254); } /* Chroot into ChrootDirectory if the option is set. */ diff --git a/usr/src/cmd/ssh/sshd/sshd.c b/usr/src/cmd/ssh/sshd/sshd.c index 98e5570fee..2972d40819 100644 --- a/usr/src/cmd/ssh/sshd/sshd.c +++ b/usr/src/cmd/ssh/sshd/sshd.c @@ -41,7 +41,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -1415,17 +1415,17 @@ main(int ac, char **av) break; } + /* Parent. Stay in the loop. */ + if (pid < 0) + error("fork: %.100s", strerror(errno)); + else + debug("Forked child %ld.", (long)pid); + #ifdef HAVE_SOLARIS_CONTRACTS contracts_post_fork_parent((pid > 0)); #endif /* HAVE_SOLARIS_CONTRACTS */ } - /* Parent. Stay in the loop. */ - if (pid < 0) - error("fork: %.100s", strerror(errno)); - else - debug("Forked child %ld.", (long)pid); - (void) close(startup_p[1]); /* Mark that the key has been used (it was "given" to the child). */ |