20021015
- (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.
diff --git a/ChangeLog b/ChangeLog
index 3a06ff7..315a373 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
20021015
+ - (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.
+
+20021015
- (tim) [contrib/caldera/openssh.spec] make ssh-agent setgid nobody
20021004
@@ -764,4 +767,4 @@
save auth method before monitor_reset_key_state(); bugzilla bug #284;
ok provos@
-$Id: ChangeLog,v 1.2494 2002/10/15 20:16:55 tim Exp $
+$Id: ChangeLog,v 1.2495 2002/10/16 00:13:52 mouring Exp $
diff --git a/auth.c b/auth.c
index 48720da..4e1dc16 100644
--- a/auth.c
+++ b/auth.c
@@ -202,7 +202,13 @@
}
#ifdef WITH_AIXAUTHENTICATE
- if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
+ /*
+ * Don't check loginrestrictions() for root account (use
+ * PermitRootLogin to control logins via ssh), or if running as
+ * non-root user (since loginrestrictions will always fail).
+ */
+ if ( (pw->pw_uid != 0) && (geteuid() == 0) &&
+ loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
if (loginmsg && *loginmsg) {
/* Remove embedded newlines (if any) */
char *p;