20021015

 - (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.

diff --git a/ChangeLog b/ChangeLog
index 3a06ff76d44ac7a9a0c8184a7f120aba3c9f99eb..315a37328240d993007658bb095b818f33550adb 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+20021015
+ - (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.
+
 20021015
  - (tim) [contrib/caldera/openssh.spec] make ssh-agent setgid nobody
 
@@ -764,4 +767,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2494 2002/10/15 20:16:55 tim Exp $
+$Id: ChangeLog,v 1.2495 2002/10/16 00:13:52 mouring Exp $

diff --git a/auth.c b/auth.c
index 48720da8f295a1183af029583f2878ae2bc29457..4e1dc1641e9fc08cf69874efa9ed33006ad770ab 100644 (file)
--- a/auth.c
+++ b/auth.c
@@ -202,7 +202,13 @@ allowed_user(struct passwd * pw)
        }
 
 #ifdef WITH_AIXAUTHENTICATE
-       if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
+       /*
+        * Don't check loginrestrictions() for root account (use
+        * PermitRootLogin to control logins via ssh), or if running as
+        * non-root user (since loginrestrictions will always fail).
+        */
+       if ( (pw->pw_uid != 0) && (geteuid() == 0) &&
+           loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
                if (loginmsg && *loginmsg) {
                        /* Remove embedded newlines (if any) */
                        char *p;