Here's a patch for a feature I'm used to having in the old commercial
ssh.
It checks for usernames the file /etc/nologin.allow when /etc/nologin is in
place, and lets the users mentioned in /etc/nologin.allow in regardless of
/etc/nologin. This is very usefull for remote administration of servers.
Please consider applying this.
-jf
-------------- next part --------------
--- openssh-SNAP-2000082900/session.c Tue Aug 29 02:33:51 2000
+++ openssh/session.c Wed Aug 30 12:17:13 2000
@@ -943,6 +943,9 @@
while (fgets(buf, sizeof(buf), f))
fputs(buf, stderr);
fclose(f);
+#ifdef NOLOGINALLOW
+ if (nologin_allow(pw->pw_name) != 1)
+#endif /* NOLOGINALLOW */
exit(254);
}
}
@@ -1858,4 +1861,29 @@
server_loop2();
if (xauthfile)
xauthfile_cleanup_proc(NULL);
+}
+
+int
+nologin_allow(char *username)
+{
+ char buf[256], buf2[256];
+ FILE *f = NULL;
+
+ /* Appending an "\n" to the username since that's what it'll
read like
+ * in the file.
+ */
+ strcpy(buf2, username);
+ strcat(buf2, "\n");
+
+ f = fopen("/etc/nologin.allow", "r");
+ if (f) {
+ while (fgets(buf, sizeof(buf), f))
+ if (strcmp(buf2, buf) == 0) {
+ fputs("WARNING: Let in by /etc/nologin.allow\n", stderr);
+ fclose(f);
+ return(1);
+ }
+ fclose(f);
+ }
+ return(0);
}
