openssh unix dev - Sep 2002 - [PATCH] Only call loginrestiction on AIX if running as root

Hi All,
        I have found that the regression tests on AIX failed as a
non-root
user. This is due to a call to loginrestrictions() failing.

        The man page for loginrestrictions says:
"Access Control:The calling process must have access to the account
information in the user database and the port information in the port
database."

        These files are: /etc/security/user, /etc/security/login.cfg and
/etc/security/portlog, which are readable only by root or group
"security". 

        Please consider applying the attached patch, which calls
loginrestrictions only if running as root.

        With this patch, AIX 4.2.1 & 4.3.3 complete the entire
regression suite
without sudo.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
-------------- next part --------------
Index: auth.c
==================================================================RCS file:
/cvs/openssh/auth.c,v
retrieving revision 1.58
diff -u -r1.58 auth.c
--- auth.c	21 Sep 2002 15:26:53 -0000	1.58
+++ auth.c	29 Sep 2002 05:53:43 -0000
@@ -202,7 +202,7 @@
 	}
 
 #ifdef WITH_AIXAUTHENTICATE
-	if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
+	if ((geteuid()==0) && loginrestrictions(pw->pw_name, S_RLOGIN,
NULL, &loginmsg) != 0) {
 		if (loginmsg && *loginmsg) {
 			/* Remove embedded newlines (if any) */
 			char *p;