Darren Tucker
2002-Sep-29 08:09 UTC
[PATCH] Only call loginrestiction on AIX if running as root
Hi All, I have found that the regression tests on AIX failed as a non-root user. This is due to a call to loginrestrictions() failing. The man page for loginrestrictions says: "Access Control:The calling process must have access to the account information in the user database and the port information in the port database." These files are: /etc/security/user, /etc/security/login.cfg and /etc/security/portlog, which are readable only by root or group "security". Please consider applying the attached patch, which calls loginrestrictions only if running as root. With this patch, AIX 4.2.1 & 4.3.3 complete the entire regression suite without sudo. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. -------------- next part -------------- Index: auth.c ==================================================================RCS file: /cvs/openssh/auth.c,v retrieving revision 1.58 diff -u -r1.58 auth.c --- auth.c 21 Sep 2002 15:26:53 -0000 1.58 +++ auth.c 29 Sep 2002 05:53:43 -0000 @@ -202,7 +202,7 @@ } #ifdef WITH_AIXAUTHENTICATE - if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) { + if ((geteuid()==0) && loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) { if (loginmsg && *loginmsg) { /* Remove embedded newlines (if any) */ char *p;