Displaying 8 results from an estimated 8 matches for "_path_nologin".
2010 Jan 11
2
/etc/nologin must be world-readable which is not totally clear
hi, the man page for sshd(1) says about /etc/nologin: "The file
should be world-readable". However, nologin has no effect if it's not
readable by the connecting user:
if (pw->pw_uid)
f = fopen(_PATH_NOLOGIN, "r");
if (f) {
/* /etc/nologin exists. Print its contents and exit. */
...
...
return(254)
if root has a stricter mask than 022 it can easily happen that
/etc/nologin can have 0600 permissions, for example. The user would not
be able to send the file...
2002 Jun 24
1
remove --with-rsh
...6 @@
# define _PATH_MAILDIR MAILDIR
#endif /* !defined(_PATH_MAILDIR) && defined(MAILDIR) */
-#ifndef _PATH_RSH
-# ifdef RSH_PATH
-# define _PATH_RSH RSH_PATH
-# else /* RSH_PATH */
-# define _PATH_RSH "/usr/bin/rsh"
-# endif /* RSH_PATH */
-#endif /* _PATH_RSH */
-
#ifndef _PATH_NOLOGIN
# define _PATH_NOLOGIN "/etc/nologin"
#endif
2002 Feb 04
0
[Bug 101] New: session.c modifications for correct UNICOS behavior
...+#ifndef _CRAY
+# if !defined(HAVE_OSF_SIA)
if (!options.use_login) {
-# ifdef HAVE_LOGIN_CAP
+# ifdef HAVE_LOGIN_CAP
if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid)
f = fopen(login_getcapstr(lc, "nologin", _PATH_NOLOGIN,
_PATH_NOLOGIN), "r");
-# else /* HAVE_LOGIN_CAP */
+# else /* HAVE_LOGIN_CAP */
if (pw->pw_uid)
f = fopen(_PATH_NOLOGIN, "r");
-# endif /* HAVE_LOGIN_CAP */
+# endif /* HAVE_LOGIN_CAP */
if...
2003 Jul 05
0
[PATCH] Replace AIX loginmsg with generic Buffer loginmsg
...pw->pw_name, msg);
}
- /* Remove trailing newline */
- *--p = '\0';
- logit("Login restricted for %s: %.100s", pw->pw_name,
- loginmsg);
+ /* Don't fail if /etc/nologin set */
+ if (!(loginrestrict_errno == EPERM &&
+ stat(_PATH_NOLOGIN, &st) == 0))
+ return 0;
}
- /* Don't fail if /etc/nologin set */
- if (!(loginrestrict_errno == EPERM &&
- stat(_PATH_NOLOGIN, &st) == 0))
- return 0;
}
#endif /* WITH_AIXAUTHENTICATE */
Index: session.c
================================================...
2002 Mar 21
0
[Bug 178] New: Content of /etc/nologin isn't shown to users, fix triggers probably AIX bug
...message in /etc/nologin we have to
! * accept him here. Otherwise the message will just be logged and the
! * user gets only a permission denied message.
! */
! if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0 &&
! (errno != EPERM ||
! stat(_PATH_NOLOGIN, &st) != 0)) {
if (loginmsg && *loginmsg) {
/* Remove embedded newlines (if any) */
char *p;
Index: session.c
===================================================================
RCS file: /usr/local/.cvs/auth/openssh/session.c,v
retrieving revision 1.1.1.7
diff -c -r1.1.1...
2003 Jul 09
0
[PATCH] Add expired password handling for AIX.
...\
defined(HAS_SHADOW_EXPIRE)
-#define DAY (24L * 60 * 60) /* 1 day in seconds */
if (!options.use_pam && (spw = getspnam(pw->pw_name)) != NULL) {
today = time(NULL) / DAY;
debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
@@ -221,6 +223,65 @@
stat(_PATH_NOLOGIN, &st) == 0))
return 0;
}
+ }
+
+ /*
+ * Check AIX password expiry. Only check when running as root.
+ * Unpriv'ed users can't access /etc/security/passwd or
+ * /etc/security/user so passwdexpired will always fail.
+ */
+ if (geteuid() == 0) {
+ char *msg, *user = pw->p...
2003 Jul 30
1
[PATCH] Password expiry merge (AIX parts)
...\
defined(HAS_SHADOW_EXPIRE)
-#define DAY (24L * 60 * 60) /* 1 day in seconds */
if (!options.use_pam && (spw = getspnam(pw->pw_name)) != NULL) {
today = time(NULL) / DAY;
debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
@@ -221,6 +223,65 @@
stat(_PATH_NOLOGIN, &st) == 0))
return 0;
}
+ }
+
+ /*
+ * Check AIX password expiry. Only check when running as root.
+ * Unpriv'ed users can't access /etc/security/passwd or
+ * /etc/security/user so passwdexpired will always fail.
+ */
+ if (geteuid() == 0) {
+ char *msg, *user = pw->p...
2000 Aug 23
14
Test snapshot
...ly a problem for "UseLogin yes".
- millert at cvs.openbsd.org 2000/08/20 12:30:59
[session.c]
Only check /etc/nologin if "UseLogin no" since login(1) may have its
own policy on determining who is allowed to login when /etc/nologin
is present. Also use the _PATH_NOLOGIN define.
- millert at cvs.openbsd.org 2000/08/20 12:42:43
[auth1.c auth2.c session.c ssh.c]
Add calls to setusercontext() and login_get*(). We basically call
setusercontext() in most places where previously we did a setlogin().
Add default login.conf file and put root in the...