search for: requirehome

...no)); ! } ! } ! else { ! if (chdir(pw->pw_dir) < 0) { fprintf(stderr, "Could not chdir to home directory %s: %s\n", pw->pw_dir, strerror(errno)); #ifdef HAVE_LOGIN_CAP *************** *** 1354,1359 **** --- 1412,1418 ---- if (login_getcapbool(lc, "requirehome", 0)) exit(1); #endif + } } if (!options.use_login) *************** *** 1613,1618 **** --- 1672,1678 ---- int success = 0; char *cmd, *subsys = packet_get_string(&len); int i; + char *idx; packet_check_eom(); log("subsystem request for %.100s&quo...

...en the user's directory can't be cd into. It does that only when chroot_directory is NULL. There is a missing check for "none" in session.c: /* Suppress missing homedir warning for chroot case */ #ifdef HAVE_LOGIN_CAP r = login_getcapbool(lc, "requirehome", 0); #endif if (r || options.chroot_directory == NULL) fprintf(stderr, "Could not chdir to home " "directory %s: %s\n", pw->pw_dir, strerror(errno)); all other checks with c...

...in=/usr/sbin/nologin:\ :cputime=1h30m:\ :datasize=8M:\ :vmemoryuse=100M:\ :stacksize=2M:\ :memorylocked=4M:\ :memoryuse=8M:\ :filesize=8M:\ :coredumpsize=8M:\ :openfiles=24:\ :maxproc=32:\ :priority=0:\ :requirehome:\ :passwordtime=91d:\ :umask=022:\ :ignoretime@:\ :label=lomac/high(high-high): === END OF LOGIN CLASS === PROGRAM RUN RESULT My label is lomac/high(high-high) filelabel(testlow) is lomac/low Try to open testlow for reading... Open for reading succee...

...uk:\ :x-ldap-binddn=cn=UnixUser,cn=Users,dc=my,dc=domain,dc=co,dc=uk:\ :x-ldap-bindpw=mypassword:\ :x-ldap-filter=(&(objectClass=user)(mail=%u)):\ :datasize-cur=512M:\ :datasize-max=infinity:\ :maxproc-max=256:\ :maxproc-cur=128:\ :requirehome@:\ :tc=default: ======================================= Note: for login_ldap to work it is necessary that the user information (minus password) is replicated on the localhost. I've done this using a relatively inelegant script which for completeness is below. I guess adding some error...

...r\'s home directory. */ - if (chdir(pw->pw_dir) < 0) + if ( +#ifdef __FreeBSD__ + !*pw->pw_dir || +#endif /* __FreeBSD__ */ + chdir(pw->pw_dir) < 0 + ) { +#ifdef __FreeBSD__ + int quiet_login = 0; +#endif /* __FreeBSD__ */ +#ifdef LOGIN_CAP + if (login_getcapbool(lc, "requirehome", 0)) { + (void)printf("Home directory not available\n"); + log("LOGIN %.200s REFUSED (HOMEDIR) ON TTY %.200s", + pw->pw_name, ttyname); + exit(254); + } +#endif /* LOGIN_CAP */ +#ifdef __FreeBSD__ + if (chdir("/") < 0) { + (void)printf("Ca...