Snapshot

[Jan-Frode Myklebust]

On Mon, Sep 25, 2000 at 10:31:56AM +0200, Jan-Frode Myklebust wrote:
> On Mon, Sep 25, 2000 at 10:24:47AM +0200, Markus Friedl wrote:
> > there should be messages from sftp-server. if not you have to edit
> > sftp-server.c
> 
> Ohh.., my mistake.. (but sftpserver probably should have pointed it out to
> me). I had a /etc/nologin in place, and openssh doesn't understand
> /etc/nologin.allow yet. Guess I'll have to recreate a patch for it.
> 

Any chance of getting this patch into openssh?

It implements a function for letting users listed in /etc/nologin.allow
in when /etc/nologin is in place.


  -jf
-------------- next part --------------
--- openssh-SNAP-2000092401/session.c	Sat Sep 16 07:09:28 2000
+++ openssh/session.c	Mon Sep 25 10:42:28 2000
@@ -953,6 +953,29 @@
 #endif /* defined(HAVE_GETUSERATTR) */
 
 /*
+ * Let users in if they're listed in /etc/nologin.allow
+ */
+int
+nologin_allow(char *username)
+{
+	char buf[256];
+	FILE *f = NULL;
+	
+	f = fopen("/etc/nologin.allow", "r");
+	if (f) {
+		while (fgets(buf, sizeof(buf), f))
+			buf[strlen(buf) -1] = '\0'; /* remove trailing \n */
+			if (strcmp(buf, username) == 0) {
+				fputs("WARNING: Let in by /etc/nologin.allow\n", stderr);
+				fclose(f);
+				return(1);
+			}
+		fclose(f);
+	}
+	return(0);
+}
+
+/*
  * Performs common processing for the child, such as setting up the
  * environment, closing extra file descriptors, setting the user and group
  * ids, and executing the command or shell.
@@ -994,6 +1017,9 @@
 			while (fgets(buf, sizeof(buf), f))
 				fputs(buf, stderr);
 			fclose(f);
+#ifdef NOLOGINALLOW
+			if (nologin_allow(pw->pw_name) != 1)
+#endif /* NOLOGINALLOW */
 			exit(254);
 		}
 	}