- dtucker@cvs.openbsd.org 2010/01/12 01:31:05

     [session.c]
     Do not allow logins if /etc/nologin exists but is not readable by the user
     logging in.  Noted by Jan.Pechanec at Sun, ok djm@ deraadt@

1 files changed, 4 insertions, 2 deletions

diff --git a/session.c b/session.c
index 733b5a909..6cd07d4fe 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.249 2009/11/20 00:15:41 dtucker Exp $ */
+/* $OpenBSD: session.c,v 1.250 2010/01/12 01:31:05 dtucker Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1387,10 +1387,12 @@ do_nologin(struct passwd *pw)
         if (pw->pw_uid)
                 f = fopen(_PATH_NOLOGIN, "r");
 #endif
-        if (f) {
+        if (f != NULL || errno == EPERM) {
                 /* /etc/nologin exists.  Print its contents and exit. */
                 logit("User %.100s not allowed because %s exists",
                     pw->pw_name, _PATH_NOLOGIN);
+                if (f == NULL)
+                        exit(254);
                 while (fgets(buf, sizeof(buf), f))
                         fputs(buf, stderr);
                 fclose(f);