1 files changed, 16 insertions, 21 deletions
diff --git a/auth.c b/auth.c
index 6b48addf7..d4768a154 100644
--- a/auth.c
+++ b/auth.c
@@ -54,6 +54,7 @@ RCSID("$OpenBSD: auth.c,v 1.48 2003/06/02 09:17:34 markus Exp $");
 /* import */
 extern ServerOptions options;
+extern Buffer loginmsg;
 /* Debugging messages */
 Buffer auth_debug;
@@ -75,9 +76,6 @@ allowed_user(struct passwd * pw)
        const char *hostname = NULL, *ipaddr = NULL;
        char *shell;
        int i;
-#ifdef WITH_AIXAUTHENTICATE
-        char *loginmsg;
-#endif /* WITH_AIXAUTHENTICATE */
 #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) && \
    defined(HAS_SHADOW_EXPIRE)
        struct spwd *spw;
@@ -206,26 +204,23 @@ allowed_user(struct passwd * pw)
         * PermitRootLogin to control logins via ssh), or if running as
         * non-root user (since loginrestrictions will always fail).
         */
-        if ((pw->pw_uid != 0) && (geteuid() == 0) &&
+        if ((pw->pw_uid != 0) && (geteuid() == 0)) {
-            loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
+                char *msg;
-                int loginrestrict_errno = errno;
+                if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg) != 0) {
-                if (loginmsg && *loginmsg) {
+                        int loginrestrict_errno = errno;
-                        /* Remove embedded newlines (if any) */
-                        char *p;
+                        if (msg && *msg) {
-                        for (p = loginmsg; *p; p++) {
+                                buffer_append(&loginmsg, msg, strlen(msg));
-                                if (*p == '\n')
+                                aix_remove_embedded_newlines(msg);
-                                        *p = ' ';
+                                logit("Login restricted for %s: %.100s",
+                                    pw->pw_name, msg);
                        }
-                        /* Remove trailing newline */
+                        /* Don't fail if /etc/nologin  set */
-                        *--p = '\0';
+                        if (!(loginrestrict_errno == EPERM && 
-                        logit("Login restricted for %s: %.100s", pw->pw_name, 
+                            stat(_PATH_NOLOGIN, &st) == 0))
-                            loginmsg);
+                                return 0;
                }
-                /* Don't fail if /etc/nologin  set */
-                if (!(loginrestrict_errno == EPERM && 
-                    stat(_PATH_NOLOGIN, &st) == 0))
-                        return 0;
        }
 #endif /* WITH_AIXAUTHENTICATE */

diff --git a/auth.c b/auth.c index 6b48addf7..d4768a154 100644 --- a/auth.c +++ b/auth.c
@@ -54,6 +54,7 @@ RCSID("$OpenBSD: auth.c,v 1.48 2003/06/02 09:17:34 markus Exp $");
54		54
55	/* import */	55	/* import */
56	extern ServerOptions options;	56	extern ServerOptions options;
		57	extern Buffer loginmsg;
57		58
58	/* Debugging messages */	59	/* Debugging messages */
59	Buffer auth_debug;	60	Buffer auth_debug;
@@ -75,9 +76,6 @@ allowed_user(struct passwd * pw)
75	const char hostname = NULL, ipaddr = NULL;	76	const char hostname = NULL, ipaddr = NULL;
76	char *shell;	77	char *shell;
77	int i;	78	int i;
78	#ifdef WITH_AIXAUTHENTICATE
79	char *loginmsg;
80	#endif /* WITH_AIXAUTHENTICATE */
81	#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) && \	79	#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) && \
82	defined(HAS_SHADOW_EXPIRE)	80	defined(HAS_SHADOW_EXPIRE)
83	struct spwd *spw;	81	struct spwd *spw;
@@ -206,26 +204,23 @@ allowed_user(struct passwd * pw)
206	* PermitRootLogin to control logins via ssh), or if running as	204	* PermitRootLogin to control logins via ssh), or if running as
207	* non-root user (since loginrestrictions will always fail).	205	* non-root user (since loginrestrictions will always fail).
208	*/	206	*/
209	if ((pw->pw_uid != 0) && (geteuid() == 0) &&	207	if ((pw->pw_uid != 0) && (geteuid() == 0)) {
210	loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {	208	char *msg;
211	int loginrestrict_errno = errno;	209
212		210	if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg) != 0) {
213	if (loginmsg && *loginmsg) {	211	int loginrestrict_errno = errno;
214	/* Remove embedded newlines (if any) */	212
215	char *p;	213	if (msg && *msg) {
216	for (p = loginmsg; *p; p++) {	214	buffer_append(&loginmsg, msg, strlen(msg));
217	if (*p == '\n')	215	aix_remove_embedded_newlines(msg);
218	*p = ' ';	216	logit("Login restricted for %s: %.100s",
		217	pw->pw_name, msg);
219	}	218	}
220	/* Remove trailing newline */	219	/* Don't fail if /etc/nologin set */
221	*--p = '\0';	220	if (!(loginrestrict_errno == EPERM &&
222	logit("Login restricted for %s: %.100s", pw->pw_name,	221	stat(_PATH_NOLOGIN, &st) == 0))
223	loginmsg);	222	return 0;
224	}	223	}
225	/* Don't fail if /etc/nologin set */
226	if (!(loginrestrict_errno == EPERM &&
227	stat(_PATH_NOLOGIN, &st) == 0))
228	return 0;
229	}	224	}
230	#endif /* WITH_AIXAUTHENTICATE */	225	#endif /* WITH_AIXAUTHENTICATE */
231		226