From 29cd1888873d453f28609d8b301062cbaa4ab4d8 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sun, 22 Apr 2012 11:08:10 +1000
Subject:    - guenther@cvs.openbsd.org 2012/03/15 03:10:27      [session.c]   
   root should always be excluded from the test for /etc/nologin instead     
 of having it always enforced even when marked as ignorenologin.  This     
 regressed when the logic was incompletely flipped around in rev 1.251      ok
 halex@ millert@

---
 session.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'session.c')

diff --git a/session.c b/session.c
index 5dad26293..65bf28776 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.259 2011/10/24 02:13:13 djm Exp $ */
+/* $OpenBSD: session.c,v 1.260 2012/03/15 03:10:27 guenther Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1390,7 +1390,7 @@ do_nologin(struct passwd *pw)
 	struct stat sb;
 
 #ifdef HAVE_LOGIN_CAP
-	if (login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid)
+	if (login_getcapbool(lc, "ignorenologin", 0) || pw->pw_uid == 0)
 		return;
 	nl = login_getcapstr(lc, "nologin", def_nl, def_nl);
 #else
-- 
cgit v1.2.3