Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 3220 From djm@test.pubnix.com Sat Jan 6 12:33:50 2001 Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id MAA03876 for ; Sat, 6 Jan 2001 12:33:49 -0500 (EST) Received: from nero.test.pubnix.com by MIT.EDU with SMTP id AA26023; Sat, 6 Jan 01 12:35:34 EST Received: from gaius.test.pubnix.com (gaius.test.pubnix.com [208.211.134.154]) by nero.test.pubnix.com (Postfix) with ESMTP id D184F6D11 for ; Sat, 6 Jan 2001 12:33:48 -0500 (EST) Received: by gaius.test.pubnix.com id f06I5eh89572; Sat, 6 Jan 2001 13:05:40 -0500 (EST) Message-Id: Date: Sat, 6 Jan 2001 13:05:40 -0500 (EST) From: djm@test.pubnix.com Reply-To: djm@test.pubnix.com To: krb5-bugs@MIT.EDU Cc: Subject: kshd uses the wrong nologin path X-Send-Pr-Version: 3.99 >Number: 913 >Category: krb5-appl >Synopsis: kshd uses the wrong nologin path >Confidential: no >Severity: non-critical >Priority: low >Responsible: tlyu >State: closed >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Sat Jan 6 12:34:01 EST 2001 >Last-Modified: Fri Sep 14 17:44:15 EDT 2001 >Originator: David J. MacKenzie >Organization: >Release: krb5-1.2.1 >Environment: System: FreeBSD gaius.test.pubnix.com 4.2-STABLE FreeBSD 4.2-STABLE #4: Wed Dec 20 16:05:45 EST 2000 djm@gaius.test.pubnix.com:/usr/src/sys/compile/SERVER i386 >Description: kshd has /etc/nologin hardcoded instead of using _PATH_NOLOGIN from (if available) like login.krb5 does. As a result, on FreeBSD 4.2 these two programs end up using different paths for the nologin file (which is /var/run/nologin on FreeBSD). >How-To-Repeat: root@gaius 217 $ strings -f kshd login.krb5 | grep nologin kshd: /etc/nologin login.krb5: /var/run/nologin >Fix: --- krshd.c~ Thu Jun 29 22:27:05 2000 +++ krshd.c Sat Jan 6 12:57:23 2001 @@ -160,6 +160,16 @@ Key_schedule v4_schedule; #endif +#ifdef HAVE_PATHS_H +#include +#endif + +#if defined(_PATH_NOLOGIN) +#define NOLOGIN _PATH_NOLOGIN +#else +#define NOLOGIN "/etc/nologin" +#endif + #include "defines.h" #if HAVE_ARPA_NAMESER_H @@ -1119,7 +1129,7 @@ goto signout_please; } - if (pwd->pw_uid && !access("/etc/nologin", F_OK)) { + if (pwd->pw_uid && !access(NOLOGIN, F_OK)) { error("Logins currently disabled.\n"); goto signout_please; } >Audit-Trail: Responsible-Changed-From-To: krb5-unassigned->tlyu Responsible-Changed-By: tlyu Responsible-Changed-When: Fri Jan 26 17:54:59 2001 Responsible-Changed-Why: refiled State-Changed-From-To: open-feedback State-Changed-By: tlyu State-Changed-When: Fri Jan 26 17:55:10 2001 State-Changed-Why: patch committed. From: Tom Yu To: djm@test.pubnix.com Cc: krb5-bugs@MIT.EDU Subject: Re: krb5-appl/913: kshd uses the wrong nologin path Date: Fri, 26 Jan 2001 17:55:50 -0500 (EST) Thanks for the patch; I've checked it into our current source tree. ---Tom State-Changed-From-To: feedback-closed State-Changed-By: tlyu State-Changed-When: Fri Sep 14 17:43:11 2001 State-Changed-Why: fixed a while ago >Unformatted: