20021015

 - (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.

2 files changed, 11 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index e8622df4..e7345aed 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+20021015
+ - (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.
+
 20021004
  - (bal) Disable post-authentication Privsep for OSF/1.  It conflicts with
    SIA.
@@ -761,4 +764,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2491.2.2 2002/10/05 00:14:05 mouring Exp $
+$Id: ChangeLog,v 1.2491.2.3 2002/10/16 00:12:12 mouring Exp $
diff --git a/auth.c b/auth.c
index 48720da8..4e1dc164 100644
--- a/auth.c
+++ b/auth.c
@@ -202,7 +202,13 @@ allowed_user(struct passwd * pw)
 	}
 
 #ifdef WITH_AIXAUTHENTICATE
-	if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
+	/*
+	 * Don't check loginrestrictions() for root account (use
+	 * PermitRootLogin to control logins via ssh), or if running as
+	 * non-root user (since loginrestrictions will always fail).
+	 */
+	if ( (pw->pw_uid != 0) && (geteuid() == 0) &&
+	    loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
 		if (loginmsg && *loginmsg) {
 			/* Remove embedded newlines (if any) */
 			char *p;