Attachment #922 for bug #1045

Lines 307-312 Link Here

(-)openssh-4.0p1/sshd_config.5.ignore-nologin (+6 lines)
307	or	307	or
308	.Dq rsa	308	.Dq rsa
309	are used for version 2 of the SSH protocol.	309	are used for version 2 of the SSH protocol.
		310	.It Cm IgnoreNologin
		311	Specifies that existence of
		312	.Pa /etc/nologin
		313	file will not disable login access for users.
		314	The default is
		315	.Dq no .
310	.It Cm IgnoreRhosts	316	.It Cm IgnoreRhosts
311	Specifies that	317	Specifies that
312	.Pa .rhosts	318	.Pa .rhosts

Lines 1236-1241 Link Here

(-)openssh-4.0p1/session.c.ignore-nologin (+3 lines)
1236	FILE *f = NULL;	1236	FILE *f = NULL;
1237	char buf[1024];	1237	char buf[1024];
1238		1238
		1239	if (options.ignore_nologin)
		1240	return;
		1241
1239	#ifdef HAVE_LOGIN_CAP	1242	#ifdef HAVE_LOGIN_CAP
1240	if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid)	1243	if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid)
1241	f = fopen(login_getcapstr(lc, "nologin", _PATH_NOLOGIN,	1244	f = fopen(login_getcapstr(lc, "nologin", _PATH_NOLOGIN,

Lines 174-179 Link Here

(-)openssh-4.0p1/sshd_config.0.ignore-nologin (+4 lines)
174	key files. ``rsa1'' keys are used for version 1 and ``dsa'' or	174	key files. ``rsa1'' keys are used for version 1 and ``dsa'' or
175	``rsa'' are used for version 2 of the SSH protocol.	175	``rsa'' are used for version 2 of the SSH protocol.
176		176
		177	IgnoreNologin
		178	Specifies that existence of /etc/nologin file will not disable
		179	login access for users. The default is ``no''.
		180
177	IgnoreRhosts	181	IgnoreRhosts
178	Specifies that .rhosts and .shosts files will not be used in	182	Specifies that .rhosts and .shosts files will not be used in
179	RhostsRSAAuthentication or HostbasedAuthentication.	183	RhostsRSAAuthentication or HostbasedAuthentication.

Lines 52-57 Link Here

(-)openssh-4.0p1/servconf.h.ignore-nologin (+1 lines)
52	* (sec). */	52	* (sec). */
53	int key_regeneration_time; /* Server key lifetime (seconds). */	53	int key_regeneration_time; /* Server key lifetime (seconds). */
54	int permit_root_login; /* PERMIT_, see above /	54	int permit_root_login; /* PERMIT_, see above /
		55	int ignore_nologin; /* Ignore /etc/nologin */
55	int ignore_rhosts; /* Ignore .rhosts and .shosts. */	56	int ignore_rhosts; /* Ignore .rhosts and .shosts. */
56	int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts	57	int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts
57	* for RhostsRsaAuth */	58	* for RhostsRsaAuth */

Lines 50-55 Link Here

(-)openssh-4.0p1/servconf.c.ignore-nologin (-1 / +8 lines)
50	options->login_grace_time = -1;	50	options->login_grace_time = -1;
51	options->key_regeneration_time = -1;	51	options->key_regeneration_time = -1;
52	options->permit_root_login = PERMIT_NOT_SET;	52	options->permit_root_login = PERMIT_NOT_SET;
		53	options->ignore_nologin = -1;
53	options->ignore_rhosts = -1;	54	options->ignore_rhosts = -1;
54	options->ignore_user_known_hosts = -1;	55	options->ignore_user_known_hosts = -1;
55	options->print_motd = -1;	56	options->print_motd = -1;
Lines 143-148 Link Here
143	options->key_regeneration_time = 3600;	144	options->key_regeneration_time = 3600;
144	if (options->permit_root_login == PERMIT_NOT_SET)	145	if (options->permit_root_login == PERMIT_NOT_SET)
145	options->permit_root_login = PERMIT_YES;	146	options->permit_root_login = PERMIT_YES;
		147	if (options->ignore_nologin == -1)
		148	options->ignore_nologin = 0;
146	if (options->ignore_rhosts == -1)	149	if (options->ignore_rhosts == -1)
147	options->ignore_rhosts = 1;	150	options->ignore_rhosts = 1;
148	if (options->ignore_user_known_hosts == -1)	151	if (options->ignore_user_known_hosts == -1)
Lines 263-269 Link Here
263	sKerberosTgtPassing, sChallengeResponseAuthentication,	266	sKerberosTgtPassing, sChallengeResponseAuthentication,
264	sPasswordAuthentication, sKbdInteractiveAuthentication,	267	sPasswordAuthentication, sKbdInteractiveAuthentication,
265	sListenAddress, sAddressFamily,	268	sListenAddress, sAddressFamily,
266	sPrintMotd, sPrintLastLog, sIgnoreRhosts,	269	sPrintMotd, sPrintLastLog, sIgnoreNologin, sIgnoreRhosts,
267	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,	270	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
268	sStrictModes, sEmptyPasswd, sTCPKeepAlive,	271	sStrictModes, sEmptyPasswd, sTCPKeepAlive,
269	sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,	272	sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
Lines 343-348 Link Here
343	{ "addressfamily", sAddressFamily },	346	{ "addressfamily", sAddressFamily },
344	{ "printmotd", sPrintMotd },	347	{ "printmotd", sPrintMotd },
345	{ "printlastlog", sPrintLastLog },	348	{ "printlastlog", sPrintLastLog },
		349	{ "ignorenologin", sIgnoreNologin },
346	{ "ignorerhosts", sIgnoreRhosts },	350	{ "ignorerhosts", sIgnoreRhosts },
347	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },	351	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },
348	{ "x11forwarding", sX11Forwarding },	352	{ "x11forwarding", sX11Forwarding },
Lines 620-625 Link Here
620	if (*intptr == -1)	624	if (*intptr == -1)
621	*intptr = value;	625	*intptr = value;
622	break;	626	break;
		627	case sIgnoreNologin:
		628	intptr = &options->ignore_nologin;
		629	goto parse_flag;
623		630
624	case sIgnoreUserKnownHosts:	631	case sIgnoreUserKnownHosts:
625	intptr = &options->ignore_user_known_hosts;	632	intptr = &options->ignore_user_known_hosts;

Return to bug 1045