don't allow kerberos root login if the root instance is missing

SCCS-vsn: usr.bin/login/login.c 8.4

diff --git a/usr/src/usr.bin/login/login.c b/usr/src/usr.bin/login/login.c
index f4b4165..371446f 100644 (file)
--- a/usr/src/usr.bin/login/login.c
+++ b/usr/src/usr.bin/login/login.c
@@ -12,7 +12,7 @@ static char copyright[] =
 #endif /* not lint */
 
 #ifndef lint
 #endif /* not lint */
 
 #ifndef lint

-static char sccsid[] = "@(#)login.c    8.3 (Berkeley) %G%";
+static char sccsid[] = "@(#)login.c    8.4 (Berkeley) %G%";

 #endif /* not lint */
 
 /*
 #endif /* not lint */
 
 /*


@@ -259,6 +259,8 @@ main(argc, argv)
                if (pwd) {
 #ifdef KERBEROS
                        rval = klogin(pwd, instance, localhost, p);
                if (pwd) {
 #ifdef KERBEROS
                        rval = klogin(pwd, instance, localhost, p);

+                       if (rval != 0 && rootlogin && pwd->pw_uid != 0)
+                               rootlogin = 0;

                        if (rval == 0)
                                authok = 1;
                        else if (rval == 1)
                        if (rval == 0)
                                authok = 1;
                        else if (rval == 1)