Use the current user's login class for the decisions about where
the nologin(5) file is located and whether the user may bypass its
restriction.
Add some error checks.
Revision Changes Path
1.7 +16 -15 src/lib/libpam/modules/pam_nologin/pam_nologin.8
1.13 +42 -29 src/lib/libpam/modules/pam_nologin/pam_nologin.c
Note: To avoid POLA violation, the merged module still lets root
in irrespective of login.conf settings. In HEAD, root has to have
an explicit "ignorenologin" capability to bypass nologin(5).
PR: bin/107612
fa260264c0