From 72588d2eaaa01608d271be39e547a95b0f89b4e4 Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Wed, 22 Jun 2016 13:36:16 -0700
Subject: [PATCH] Allow device-to-device SSH to establish SSH sessions

Summary:
In D16167 I required users to be logged in to be "activated", but this logic doesn't account for that properly when the user is an Almanac device (a cluster host connecting to another cluster host).

Don't do this check for device connections, they can always establish sessions.

Test Plan: Will push.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D16170
---
 scripts/ssh/ssh-exec.php | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/scripts/ssh/ssh-exec.php b/scripts/ssh/ssh-exec.php
index 56b13ff142..5748e371cf 100755
--- a/scripts/ssh/ssh-exec.php
+++ b/scripts/ssh/ssh-exec.php
@@ -190,12 +190,14 @@ try {
       'P' => $user->getPHID(),
     ));
 
-  if (!$user->canEstablishSSHSessions()) {
-    throw new Exception(
-      pht(
-        'Your account ("%s") does not have permission to establish SSH '.
-        'sessions. Visit the web interface for more information.',
-        $user_name));
+  if (!$device) {
+    if (!$user->canEstablishSSHSessions()) {
+      throw new Exception(
+        pht(
+          'Your account ("%s") does not have permission to establish SSH '.
+          'sessions. Visit the web interface for more information.',
+          $user_name));
+    }
   }
 
   $workflows = id(new PhutilClassMapQuery())