mirrors/openssh
0
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-11-23 18:23:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

- djm@cvs.openbsd.org 2010/01/13 23:47:26

Browse Source 
[auth.c]
     when using ChrootDirectory, make sure we test for the existence of the
     user's shell inside the chroot; bz #1679, patch from alex AT rtfs.hu;
     ok dtucker
This commit is contained in:
Darren Tucker 2010-01-15 11:44:46 +11:00
parent 75fe626489
commit 94881d8dbb
2 changed files with 28 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -6,6 +6,11 @@
sftp.c: as above, plus add -p to get/put, and shorten their arg names
to keep the help usage nicely aligned
ok djm
- djm@cvs.openbsd.org 2010/01/13 23:47:26
[auth.c]
when using ChrootDirectory, make sure we test for the existence of the
user's shell inside the chroot; bz #1679, patch from alex AT rtfs.hu;
ok dtucker
20100114
- (djm) [platform.h] Add missing prototype for

26
auth.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth.c,v 1.82 2010/01/13 00:19:04 dtucker Exp $ */
/* $OpenBSD: auth.c,v 1.83 2010/01/13 23:47:26 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -95,7 +95,7 @@ allowed_user(struct passwd * pw)
{
struct stat st;
const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
char *shell;
char *shell, *tmp, *chroot_path;
u_int i;
#ifdef USE_SHADOW
struct spwd *spw = NULL;
@ -156,20 +156,40 @@ allowed_user(struct passwd * pw)
* Get the shell from the password data. An empty shell field is
* legal, and means /bin/sh.
*/
shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
shell = xstrdup((pw->pw_shell[0] == '\0') ?
_PATH_BSHELL : pw->pw_shell);
/*
* Amend shell if chroot is requested.
*/
if (options.chroot_directory != NULL &&
strcasecmp(options.chroot_directory, "none") != 0) {
tmp = tilde_expand_filename(options.chroot_directory,
pw->pw_uid);
chroot_path = percent_expand(tmp, "h", pw->pw_dir,
"u", pw->pw_name, (char *)NULL);
xfree(tmp);
xasprintf(&tmp, "%s/%s", chroot_path, shell);
xfree(shell);
shell = tmp;
free(chroot_path);
}
/* deny if shell does not exists or is not executable */
if (stat(shell, &st) != 0) {
logit("User %.100s not allowed because shell %.100s does not exist",
pw->pw_name, shell);
xfree(shell);
return 0;
}
if (S_ISREG(st.st_mode) == 0 ||
(st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
logit("User %.100s not allowed because shell %.100s is not executable",
pw->pw_name, shell);
xfree(shell);
return 0;
}
xfree(shell);
if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
options.num_deny_groups > 0 || options.num_allow_groups > 0) {