- markus@cvs.openbsd.org 2001/03/17 17:27:59

[auth.c] check /etc/shells, too
2024-11-25 19:43:39 +08:00 · 2001-03-17 23:13:27 +00:00 · 2001-03-17 23:13:27 +00:00 · d69191bb4e
commit d69191bb4e
parent fea7278d90
2 changed files with 16 additions and 3 deletions
--- a/6
+++ b/6
@ -1,6 +1,10 @@
 20010318
 - (bal) Fixed scp type casing issue which causes "scp: protocol error: 
   size not delimited" fatal errors when tranfering.
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/17 17:27:59
+     [auth.c]
+     check /etc/shells, too

 20010317
 - Support usrinfo() on AIX. Based on patch from Gert Doering 
@ -4590,4 +4594,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1

-$Id: ChangeLog,v 1.969 2001/03/17 18:07:46 mouring Exp $
+$Id: ChangeLog,v 1.970 2001/03/17 23:13:27 mouring Exp $
--- a/auth.c
+++ b/auth.c
@ -23,7 +23,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.19 2001/03/02 18:54:31 deraadt Exp $");
+RCSID("$OpenBSD: auth.c,v 1.20 2001/03/17 17:27:59 markus Exp $");

 #ifdef HAVE_LOGIN_H
 #include <login.h>
@ -57,7 +57,7 @@ int
 allowed_user(struct passwd * pw)
 {
 	struct stat st;
-	char *shell;
+	char *shell, *cp;
 	int i;
 #ifdef WITH_AIXAUTHENTICATE
 	char *loginmsg;
@ -95,6 +95,15 @@ allowed_user(struct passwd * pw)
 	 */
 	shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;

+	/* disallow anyone who does not have a standard shell */
+	setusershell();
+	while ((cp = getusershell()) != NULL)
+		if (strcmp(cp, shell) == 0)
+			break;
+	endusershell();
+	if (cp == NULL)
+		return 0;
+
 	/* deny if shell does not exists or is not executable */
 	if (stat(shell, &st) != 0)
 		return 0;