diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-17 23:13:27 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-17 23:13:27 +0000 |
| commit | d69191bb4e93374f9818ab485d1a28fbfc0d1493 (patch) | |
| tree | 1e623ada352baee7e3681ef476e8cab536de3c92 | |
| parent | fea7278d901d7ee66b990f9c5d3ef7616c1a9c58 (diff) | |
- markus@cvs.openbsd.org 2001/03/17 17:27:59
[auth.c]
check /etc/shells, too
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | auth.c | 13 |
2 files changed, 16 insertions, 3 deletions
@@ -1,6 +1,10 @@ 20010318 - (bal) Fixed scp type casing issue which causes "scp: protocol error: size not delimited" fatal errors when tranfering. + - OpenBSD CVS Sync + - markus@cvs.openbsd.org 2001/03/17 17:27:59 + [auth.c] + check /etc/shells, too 20010317 - Support usrinfo() on AIX. Based on patch from Gert Doering @@ -4590,4 +4594,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.969 2001/03/17 18:07:46 mouring Exp $ +$Id: ChangeLog,v 1.970 2001/03/17 23:13:27 mouring Exp $ @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.19 2001/03/02 18:54:31 deraadt Exp $"); +RCSID("$OpenBSD: auth.c,v 1.20 2001/03/17 17:27:59 markus Exp $"); #ifdef HAVE_LOGIN_H #include <login.h> @@ -57,7 +57,7 @@ int allowed_user(struct passwd * pw) { struct stat st; - char *shell; + char *shell, *cp; int i; #ifdef WITH_AIXAUTHENTICATE char *loginmsg; @@ -95,6 +95,15 @@ allowed_user(struct passwd * pw) */ shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; + /* disallow anyone who does not have a standard shell */ + setusershell(); + while ((cp = getusershell()) != NULL) + if (strcmp(cp, shell) == 0) + break; + endusershell(); + if (cp == NULL) + return 0; + /* deny if shell does not exists or is not executable */ if (stat(shell, &st) != 0) return 0; |