From ef7df540735d5ee8889f7f87cc74fc4ec5f4e260 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Fri, 19 May 2000 00:03:23 +1000
Subject:  - Include Andre Lucas' fixprogs script. Forgot to "cvs add" it
 yesterday  - OpenBSD CVS updates:   - markus@cvs.openbsd.org    
 [sshconnect.c]     copy only ai_addrlen bytes; misiek@pld.org.pl     [auth.c]
     accept an empty shell in authentication; bug reported by    
 chris@tinker.ucr.edu     [serverloop.c]     we don't have stderr for
 interactive terminal sessions (fcntl errors)

---
 auth.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'auth.c')

diff --git a/auth.c b/auth.c
index c3063e42..c3baa962 100644
--- a/auth.c
+++ b/auth.c
@@ -5,7 +5,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.6 2000/04/26 21:28:31 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.7 2000/05/17 21:37:24 deraadt Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -48,6 +48,7 @@ allowed_user(struct passwd * pw)
 {
 	struct stat st;
 	struct group *grp;
+	char *shell;
 	int i;
 #ifdef WITH_AIXAUTHENTICATE
 	char *loginmsg;
@@ -58,7 +59,14 @@ allowed_user(struct passwd * pw)
 		return 0;
 
 	/* deny if shell does not exists or is not executable */
-	if (stat(pw->pw_shell, &st) != 0)
+	/*
+	 * Get the shell from the password data.  An empty shell field is
+	 * legal, and means /bin/sh.
+	 */
+	shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
+
+	/* deny if shell does not exists or is not executable */
+	if (stat(shell, &st) != 0)
 		return 0;
 	if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP))))
 		return 0;
-- 
cgit v1.2.3