From d69191bb4e93374f9818ab485d1a28fbfc0d1493 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Sat, 17 Mar 2001 23:13:27 +0000 Subject: [PATCH] - markus@cvs.openbsd.org 2001/03/17 17:27:59 [auth.c] check /etc/shells, too --- ChangeLog | 6 +++++- auth.c | 13 +++++++++++-- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 183a9c629..49aec1dd0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ 20010318 - (bal) Fixed scp type casing issue which causes "scp: protocol error: size not delimited" fatal errors when tranfering. + - OpenBSD CVS Sync + - markus@cvs.openbsd.org 2001/03/17 17:27:59 + [auth.c] + check /etc/shells, too 20010317 - Support usrinfo() on AIX. Based on patch from Gert Doering @@ -4590,4 +4594,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.969 2001/03/17 18:07:46 mouring Exp $ +$Id: ChangeLog,v 1.970 2001/03/17 23:13:27 mouring Exp $ diff --git a/auth.c b/auth.c index 3e31a448d..14e7f7e71 100644 --- a/auth.c +++ b/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.19 2001/03/02 18:54:31 deraadt Exp $"); +RCSID("$OpenBSD: auth.c,v 1.20 2001/03/17 17:27:59 markus Exp $"); #ifdef HAVE_LOGIN_H #include @@ -57,7 +57,7 @@ int allowed_user(struct passwd * pw) { struct stat st; - char *shell; + char *shell, *cp; int i; #ifdef WITH_AIXAUTHENTICATE char *loginmsg; @@ -95,6 +95,15 @@ allowed_user(struct passwd * pw) */ shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; + /* disallow anyone who does not have a standard shell */ + setusershell(); + while ((cp = getusershell()) != NULL) + if (strcmp(cp, shell) == 0) + break; + endusershell(); + if (cp == NULL) + return 0; + /* deny if shell does not exists or is not executable */ if (stat(shell, &st) != 0) return 0;