summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2001-03-17 17:28:00 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2001-03-17 17:28:00 +0000
commitf5bc9c9b182a10d39e17d6511acbbdc5c5c38315 (patch)
tree54ec35a52c660de5516f2fb582bf4543fef78ae7
parent7049fe0c176e75d73e43c326f1438a16dcc7b07d (diff)
check /etc/shells, too
-rw-r--r--usr.bin/ssh/auth.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c
index 1f0ba30baf7..df193f0760e 100644
--- a/usr.bin/ssh/auth.c
+++ b/usr.bin/ssh/auth.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.19 2001/03/02 18:54:31 deraadt Exp $");
+RCSID("$OpenBSD: auth.c,v 1.20 2001/03/17 17:27:59 markus Exp $");
#include "xmalloc.h"
#include "match.h"
@@ -50,7 +50,7 @@ int
allowed_user(struct passwd * pw)
{
struct stat st;
- char *shell;
+ char *shell, *cp;
int i;
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
@@ -63,6 +63,15 @@ allowed_user(struct passwd * pw)
*/
shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
+ /* disallow anyone who does not have a standard shell */
+ setusershell();
+ while ((cp = getusershell()) != NULL)
+ if (strcmp(cp, shell) == 0)
+ break;
+ endusershell();
+ if (cp == NULL)
+ return 0;
+
/* deny if shell does not exists or is not executable */
if (stat(shell, &st) != 0)
return 0;