Added futher checks... from theo -moj

1 files changed, 21 insertions, 2 deletions

diff --git a/libexec/rpc.yppasswdd/yppasswdd_mkpw.c b/libexec/rpc.yppasswdd/yppasswdd_mkpw.c
index d5114f03f18..621e2a1e33f 100644
--- a/libexec/rpc.yppasswdd/yppasswdd_mkpw.c
+++ b/libexec/rpc.yppasswdd/yppasswdd_mkpw.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: yppasswdd_mkpw.c,v 1.16 1997/11/17 23:56:20 gene Exp $	*/
+/*	$OpenBSD: yppasswdd_mkpw.c,v 1.17 1998/01/28 21:20:37 maja Exp $	*/
 
 /*
  * Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se>
@@ -32,7 +32,7 @@
  */
 
 #ifndef LINT
-static char rcsid[] = "$OpenBSD: yppasswdd_mkpw.c,v 1.16 1997/11/17 23:56:20 gene Exp $";
+static char rcsid[] = "$OpenBSD: yppasswdd_mkpw.c,v 1.17 1998/01/28 21:20:37 maja Exp $";
 #endif
 
 #include <sys/param.h>
@@ -58,6 +58,23 @@ extern int make;
 extern char make_arg[];
 extern char *dir;
 
+char *
+ok_shell(name)
+	char *name;
+{
+	char *p, *sh;
+
+	setusershell();
+	while (sh = getusershell()) {
+		if (!strcmp(name, sh))
+			return (name);
+		/* allow just shell name, but use "real" path */
+		if ((p = strrchr(sh, '/')) && strcmp(name, p + 1) == 0)
+			return (sh);
+	}
+	return (NULL);
+}
+
 int
 badchars(base)
 	char *base;
@@ -169,6 +186,8 @@ make_passwd(argp)
 		goto fail;
 	if (!nogecos && badchars(argp->newpw.pw_shell))
 		goto fail;
+	if (!ok_shell(argp->newpw.pw_shell) || !ok_shell(pw.pw_shell))
+		goto fail;
 
 	/*
 	 * Get the new password.  Reset passwd change time to zero; when