diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2001-03-17 17:28:00 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2001-03-17 17:28:00 +0000 |
commit | f5bc9c9b182a10d39e17d6511acbbdc5c5c38315 (patch) | |
tree | 54ec35a52c660de5516f2fb582bf4543fef78ae7 /usr.bin | |
parent | 7049fe0c176e75d73e43c326f1438a16dcc7b07d (diff) |
check /etc/shells, too
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/ssh/auth.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c index 1f0ba30baf7..df193f0760e 100644 --- a/usr.bin/ssh/auth.c +++ b/usr.bin/ssh/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.19 2001/03/02 18:54:31 deraadt Exp $"); +RCSID("$OpenBSD: auth.c,v 1.20 2001/03/17 17:27:59 markus Exp $"); #include "xmalloc.h" #include "match.h" @@ -50,7 +50,7 @@ int allowed_user(struct passwd * pw) { struct stat st; - char *shell; + char *shell, *cp; int i; /* Shouldn't be called if pw is NULL, but better safe than sorry... */ @@ -63,6 +63,15 @@ allowed_user(struct passwd * pw) */ shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; + /* disallow anyone who does not have a standard shell */ + setusershell(); + while ((cp = getusershell()) != NULL) + if (strcmp(cp, shell) == 0) + break; + endusershell(); + if (cp == NULL) + return 0; + /* deny if shell does not exists or is not executable */ if (stat(shell, &st) != 0) return 0; |