- markus@cvs.openbsd.org 2001/03/17 17:27:59
[auth.c]
check /etc/shells, too
diff --git a/ChangeLog b/ChangeLog
index 183a9c6..49aec1d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,10 @@
20010318
- (bal) Fixed scp type casing issue which causes "scp: protocol error:
size not delimited" fatal errors when tranfering.
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/17 17:27:59
+ [auth.c]
+ check /etc/shells, too
20010317
- Support usrinfo() on AIX. Based on patch from Gert Doering
@@ -4590,4 +4594,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.969 2001/03/17 18:07:46 mouring Exp $
+$Id: ChangeLog,v 1.970 2001/03/17 23:13:27 mouring Exp $
diff --git a/auth.c b/auth.c
index 3e31a44..14e7f7e 100644
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.19 2001/03/02 18:54:31 deraadt Exp $");
+RCSID("$OpenBSD: auth.c,v 1.20 2001/03/17 17:27:59 markus Exp $");
#ifdef HAVE_LOGIN_H
#include <login.h>
@@ -57,7 +57,7 @@
allowed_user(struct passwd * pw)
{
struct stat st;
- char *shell;
+ char *shell, *cp;
int i;
#ifdef WITH_AIXAUTHENTICATE
char *loginmsg;
@@ -95,6 +95,15 @@
*/
shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
+ /* disallow anyone who does not have a standard shell */
+ setusershell();
+ while ((cp = getusershell()) != NULL)
+ if (strcmp(cp, shell) == 0)
+ break;
+ endusershell();
+ if (cp == NULL)
+ return 0;
+
/* deny if shell does not exists or is not executable */
if (stat(shell, &st) != 0)
return 0;