[BACK]Return to auth.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/auth.c between version 1.82 and 1.83

version 1.82, 2010/01/13 00:19:04 version 1.83, 2010/01/13 23:47:26
Line 79 
Line 79 
 {  {
         struct stat st;          struct stat st;
         const char *hostname = NULL, *ipaddr = NULL;          const char *hostname = NULL, *ipaddr = NULL;
         char *shell;          char *shell, *tmp, *chroot_path;
         u_int i;          u_int i;
   
         /* Shouldn't be called if pw is NULL, but better safe than sorry... */          /* Shouldn't be called if pw is NULL, but better safe than sorry... */
Line 90 
Line 90 
          * Get the shell from the password data.  An empty shell field is           * Get the shell from the password data.  An empty shell field is
          * legal, and means /bin/sh.           * legal, and means /bin/sh.
          */           */
         shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;          shell = xstrdup((pw->pw_shell[0] == '\0') ?
               _PATH_BSHELL : pw->pw_shell);
   
           /*
            * Amend shell if chroot is requested.
            */
           if (options.chroot_directory != NULL &&
               strcasecmp(options.chroot_directory, "none") != 0) {
                   tmp = tilde_expand_filename(options.chroot_directory,
                       pw->pw_uid);
                   chroot_path = percent_expand(tmp, "h", pw->pw_dir,
                       "u", pw->pw_name, (char *)NULL);
                   xfree(tmp);
                   xasprintf(&tmp, "%s/%s", chroot_path, shell);
                   xfree(shell);
                   shell = tmp;
                   free(chroot_path);
           }
   
         /* deny if shell does not exists or is not executable */          /* deny if shell does not exists or is not executable */
         if (stat(shell, &st) != 0) {          if (stat(shell, &st) != 0) {
                 logit("User %.100s not allowed because shell %.100s does not exist",                  logit("User %.100s not allowed because shell %.100s does not exist",
                     pw->pw_name, shell);                      pw->pw_name, shell);
                   xfree(shell);
                 return 0;                  return 0;
         }          }
         if (S_ISREG(st.st_mode) == 0 ||          if (S_ISREG(st.st_mode) == 0 ||
             (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {              (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
                 logit("User %.100s not allowed because shell %.100s is not executable",                  logit("User %.100s not allowed because shell %.100s is not executable",
                     pw->pw_name, shell);                      pw->pw_name, shell);
                   xfree(shell);
                 return 0;                  return 0;
         }          }
           xfree(shell);
   
         if (options.num_deny_users > 0 || options.num_allow_users > 0 ||          if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
             options.num_deny_groups > 0 || options.num_allow_groups > 0) {              options.num_deny_groups > 0 || options.num_allow_groups > 0) {
Legend:
Removed from v.1.82  
changed lines
  Added in v.1.83