version 1.82, 2010/01/13 00:19:04 |
version 1.83, 2010/01/13 23:47:26 |
|
|
{ |
{ |
struct stat st; |
struct stat st; |
const char *hostname = NULL, *ipaddr = NULL; |
const char *hostname = NULL, *ipaddr = NULL; |
char *shell; |
char *shell, *tmp, *chroot_path; |
u_int i; |
u_int i; |
|
|
/* Shouldn't be called if pw is NULL, but better safe than sorry... */ |
/* Shouldn't be called if pw is NULL, but better safe than sorry... */ |
|
|
* Get the shell from the password data. An empty shell field is |
* Get the shell from the password data. An empty shell field is |
* legal, and means /bin/sh. |
* legal, and means /bin/sh. |
*/ |
*/ |
shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; |
shell = xstrdup((pw->pw_shell[0] == '\0') ? |
|
_PATH_BSHELL : pw->pw_shell); |
|
|
|
/* |
|
* Amend shell if chroot is requested. |
|
*/ |
|
if (options.chroot_directory != NULL && |
|
strcasecmp(options.chroot_directory, "none") != 0) { |
|
tmp = tilde_expand_filename(options.chroot_directory, |
|
pw->pw_uid); |
|
chroot_path = percent_expand(tmp, "h", pw->pw_dir, |
|
"u", pw->pw_name, (char *)NULL); |
|
xfree(tmp); |
|
xasprintf(&tmp, "%s/%s", chroot_path, shell); |
|
xfree(shell); |
|
shell = tmp; |
|
free(chroot_path); |
|
} |
|
|
/* deny if shell does not exists or is not executable */ |
/* deny if shell does not exists or is not executable */ |
if (stat(shell, &st) != 0) { |
if (stat(shell, &st) != 0) { |
logit("User %.100s not allowed because shell %.100s does not exist", |
logit("User %.100s not allowed because shell %.100s does not exist", |
pw->pw_name, shell); |
pw->pw_name, shell); |
|
xfree(shell); |
return 0; |
return 0; |
} |
} |
if (S_ISREG(st.st_mode) == 0 || |
if (S_ISREG(st.st_mode) == 0 || |
(st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) { |
(st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) { |
logit("User %.100s not allowed because shell %.100s is not executable", |
logit("User %.100s not allowed because shell %.100s is not executable", |
pw->pw_name, shell); |
pw->pw_name, shell); |
|
xfree(shell); |
return 0; |
return 0; |
} |
} |
|
xfree(shell); |
|
|
if (options.num_deny_users > 0 || options.num_allow_users > 0 || |
if (options.num_deny_users > 0 || options.num_allow_users > 0 || |
options.num_deny_groups > 0 || options.num_allow_groups > 0) { |
options.num_deny_groups > 0 || options.num_allow_groups > 0) { |