[BACK]Return to auth.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/auth.c between version 1.83 and 1.84

version 1.83, 2010/01/13 23:47:26 version 1.84, 2010/02/09 06:18:46
Line 79 
Line 79 
 {  {
         struct stat st;          struct stat st;
         const char *hostname = NULL, *ipaddr = NULL;          const char *hostname = NULL, *ipaddr = NULL;
         char *shell, *tmp, *chroot_path;  
         u_int i;          u_int i;
   
         /* Shouldn't be called if pw is NULL, but better safe than sorry... */          /* Shouldn't be called if pw is NULL, but better safe than sorry... */
Line 87 
Line 86 
                 return 0;                  return 0;
   
         /*          /*
          * Get the shell from the password data.  An empty shell field is           * Deny if shell does not exist or is not executable unless we
          * legal, and means /bin/sh.           * are chrooting.
          */           */
         shell = xstrdup((pw->pw_shell[0] == '\0') ?          if (options.chroot_directory == NULL ||
             _PATH_BSHELL : pw->pw_shell);              strcasecmp(options.chroot_directory, "none") == 0) {
                   char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
                       _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */
   
         /*                  if (stat(shell, &st) != 0) {
          * Amend shell if chroot is requested.                          logit("User %.100s not allowed because shell %.100s "
          */                              "does not exist", pw->pw_name, shell);
         if (options.chroot_directory != NULL &&                          xfree(shell);
             strcasecmp(options.chroot_directory, "none") != 0) {                          return 0;
                 tmp = tilde_expand_filename(options.chroot_directory,                  }
                     pw->pw_uid);                  if (S_ISREG(st.st_mode) == 0 ||
                 chroot_path = percent_expand(tmp, "h", pw->pw_dir,                      (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
                     "u", pw->pw_name, (char *)NULL);                          logit("User %.100s not allowed because shell %.100s "
                 xfree(tmp);                              "is not executable", pw->pw_name, shell);
                 xasprintf(&tmp, "%s/%s", chroot_path, shell);                          xfree(shell);
                           return 0;
                   }
                 xfree(shell);                  xfree(shell);
                 shell = tmp;  
                 free(chroot_path);  
         }          }
   
         /* deny if shell does not exists or is not executable */  
         if (stat(shell, &st) != 0) {  
                 logit("User %.100s not allowed because shell %.100s does not exist",  
                     pw->pw_name, shell);  
                 xfree(shell);  
                 return 0;  
         }  
         if (S_ISREG(st.st_mode) == 0 ||  
             (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {  
                 logit("User %.100s not allowed because shell %.100s is not executable",  
                     pw->pw_name, shell);  
                 xfree(shell);  
                 return 0;  
         }  
         xfree(shell);  
   
         if (options.num_deny_users > 0 || options.num_allow_users > 0 ||          if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
             options.num_deny_groups > 0 || options.num_allow_groups > 0) {              options.num_deny_groups > 0 || options.num_allow_groups > 0) {
Legend:
Removed from v.1.83  
changed lines
  Added in v.1.84