version 1.83, 2010/01/13 23:47:26 |
version 1.84, 2010/02/09 06:18:46 |
|
|
{ |
{ |
struct stat st; |
struct stat st; |
const char *hostname = NULL, *ipaddr = NULL; |
const char *hostname = NULL, *ipaddr = NULL; |
char *shell, *tmp, *chroot_path; |
|
u_int i; |
u_int i; |
|
|
/* Shouldn't be called if pw is NULL, but better safe than sorry... */ |
/* Shouldn't be called if pw is NULL, but better safe than sorry... */ |
|
|
return 0; |
return 0; |
|
|
/* |
/* |
* Get the shell from the password data. An empty shell field is |
* Deny if shell does not exist or is not executable unless we |
* legal, and means /bin/sh. |
* are chrooting. |
*/ |
*/ |
shell = xstrdup((pw->pw_shell[0] == '\0') ? |
if (options.chroot_directory == NULL || |
_PATH_BSHELL : pw->pw_shell); |
strcasecmp(options.chroot_directory, "none") == 0) { |
|
char *shell = xstrdup((pw->pw_shell[0] == '\0') ? |
|
_PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */ |
|
|
/* |
if (stat(shell, &st) != 0) { |
* Amend shell if chroot is requested. |
logit("User %.100s not allowed because shell %.100s " |
*/ |
"does not exist", pw->pw_name, shell); |
if (options.chroot_directory != NULL && |
xfree(shell); |
strcasecmp(options.chroot_directory, "none") != 0) { |
return 0; |
tmp = tilde_expand_filename(options.chroot_directory, |
} |
pw->pw_uid); |
if (S_ISREG(st.st_mode) == 0 || |
chroot_path = percent_expand(tmp, "h", pw->pw_dir, |
(st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) { |
"u", pw->pw_name, (char *)NULL); |
logit("User %.100s not allowed because shell %.100s " |
xfree(tmp); |
"is not executable", pw->pw_name, shell); |
xasprintf(&tmp, "%s/%s", chroot_path, shell); |
xfree(shell); |
|
return 0; |
|
} |
xfree(shell); |
xfree(shell); |
shell = tmp; |
|
free(chroot_path); |
|
} |
} |
|
|
/* deny if shell does not exists or is not executable */ |
|
if (stat(shell, &st) != 0) { |
|
logit("User %.100s not allowed because shell %.100s does not exist", |
|
pw->pw_name, shell); |
|
xfree(shell); |
|
return 0; |
|
} |
|
if (S_ISREG(st.st_mode) == 0 || |
|
(st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) { |
|
logit("User %.100s not allowed because shell %.100s is not executable", |
|
pw->pw_name, shell); |
|
xfree(shell); |
|
return 0; |
|
} |
|
xfree(shell); |
|
|
|
if (options.num_deny_users > 0 || options.num_allow_users > 0 || |
if (options.num_deny_users > 0 || options.num_allow_users > 0 || |
options.num_deny_groups > 0 || options.num_allow_groups > 0) { |
options.num_deny_groups > 0 || options.num_allow_groups > 0) { |