patch in user validation code

vsync vsync at quadium.net
Sat Apr 15 10:40:14 EST 2000


I was encountering a strange message about "faked authloop for illegal 
user".  It turned out the allowed_user function was disallowing passwd 
entries with a blank shell field, which is supposed to be equivalent
to "/bin/sh".

This patch is based on OpenSSH 1.2.3, and I have tested it on
Slackware 7.0.

--- sshd.old	Wed Apr 12 23:47:04 2000
+++ sshd.c	Thu Apr 13 00:35:54 2000
@@ -1121,6 +1121,7 @@
 	struct stat st;
 	struct group *grp;
 	int i;
+	char *shell;
 #ifdef WITH_AIXAUTHENTICATE
 	char *loginmsg;
 #endif /* WITH_AIXAUTHENTICATE */
@@ -1130,7 +1131,12 @@
 		return 0;
 
 	/* deny if shell does not exists or is not executable */
-	if (stat(pw->pw_shell, &st) != 0)
+	/* first make sure that "" == "/bin/sh", as specified in passwd(5) */
+	if (!pw->pw_shell || !strlen(pw->pw_shell))
+		shell = _PATH_BSHELL;
+	else
+		shell = pw->pw_shell;
+	if (stat(shell, &st) != 0)
 		return 0;
 	if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP))))
 		return 0;

-- 
vsync
http://quadium.net/
Orjner.





More information about the openssh-unix-dev mailing list