getusershell()

Fri Jun 6 11:25:03 EST 2003

At 11:00 AM 6/6/2003 +1000, Damien Miller wrote:
>Peter Balland wrote:
> > I was wondering if there is any chance of getusershell() functionality 
> ever
> > making it into the official OpenSSH distribution.  From searching the list
> > archives, it looks like a patch to add this support in openbsd-compat was
> > created by Damien Miller on 2001-03-18, but never seemed to be tested or
> > applied.  I think this functionality would be very helpful, and am willing
> > to take a stab at updating the patch if there is a chance of it being 
> approved.
>
>Could you refresh our collective memories as to what this patch does?
>
>-d

The patch I was referring to only adds support for the 3 functions 
getusershell(), setusershell(), and endusershell() for platforms where it 
is not supported (like IRIX.)  The functions themselves would be used to 
check that a user's shell is listed as valid in /etc/shells.  This can be 
used as an additional authorization step for auth types that benefit from it.

I could not find a patch that actually adds these routines to the 
authentication routines, but based on the following email, I believe one 
was attempted:

>List:     openssh-unix-dev
>Subject:  Re: openssh wish list for 2.6.*
>From:     Tim Rice <tim () multitalents ! net>
>Date:     2001-03-18 2:37:38
>[Download message RAW]
>
>
>03/17 CVS
>
>Undefined                       first referenced
>  symbol                             in file
>endusershell                        auth.o
>getusershell                        auth.o
>setusershell                        auth.o
>UX:ld: ERROR: sshd: fatal error: Symbol referencing errors. No output 
>written to
>  sshd
>
>Looks like more needs to be added to openbsd-compat
>
>--
>Tim Rice                                Multitalents    (707) 887-1469
>tim at multitalents.net

Peter

---
Peter Balland
balland1 at llnl.gov