- djm@cvs.openbsd.org 2010/02/09 06:18:46

     [auth.c]
     unbreak ChrootDirectory+internal-sftp by skipping check for executable
     shell when chrooting; reported by danh AT wzrd.com; ok dtucker@

diff --git a/ChangeLog b/ChangeLog
index 872f06e9fd41e7cbd21359e09a47a0fdca5d8dcc..db0b19df480b079bf38c45f7f0383cc79be4d7d6 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -27,6 +27,10 @@
    - djm@cvs.openbsd.org 2010/02/09 03:56:28
      [buffer.c buffer.h]
      constify the arguments to buffer_len, buffer_ptr and buffer_dump
+   - djm@cvs.openbsd.org 2010/02/09 06:18:46
+     [auth.c]
+     unbreak ChrootDirectory+internal-sftp by skipping check for executable
+     shell when chrooting; reported by danh AT wzrd.com; ok dtucker@
 
 20100210
  - (djm) add -lselinux to LIBS before calling AC_CHECK_FUNCS for

diff --git a/auth.c b/auth.c
index da87807a80e00a1a04e728eb313c3c2cb926ddf2..3005f815ea8733155f5ef8e7495d5ef605f5b65e 100644 (file)
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.83 2010/01/13 23:47:26 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.84 2010/02/09 06:18:46 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -95,7 +95,6 @@ allowed_user(struct passwd * pw)
 {
        struct stat st;
        const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
-       char *shell, *tmp, *chroot_path;
        u_int i;
 #ifdef USE_SHADOW
        struct spwd *spw = NULL;
@@ -153,43 +152,29 @@ allowed_user(struct passwd * pw)
        }
 
        /*
-        * Get the shell from the password data.  An empty shell field is
-        * legal, and means /bin/sh.
+        * Deny if shell does not exist or is not executable unless we
+        * are chrooting.
         */
-       shell = xstrdup((pw->pw_shell[0] == '\0') ?
-           _PATH_BSHELL : pw->pw_shell);
-
-       /*
-        * Amend shell if chroot is requested.
-        */
-       if (options.chroot_directory != NULL &&
-           strcasecmp(options.chroot_directory, "none") != 0) {
-               tmp = tilde_expand_filename(options.chroot_directory,
-                   pw->pw_uid);
-               chroot_path = percent_expand(tmp, "h", pw->pw_dir,
-                   "u", pw->pw_name, (char *)NULL);
-               xfree(tmp);
-               xasprintf(&tmp, "%s/%s", chroot_path, shell);
-               xfree(shell);
-               shell = tmp;
-               free(chroot_path);
-       }
-
-       /* deny if shell does not exists or is not executable */
-       if (stat(shell, &st) != 0) {
-               logit("User %.100s not allowed because shell %.100s does not exist",
-                   pw->pw_name, shell);
-               xfree(shell);
-               return 0;
-       }
-       if (S_ISREG(st.st_mode) == 0 ||
-           (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
-               logit("User %.100s not allowed because shell %.100s is not executable",
-                   pw->pw_name, shell);
+       if (options.chroot_directory == NULL ||
+           strcasecmp(options.chroot_directory, "none") == 0) {
+               char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
+                   _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */
+
+               if (stat(shell, &st) != 0) {
+                       logit("User %.100s not allowed because shell %.100s "
+                           "does not exist", pw->pw_name, shell);
+                       xfree(shell);
+                       return 0;
+               }
+               if (S_ISREG(st.st_mode) == 0 ||
+                   (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
+                       logit("User %.100s not allowed because shell %.100s "
+                           "is not executable", pw->pw_name, shell);
+                       xfree(shell);
+                       return 0;
+               }
                xfree(shell);
-               return 0;
        }
-       xfree(shell);
 
        if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
            options.num_deny_groups > 0 || options.num_allow_groups > 0) {