The Linux/Unix-port of OpenSSH-1.2.3 in sshd.c:allowed_user() denies
Login to users with an empty shell-field in /etc/passwd. According
to the docs this is wrong and an empty shell-field should default to
/bin/sh.
I'm sure that this is what was intended, because code and comment get
it right in sshd.c:do_child():
* Get the shell from the password data. An empty shell field is
* legal, and means /bin/sh.
A patch is attached.
Cheers, Theo
-------------- next part --------------
diff -Naur openssh-1.2.3-dist/sshd.c openssh-1.2.3/sshd.c
--- openssh-1.2.3-dist/sshd.c Fri Mar 31 23:04:10 2000
+++ openssh-1.2.3/sshd.c Fri Mar 31 23:24:21 2000
@@ -1121,6 +1121,7 @@
struct stat st;
struct group *grp;
int i;
+ char*shell;
#ifdef WITH_AIXAUTHENTICATE
char *loginmsg;
#endif /* WITH_AIXAUTHENTICATE */
@@ -1129,8 +1130,9 @@
if (!pw)
return 0;
- /* deny if shell does not exists or is not executable */
- if (stat(pw->pw_shell, &st) != 0)
+ /* deny if shell is not executable, empty shell defaults to /bin/sh */
+ shell = pw->pw_shell[0] ? _PATH_BSHELL : pw->pw_shell;
+ if (stat(shell, &st) != 0)
return 0;
if (!((st.st_mode & S_IFREG) && (st.st_mode &
(S_IXOTH|S_IXUSR|S_IXGRP))))
return 0;
