]> andersk Git - openssh.git/blame_incremental - auth2.c
andersk / openssh.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
- (stevesk) OpenBSD CVS updates:
[openssh.git] / auth2.c
... / ...
CommitLineData
1/*
2 * Copyright (c) 2000 Markus Friedl. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */
24
25#include "includes.h"
26RCSID("$OpenBSD: auth2.c,v 1.22 2000/12/03 11:15:02 markus Exp $");
27
28#ifdef HAVE_OSF_SIA
29# include <sia.h>
30# include <siad.h>
31#endif
32
33#include <openssl/dsa.h>
34#include <openssl/rsa.h>
35#include <openssl/evp.h>
36
37#include "xmalloc.h"
38#include "rsa.h"
39#include "ssh.h"
40#include "pty.h"
41#include "packet.h"
42#include "buffer.h"
43#include "servconf.h"
44#include "compat.h"
45#include "channels.h"
46#include "bufaux.h"
47#include "ssh2.h"
48#include "auth.h"
49#include "session.h"
50#include "dispatch.h"
51#include "auth.h"
52#include "key.h"
53#include "kex.h"
54
55#include "uidswap.h"
56#include "auth-options.h"
57
58/* import */
59extern ServerOptions options;
60extern unsigned char *session_id2;
61extern int session_id2_len;
62
63#ifdef WITH_AIXAUTHENTICATE
64extern char *aixloginmsg;
65#endif
66#ifdef HAVE_OSF_SIA
67extern int saved_argc;
68extern char **saved_argv;
69#endif
70
71static Authctxt *x_authctxt = NULL;
72static int one = 1;
73
74typedef struct Authmethod Authmethod;
75struct Authmethod {
76 char *name;
77 int (*userauth)(Authctxt *authctxt);
78 int *enabled;
79};
80
81/* protocol */
82
83void input_service_request(int type, int plen, void *ctxt);
84void input_userauth_request(int type, int plen, void *ctxt);
85void protocol_error(int type, int plen, void *ctxt);
86
87
88/* helper */
89Authmethod *authmethod_lookup(const char *name);
90struct passwd *pwcopy(struct passwd *pw);
91int user_key_allowed(struct passwd *pw, Key *key);
92char *authmethods_get(void);
93
94/* auth */
95int userauth_none(Authctxt *authctxt);
96int userauth_passwd(Authctxt *authctxt);
97int userauth_pubkey(Authctxt *authctxt);
98int userauth_kbdint(Authctxt *authctxt);
99
100Authmethod authmethods[] = {
101 {"none",
102 userauth_none,
103 &one},
104 {"publickey",
105 userauth_pubkey,
106 &options.pubkey_authentication},
107 {"keyboard-interactive",
108 userauth_kbdint,
109 &options.kbd_interactive_authentication},
110 {"password",
111 userauth_passwd,
112 &options.password_authentication},
113 {NULL, NULL, NULL}
114};
115
116/*
117 * loop until authctxt->success == TRUE
118 */
119
120void
121do_authentication2()
122{
123 Authctxt *authctxt = xmalloc(sizeof(*authctxt));
124 memset(authctxt, 'a', sizeof(*authctxt));
125 authctxt->valid = 0;
126 authctxt->attempt = 0;
127 authctxt->success = 0;
128 x_authctxt = authctxt; /*XXX*/
129
130#ifdef KRB4
131 /* turn off kerberos, not supported by SSH2 */
132 options.kerberos_authentication = 0;
133#endif
134 dispatch_init(&protocol_error);
135 dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
136 dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
137 do_authenticated2();
138}
139
140void
141protocol_error(int type, int plen, void *ctxt)
142{
143 log("auth: protocol error: type %d plen %d", type, plen);
144 packet_start(SSH2_MSG_UNIMPLEMENTED);
145 packet_put_int(0);
146 packet_send();
147 packet_write_wait();
148}
149
150void
151input_service_request(int type, int plen, void *ctxt)
152{
153 Authctxt *authctxt = ctxt;
154 unsigned int len;
155 int accept = 0;
156 char *service = packet_get_string(&len);
157 packet_done();
158
159 if (authctxt == NULL)
160 fatal("input_service_request: no authctxt");
161
162 if (strcmp(service, "ssh-userauth") == 0) {
163 if (!authctxt->success) {
164 accept = 1;
165 /* now we can handle user-auth requests */
166 dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request);
167 }
168 }
169 /* XXX all other service requests are denied */
170
171 if (accept) {
172 packet_start(SSH2_MSG_SERVICE_ACCEPT);
173 packet_put_cstring(service);
174 packet_send();
175 packet_write_wait();
176 } else {
177 debug("bad service request %s", service);
178 packet_disconnect("bad service request %s", service);
179 }
180 xfree(service);
181}
182
183void
184input_userauth_request(int type, int plen, void *ctxt)
185{
186 Authctxt *authctxt = ctxt;
187 Authmethod *m = NULL;
188 char *user, *service, *method;
189 int authenticated = 0;
190
191 if (authctxt == NULL)
192 fatal("input_userauth_request: no authctxt");
193 if (authctxt->attempt++ >= AUTH_FAIL_MAX) {
194#ifdef WITH_AIXAUTHENTICATE
195 loginfailed(authctxt->user?authctxt->user:"NOUSER",
196 get_canonical_hostname(), "ssh");
197#endif /* WITH_AIXAUTHENTICATE */
198 packet_disconnect("too many failed userauth_requests");
199 }
200
201 user = packet_get_string(NULL);
202 service = packet_get_string(NULL);
203 method = packet_get_string(NULL);
204 debug("userauth-request for user %s service %s method %s", user, service, method);
205 debug("attempt #%d", authctxt->attempt);
206
207 if (authctxt->attempt == 1) {
208 /* setup auth context */
209 struct passwd *pw = NULL;
210 setproctitle("%s", user);
211 pw = getpwnam(user);
212 if (pw && allowed_user(pw) && strcmp(service, "ssh-connection")==0) {
213 authctxt->pw = pwcopy(pw);
214 authctxt->valid = 1;
215 debug2("input_userauth_request: setting up authctxt for %s", user);
216#ifdef USE_PAM
217 start_pam(pw);
218#endif
219 } else {
220 log("input_userauth_request: illegal user %s", user);
221 }
222 authctxt->user = xstrdup(user);
223 authctxt->service = xstrdup(service);
224 } else if (authctxt->valid) {
225 if (strcmp(user, authctxt->user) != 0 ||
226 strcmp(service, authctxt->service) != 0) {
227 log("input_userauth_request: missmatch: (%s,%s)!=(%s,%s)",
228 user, service, authctxt->user, authctxt->service);
229 authctxt->valid = 0;
230 }
231 }
232
233 m = authmethod_lookup(method);
234 if (m != NULL) {
235 debug2("input_userauth_request: try method %s", method);
236 authenticated = m->userauth(authctxt);
237 } else {
238 debug2("input_userauth_request: unsupported method %s", method);
239 }
240 if (!authctxt->valid && authenticated == 1) {
241 log("input_userauth_request: INTERNAL ERROR: authenticated invalid user %s service %s", user, method);
242 authenticated = 0;
243 }
244
245 /* Special handling for root */
246 if (authenticated == 1 &&
247 authctxt->valid && authctxt->pw->pw_uid == 0 && !options.permit_root_login) {
248 authenticated = 0;
249 log("ROOT LOGIN REFUSED FROM %.200s", get_canonical_hostname());
250 }
251
252#ifdef USE_PAM
253 if (authenticated && authctxt->user && !do_pam_account(authctxt->user, NULL))
254 authenticated = 0;
255#endif /* USE_PAM */
256
257 /* Log before sending the reply */
258 userauth_log(authctxt, authenticated, method);
259 userauth_reply(authctxt, authenticated);
260
261 xfree(service);
262 xfree(user);
263 xfree(method);
264}
265
266
267void
268userauth_log(Authctxt *authctxt, int authenticated, char *method)
269{
270 void (*authlog) (const char *fmt,...) = verbose;
271 char *user = NULL, *authmsg = NULL;
272
273 /* Raise logging level */
274 if (authenticated == 1 ||
275 !authctxt->valid ||
276 authctxt->attempt >= AUTH_FAIL_LOG ||
277 strcmp(method, "password") == 0)
278 authlog = log;
279
280 if (authenticated == 1) {
281 authmsg = "Accepted";
282 } else if (authenticated == 0) {
283 authmsg = "Failed";
284 } else {
285 authmsg = "Postponed";
286 }
287
288 if (authctxt->valid) {
289 user = authctxt->pw->pw_uid == 0 ? "ROOT" : authctxt->user;
290 } else {
291 user = "NOUSER";
292 }
293
294 authlog("%s %s for %.200s from %.200s port %d ssh2",
295 authmsg,
296 method,
297 user,
298 get_remote_ipaddr(),
299 get_remote_port());
300}
301
302void
303userauth_reply(Authctxt *authctxt, int authenticated)
304{
305 /* XXX todo: check if multiple auth methods are needed */
306 if (authenticated == 1) {
307#ifdef WITH_AIXAUTHENTICATE
308 /* We don't have a pty yet, so just label the line as "ssh" */
309 if (loginsuccess(authctxt->user?authctxt->user:"NOUSER",
310 get_canonical_hostname(), "ssh", &aixloginmsg) < 0)
311 aixloginmsg = NULL;
312#endif /* WITH_AIXAUTHENTICATE */
313 /* turn off userauth */
314 dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error);
315 packet_start(SSH2_MSG_USERAUTH_SUCCESS);
316 packet_send();
317 packet_write_wait();
318 /* now we can break out */
319 authctxt->success = 1;
320 } else if (authenticated == 0) {
321 char *methods = authmethods_get();
322 packet_start(SSH2_MSG_USERAUTH_FAILURE);
323 packet_put_cstring(methods);
324 packet_put_char(0); /* XXX partial success, unused */
325 packet_send();
326 packet_write_wait();
327 xfree(methods);
328 } else {
329 /* do nothing, we did already send a reply */
330 }
331}
332
333int
334userauth_none(Authctxt *authctxt)
335{
336 /* disable method "none", only allowed one time */
337 Authmethod *m = authmethod_lookup("none");
338 if (m != NULL)
339 m->enabled = NULL;
340 packet_done();
341
342 if (authctxt->valid == 0)
343 return(0);
344
345#ifdef HAVE_CYGWIN
346 if (check_nt_auth(1, authctxt->pw->pw_uid) == 0)
347 return(0);
348#endif
349#ifdef USE_PAM
350 return auth_pam_password(authctxt->pw, "");
351#elif defined(HAVE_OSF_SIA)
352 return (sia_validate_user(NULL, saved_argc, saved_argv,
353 get_canonical_hostname(), authctxt->user?authctxt->user:"NOUSER",
354 NULL, 0, NULL, "") == SIASUCCESS);
355#else /* !HAVE_OSF_SIA && !USE_PAM */
356 return auth_password(authctxt->pw, "");
357#endif /* USE_PAM */
358}
359
360int
361userauth_passwd(Authctxt *authctxt)
362{
363 char *password;
364 int authenticated = 0;
365 int change;
366 unsigned int len;
367 change = packet_get_char();
368 if (change)
369 log("password change not supported");
370 password = packet_get_string(&len);
371 packet_done();
372 if (authctxt->valid &&
373#ifdef HAVE_CYGWIN
374 check_nt_auth(1, authctxt->pw->pw_uid) &&
375#endif
376#ifdef USE_PAM
377 auth_pam_password(authctxt->pw, password) == 1)
378#elif defined(HAVE_OSF_SIA)
379 sia_validate_user(NULL, saved_argc, saved_argv,
380 get_canonical_hostname(), authctxt->user?authctxt->user:"NOUSER",
381 NULL, 0, NULL, password) == SIASUCCESS)
382#else /* !USE_PAM && !HAVE_OSF_SIA */
383 auth_password(authctxt->pw, password) == 1)
384#endif /* USE_PAM */
385 authenticated = 1;
386 memset(password, 0, len);
387 xfree(password);
388 return authenticated;
389}
390
391int
392userauth_kbdint(Authctxt *authctxt)
393{
394 int authenticated = 0;
395 char *lang = NULL;
396 char *devs = NULL;
397
398 lang = packet_get_string(NULL);
399 devs = packet_get_string(NULL);
400 packet_done();
401
402 debug("keyboard-interactive language %s devs %s", lang, devs);
403#ifdef USE_PAM
404 if (authenticated == 0)
405 authenticated = auth2_pam(authctxt);
406#endif
407#ifdef SKEY
408 /* XXX hardcoded, we should look at devs */
409 if (authenticated == 0)
410 if (options.skey_authentication != 0)
411 authenticated = auth2_skey(authctxt);
412#endif
413 xfree(lang);
414 xfree(devs);
415#ifdef HAVE_CYGWIN
416 if (check_nt_auth(0, authctxt->pw->pw_uid) == 0)
417 return(0);
418#endif
419 return authenticated;
420}
421
422int
423userauth_pubkey(Authctxt *authctxt)
424{
425 Buffer b;
426 Key *key;
427 char *pkalg, *pkblob, *sig;
428 unsigned int alen, blen, slen;
429 int have_sig, pktype;
430 int authenticated = 0;
431
432 if (!authctxt->valid) {
433 debug2("userauth_pubkey: disabled because of invalid user");
434 return 0;
435 }
436 have_sig = packet_get_char();
437 if (datafellows & SSH_BUG_PKAUTH) {
438 debug2("userauth_pubkey: SSH_BUG_PKAUTH");
439 /* no explicit pkalg given */
440 pkblob = packet_get_string(&blen);
441 buffer_init(&b);
442 buffer_append(&b, pkblob, blen);
443 /* so we have to extract the pkalg from the pkblob */
444 pkalg = buffer_get_string(&b, &alen);
445 buffer_free(&b);
446 } else {
447 pkalg = packet_get_string(&alen);
448 pkblob = packet_get_string(&blen);
449 }
450 pktype = key_type_from_name(pkalg);
451 if (pktype == KEY_UNSPEC) {
452 /* this is perfectly legal */
453 log("userauth_pubkey: unsupported public key algorithm: %s", pkalg);
454 xfree(pkalg);
455 xfree(pkblob);
456 return 0;
457 }
458 key = key_from_blob(pkblob, blen);
459 if (key != NULL) {
460 if (have_sig) {
461 sig = packet_get_string(&slen);
462 packet_done();
463 buffer_init(&b);
464 if (datafellows & SSH_OLD_SESSIONID) {
465 buffer_append(&b, session_id2, session_id2_len);
466 } else {
467 buffer_put_string(&b, session_id2, session_id2_len);
468 }
469 /* reconstruct packet */
470 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
471 buffer_put_cstring(&b, authctxt->user);
472 buffer_put_cstring(&b,
473 datafellows & SSH_BUG_PKSERVICE ?
474 "ssh-userauth" :
475 authctxt->service);
476 if (datafellows & SSH_BUG_PKAUTH) {
477 buffer_put_char(&b, have_sig);
478 } else {
479 buffer_put_cstring(&b, "publickey");
480 buffer_put_char(&b, have_sig);
481 buffer_put_cstring(&b, key_ssh_name(key));
482 }
483 buffer_put_string(&b, pkblob, blen);
484#ifdef DEBUG_PK
485 buffer_dump(&b);
486#endif
487 /* test for correct signature */
488 if (user_key_allowed(authctxt->pw, key) &&
489 key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
490 authenticated = 1;
491 buffer_clear(&b);
492 xfree(sig);
493 } else {
494 debug("test whether pkalg/pkblob are acceptable");
495 packet_done();
496
497 /* XXX fake reply and always send PK_OK ? */
498 /*
499 * XXX this allows testing whether a user is allowed
500 * to login: if you happen to have a valid pubkey this
501 * message is sent. the message is NEVER sent at all
502 * if a user is not allowed to login. is this an
503 * issue? -markus
504 */
505 if (user_key_allowed(authctxt->pw, key)) {
506 packet_start(SSH2_MSG_USERAUTH_PK_OK);
507 packet_put_string(pkalg, alen);
508 packet_put_string(pkblob, blen);
509 packet_send();
510 packet_write_wait();
511 authenticated = -1;
512 }
513 }
514 if (authenticated != 1)
515 auth_clear_options();
516 key_free(key);
517 }
518 debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
519 xfree(pkalg);
520 xfree(pkblob);
521#ifdef HAVE_CYGWIN
522 if (check_nt_auth(0, authctxt->pw->pw_uid) == 0)
523 return(0);
524#endif
525 return authenticated;
526}
527
528/* get current user */
529
530struct passwd*
531auth_get_user(void)
532{
533 return (x_authctxt != NULL && x_authctxt->valid) ? x_authctxt->pw : NULL;
534}
535
536#define DELIM ","
537
538char *
539authmethods_get(void)
540{
541 Authmethod *method = NULL;
542 unsigned int size = 0;
543 char *list;
544
545 for (method = authmethods; method->name != NULL; method++) {
546 if (strcmp(method->name, "none") == 0)
547 continue;
548 if (method->enabled != NULL && *(method->enabled) != 0) {
549 if (size != 0)
550 size += strlen(DELIM);
551 size += strlen(method->name);
552 }
553 }
554 size++; /* trailing '\0' */
555 list = xmalloc(size);
556 list[0] = '\0';
557
558 for (method = authmethods; method->name != NULL; method++) {
559 if (strcmp(method->name, "none") == 0)
560 continue;
561 if (method->enabled != NULL && *(method->enabled) != 0) {
562 if (list[0] != '\0')
563 strlcat(list, DELIM, size);
564 strlcat(list, method->name, size);
565 }
566 }
567 return list;
568}
569
570Authmethod *
571authmethod_lookup(const char *name)
572{
573 Authmethod *method = NULL;
574 if (name != NULL)
575 for (method = authmethods; method->name != NULL; method++)
576 if (method->enabled != NULL &&
577 *(method->enabled) != 0 &&
578 strcmp(name, method->name) == 0)
579 return method;
580 debug2("Unrecognized authentication method name: %s", name ? name : "NULL");
581 return NULL;
582}
583
584/* return 1 if user allows given key */
585int
586user_key_allowed(struct passwd *pw, Key *key)
587{
588 char line[8192], file[1024];
589 int found_key = 0;
590 FILE *f;
591 unsigned long linenum = 0;
592 struct stat st;
593 Key *found;
594
595 if (pw == NULL)
596 return 0;
597
598 /* Temporarily use the user's uid. */
599 temporarily_use_uid(pw->pw_uid);
600
601 /* The authorized keys. */
602 snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir,
603 SSH_USER_PERMITTED_KEYS2);
604
605 /* Fail quietly if file does not exist */
606 if (stat(file, &st) < 0) {
607 /* Restore the privileged uid. */
608 restore_uid();
609 return 0;
610 }
611 /* Open the file containing the authorized keys. */
612 f = fopen(file, "r");
613 if (!f) {
614 /* Restore the privileged uid. */
615 restore_uid();
616 return 0;
617 }
618 if (options.strict_modes) {
619 int fail = 0;
620 char buf[1024];
621 /* Check open file in order to avoid open/stat races */
622 if (fstat(fileno(f), &st) < 0 ||
623 (st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
624 (st.st_mode & 022) != 0) {
625 snprintf(buf, sizeof buf,
626 "%s authentication refused for %.100s: "
627 "bad ownership or modes for '%s'.",
628 key_type(key), pw->pw_name, file);
629 fail = 1;
630 } else {
631 /* Check path to SSH_USER_PERMITTED_KEYS */
632 int i;
633 static const char *check[] = {
634 "", SSH_USER_DIR, NULL
635 };
636 for (i = 0; check[i]; i++) {
637 snprintf(line, sizeof line, "%.500s/%.100s",
638 pw->pw_dir, check[i]);
639 if (stat(line, &st) < 0 ||
640 (st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
641 (st.st_mode & 022) != 0) {
642 snprintf(buf, sizeof buf,
643 "%s authentication refused for %.100s: "
644 "bad ownership or modes for '%s'.",
645 key_type(key), pw->pw_name, line);
646 fail = 1;
647 break;
648 }
649 }
650 }
651 if (fail) {
652 fclose(f);
653 log("%s",buf);
654 restore_uid();
655 return 0;
656 }
657 }
658 found_key = 0;
659 found = key_new(key->type);
660
661 while (fgets(line, sizeof(line), f)) {
662 char *cp, *options = NULL;
663 linenum++;
664 /* Skip leading whitespace, empty and comment lines. */
665 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
666 ;
667 if (!*cp || *cp == '\n' || *cp == '#')
668 continue;
669
670 if (key_read(found, &cp) == -1) {
671 /* no key? check if there are options for this key */
672 int quoted = 0;
673 debug2("user_key_allowed: check options: '%s'", cp);
674 options = cp;
675 for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
676 if (*cp == '\\' && cp[1] == '"')
677 cp++; /* Skip both */
678 else if (*cp == '"')
679 quoted = !quoted;
680 }
681 /* Skip remaining whitespace. */
682 for (; *cp == ' ' || *cp == '\t'; cp++)
683 ;
684 if (key_read(found, &cp) == -1) {
685 debug2("user_key_allowed: advance: '%s'", cp);
686 /* still no key? advance to next line*/
687 continue;
688 }
689 }
690 if (key_equal(found, key) &&
691 auth_parse_options(pw, options, linenum) == 1) {
692 found_key = 1;
693 debug("matching key found: file %s, line %ld",
694 file, linenum);
695 break;
696 }
697 }
698 restore_uid();
699 fclose(f);
700 key_free(found);
701 return found_key;
702}
703
704struct passwd *
705pwcopy(struct passwd *pw)
706{
707 struct passwd *copy = xmalloc(sizeof(*copy));
708 memset(copy, 0, sizeof(*copy));
709 copy->pw_name = xstrdup(pw->pw_name);
710 copy->pw_passwd = xstrdup(pw->pw_passwd);
711 copy->pw_uid = pw->pw_uid;
712 copy->pw_gid = pw->pw_gid;
713#ifdef HAVE_PW_CLASS_IN_PASSWD
714 copy->pw_class = xstrdup(pw->pw_class);
715#endif
716 copy->pw_dir = xstrdup(pw->pw_dir);
717 copy->pw_shell = xstrdup(pw->pw_shell);
718 return copy;
719}
git-cvsimport mirror of OpenSSH
This page took 0.301694 seconds and 5 git commands to generate.