- djm@cvs.openbsd.org 2010/01/30 02:54:53

[openssh.git] / auth.c

diff --git a/auth.c b/auth.c
index c2d298f1bf46dcca6afb44c88d69cb3684ccf285..da87807a80e00a1a04e728eb313c3c2cb926ddf2 100644 (file)
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.79 2008/07/02 12:03:51 dtucker Exp $ */
+/* $OpenBSD: auth.c,v 1.83 2010/01/13 23:47:26 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -49,6 +49,7 @@
 #include <stdarg.h>
 #include <stdio.h>
 #include <string.h>
+#include <unistd.h>
 
 #include "xmalloc.h"
 #include "match.h"
@@ -94,7 +95,7 @@ allowed_user(struct passwd * pw)
 {
        struct stat st;
        const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
-       char *shell;
+       char *shell, *tmp, *chroot_path;
        u_int i;
 #ifdef USE_SHADOW
        struct spwd *spw = NULL;
@@ -114,6 +115,7 @@ allowed_user(struct passwd * pw)
 #endif /* USE_SHADOW */
 
        /* grab passwd field for locked account check */
+       passwd = pw->pw_passwd;
 #ifdef USE_SHADOW
        if (spw != NULL)
 #ifdef USE_LIBIAF
@@ -121,8 +123,6 @@ allowed_user(struct passwd * pw)
 #else
                passwd = spw->sp_pwdp;
 #endif /* USE_LIBIAF */
-#else
-       passwd = pw->pw_passwd;
 #endif
 
        /* check for locked account */
@@ -156,20 +156,40 @@ allowed_user(struct passwd * pw)
         * Get the shell from the password data.  An empty shell field is
         * legal, and means /bin/sh.
         */
-       shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
+       shell = xstrdup((pw->pw_shell[0] == '\0') ?
+           _PATH_BSHELL : pw->pw_shell);
+
+       /*
+        * Amend shell if chroot is requested.
+        */
+       if (options.chroot_directory != NULL &&
+           strcasecmp(options.chroot_directory, "none") != 0) {
+               tmp = tilde_expand_filename(options.chroot_directory,
+                   pw->pw_uid);
+               chroot_path = percent_expand(tmp, "h", pw->pw_dir,
+                   "u", pw->pw_name, (char *)NULL);
+               xfree(tmp);
+               xasprintf(&tmp, "%s/%s", chroot_path, shell);
+               xfree(shell);
+               shell = tmp;
+               free(chroot_path);
+       }
 
        /* deny if shell does not exists or is not executable */
        if (stat(shell, &st) != 0) {
                logit("User %.100s not allowed because shell %.100s does not exist",
                    pw->pw_name, shell);
+               xfree(shell);
                return 0;
        }
        if (S_ISREG(st.st_mode) == 0 ||
            (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
                logit("User %.100s not allowed because shell %.100s is not executable",
                    pw->pw_name, shell);
+               xfree(shell);
                return 0;
        }
+       xfree(shell);
 
        if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
            options.num_deny_groups > 0 || options.num_allow_groups > 0) {
@@ -455,7 +475,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw,
                        return -1;
                }
 
-               /* If are passed the homedir then we can stop */
+               /* If are past the homedir then we can stop */
                if (comparehome && strcmp(homedir, buf) == 0) {
                        debug3("secure_filename: terminating check at '%s'",
                            buf);
@@ -483,8 +503,12 @@ auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes)
         * Open the file containing the authorized keys
         * Fail quietly if file does not exist
         */
-       if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1)
+       if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) {
+               if (errno != ENOENT)
+                       debug("Could not open keyfile '%s': %s", file,
+                          strerror(errno));
                return NULL;
+       }
 
        if (fstat(fd, &st) < 0) {
                close(fd);