2 files changed, 25 insertions, 36 deletions
diff --git a/ChangeLog b/ChangeLog
index 872f06e9f..db0b19df4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -27,6 +27,10 @@
   - djm@cvs.openbsd.org 2010/02/09 03:56:28
     [buffer.c buffer.h]
     constify the arguments to buffer_len, buffer_ptr and buffer_dump
+   - djm@cvs.openbsd.org 2010/02/09 06:18:46
+     [auth.c]
+     unbreak ChrootDirectory+internal-sftp by skipping check for executable
+     shell when chrooting; reported by danh AT wzrd.com; ok dtucker@
 20100210
 - (djm) add -lselinux to LIBS before calling AC_CHECK_FUNCS for
diff --git a/auth.c b/auth.c
index da87807a8..3005f815e 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.83 2010/01/13 23:47:26 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.84 2010/02/09 06:18:46 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -95,7 +95,6 @@ allowed_user(struct passwd * pw)
 {
        struct stat st;
        const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
-        char *shell, *tmp, *chroot_path;
        u_int i;
 #ifdef USE_SHADOW
        struct spwd *spw = NULL;
@@ -153,43 +152,29 @@ allowed_user(struct passwd * pw)
        }
        /*
-         * Get the shell from the password data.  An empty shell field is
+         * Deny if shell does not exist or is not executable unless we
-         * legal, and means /bin/sh.
+         * are chrooting.
         */
-        shell = xstrdup((pw->pw_shell[0] == '\0') ?
+        if (options.chroot_directory == NULL ||
-            _PATH_BSHELL : pw->pw_shell);
+            strcasecmp(options.chroot_directory, "none") == 0) {
+                char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
-        /*
+                    _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */
-         * Amend shell if chroot is requested.
-         */
+                if (stat(shell, &st) != 0) {
-        if (options.chroot_directory != NULL &&
+                        logit("User %.100s not allowed because shell %.100s "
-            strcasecmp(options.chroot_directory, "none") != 0) {
+                            "does not exist", pw->pw_name, shell);
-                tmp = tilde_expand_filename(options.chroot_directory,
+                        xfree(shell);
-                    pw->pw_uid);
+                        return 0;
-                chroot_path = percent_expand(tmp, "h", pw->pw_dir,
+                }
-                    "u", pw->pw_name, (char *)NULL);
+                if (S_ISREG(st.st_mode) == 0 ||
-                xfree(tmp);
+                    (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
-                xasprintf(&tmp, "%s/%s", chroot_path, shell);
+                        logit("User %.100s not allowed because shell %.100s "
-                xfree(shell);
+                            "is not executable", pw->pw_name, shell);
-                shell = tmp;
+                        xfree(shell);
-                free(chroot_path);
+                        return 0;
-        }
+                }
-        /* deny if shell does not exists or is not executable */
-        if (stat(shell, &st) != 0) {
-                logit("User %.100s not allowed because shell %.100s does not exist",
-                    pw->pw_name, shell);
-                xfree(shell);
-                return 0;
-        }
-        if (S_ISREG(st.st_mode) == 0 ||
-            (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
-                logit("User %.100s not allowed because shell %.100s is not executable",
-                    pw->pw_name, shell);
                xfree(shell);
-                return 0;
        }
-        xfree(shell);
        if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
            options.num_deny_groups > 0 || options.num_allow_groups > 0) {

diff --git a/ChangeLog b/ChangeLog index 872f06e9f..db0b19df4 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -27,6 +27,10 @@
27	- djm@cvs.openbsd.org 2010/02/09 03:56:28	27	- djm@cvs.openbsd.org 2010/02/09 03:56:28
28	[buffer.c buffer.h]	28	[buffer.c buffer.h]
29	constify the arguments to buffer_len, buffer_ptr and buffer_dump	29	constify the arguments to buffer_len, buffer_ptr and buffer_dump
		30	- djm@cvs.openbsd.org 2010/02/09 06:18:46
		31	[auth.c]
		32	unbreak ChrootDirectory+internal-sftp by skipping check for executable
		33	shell when chrooting; reported by danh AT wzrd.com; ok dtucker@
30		34
31	20100210	35	20100210
32	- (djm) add -lselinux to LIBS before calling AC_CHECK_FUNCS for	36	- (djm) add -lselinux to LIBS before calling AC_CHECK_FUNCS for


diff --git a/auth.c b/auth.c index da87807a8..3005f815e 100644 --- a/auth.c +++ b/auth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: auth.c,v 1.83 2010/01/13 23:47:26 djm Exp $ */	1	/* $OpenBSD: auth.c,v 1.84 2010/02/09 06:18:46 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	*	4	*
@@ -95,7 +95,6 @@ allowed_user(struct passwd * pw)
95	{	95	{
96	struct stat st;	96	struct stat st;
97	const char hostname = NULL, ipaddr = NULL, *passwd = NULL;	97	const char hostname = NULL, ipaddr = NULL, *passwd = NULL;
98	char shell, tmp, *chroot_path;
99	u_int i;	98	u_int i;
100	#ifdef USE_SHADOW	99	#ifdef USE_SHADOW
101	struct spwd *spw = NULL;	100	struct spwd *spw = NULL;
@@ -153,43 +152,29 @@ allowed_user(struct passwd * pw)
153	}	152	}
154		153
155	/*	154	/*
156	* Get the shell from the password data. An empty shell field is	155	* Deny if shell does not exist or is not executable unless we
157	* legal, and means /bin/sh.	156	* are chrooting.
158	*/	157	*/
159	shell = xstrdup((pw->pw_shell[0] == '\0') ?	158	if (options.chroot_directory == NULL \|\|
160	_PATH_BSHELL : pw->pw_shell);	159	strcasecmp(options.chroot_directory, "none") == 0) {
161		160	char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
162	/*	161	_PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */
163	* Amend shell if chroot is requested.	162
164	*/	163	if (stat(shell, &st) != 0) {
165	if (options.chroot_directory != NULL &&	164	logit("User %.100s not allowed because shell %.100s "
166	strcasecmp(options.chroot_directory, "none") != 0) {	165	"does not exist", pw->pw_name, shell);
167	tmp = tilde_expand_filename(options.chroot_directory,	166	xfree(shell);
168	pw->pw_uid);	167	return 0;
169	chroot_path = percent_expand(tmp, "h", pw->pw_dir,	168	}
170	"u", pw->pw_name, (char *)NULL);	169	if (S_ISREG(st.st_mode) == 0 \|\|
171	xfree(tmp);	170	(st.st_mode & (S_IXOTH\|S_IXUSR\|S_IXGRP)) == 0) {
172	xasprintf(&tmp, "%s/%s", chroot_path, shell);	171	logit("User %.100s not allowed because shell %.100s "
173	xfree(shell);	172	"is not executable", pw->pw_name, shell);
174	shell = tmp;	173	xfree(shell);
175	free(chroot_path);	174	return 0;
176	}	175	}
177
178	/* deny if shell does not exists or is not executable */
179	if (stat(shell, &st) != 0) {
180	logit("User %.100s not allowed because shell %.100s does not exist",
181	pw->pw_name, shell);
182	xfree(shell);
183	return 0;
184	}
185	if (S_ISREG(st.st_mode) == 0 \|\|
186	(st.st_mode & (S_IXOTH\|S_IXUSR\|S_IXGRP)) == 0) {
187	logit("User %.100s not allowed because shell %.100s is not executable",
188	pw->pw_name, shell);
189	xfree(shell);	176	xfree(shell);
190	return 0;
191	}	177	}
192	xfree(shell);
193		178
194	if (options.num_deny_users > 0 \|\| options.num_allow_users > 0 \|\|	179	if (options.num_deny_users > 0 \|\| options.num_allow_users > 0 \|\|
195	options.num_deny_groups > 0 \|\| options.num_allow_groups > 0) {	180	options.num_deny_groups > 0 \|\| options.num_allow_groups > 0) {