I was encountering a strange message about "faked authloop for illegal
user". It turned out the allowed_user function was disallowing passwd
entries with a blank shell field, which is supposed to be equivalent
to "/bin/sh".
This patch is based on OpenSSH 1.2.3, and I have tested it on
Slackware 7.0.
--- sshd.old Wed Apr 12 23:47:04 2000
+++ sshd.c Thu Apr 13 00:35:54 2000
@@ -1121,6 +1121,7 @@
struct stat st;
struct group *grp;
int i;
+ char *shell;
#ifdef WITH_AIXAUTHENTICATE
char *loginmsg;
#endif /* WITH_AIXAUTHENTICATE */
@@ -1130,7 +1131,12 @@
return 0;
/* deny if shell does not exists or is not executable */
- if (stat(pw->pw_shell, &st) != 0)
+ /* first make sure that "" == "/bin/sh", as specified in passwd(5) */
+ if (!pw->pw_shell || !strlen(pw->pw_shell))
+ shell = _PATH_BSHELL;
+ else
+ shell = pw->pw_shell;
+ if (stat(shell, &st) != 0)
return 0;
if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP))))
return 0;
--
vsync
http://quadium.net/
Orjner.
user". It turned out the allowed_user function was disallowing passwd
entries with a blank shell field, which is supposed to be equivalent
to "/bin/sh".
This patch is based on OpenSSH 1.2.3, and I have tested it on
Slackware 7.0.
--- sshd.old Wed Apr 12 23:47:04 2000
+++ sshd.c Thu Apr 13 00:35:54 2000
@@ -1121,6 +1121,7 @@
struct stat st;
struct group *grp;
int i;
+ char *shell;
#ifdef WITH_AIXAUTHENTICATE
char *loginmsg;
#endif /* WITH_AIXAUTHENTICATE */
@@ -1130,7 +1131,12 @@
return 0;
/* deny if shell does not exists or is not executable */
- if (stat(pw->pw_shell, &st) != 0)
+ /* first make sure that "" == "/bin/sh", as specified in passwd(5) */
+ if (!pw->pw_shell || !strlen(pw->pw_shell))
+ shell = _PATH_BSHELL;
+ else
+ shell = pw->pw_shell;
+ if (stat(shell, &st) != 0)
return 0;
if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP))))
return 0;
--
vsync
http://quadium.net/
Orjner.