#
# Currently, proftpd requires all users to have a non-empty shell
# field in pwentry. However, it looks like the consensus is to
# interpret a missing (undefined) shell in pwentry as /bin/sh.
# The patch has been submitted to upstream:
#	https://github.com/proftpd/proftpd/pull/733
#
--- a/configure.in
+++ b/configure.in
@@ -1582,7 +1582,7 @@ if test x"$ac_add_mod_cap" = xyes; then
 fi
 
 AC_CHECK_HEADERS(bstring.h crypt.h ctype.h execinfo.h iconv.h inttypes.h langinfo.h limits.h locale.h)
-AC_CHECK_HEADERS(string.h strings.h stropts.h)
+AC_CHECK_HEADERS(paths.h string.h strings.h stropts.h)
 AC_CHECK_HEADERS(sys/file.h sys/mman.h sys/types.h sys/ucred.h sys/uio.h sys/socket.h)
 AC_MSG_CHECKING(for net/if.h)
 AC_TRY_COMPILE([
--- a/include/options.h
+++ b/include/options.h
@@ -254,4 +254,17 @@
 # define PR_TUNABLE_FS_STATCACHE_MAX_AGE	30
 #endif
 
+/* default shell to use when shell member at pwentry is empty. */
+#ifdef	HAVE_PATHS_H
+# include <paths.h>
+
+# ifdef	_PATH_BSHELL
+#  define	PR_DEFAULT_SHELL	_PATH_BSHELL
+# else
+#  define	PR_DEFAULT_SHELL	""
+# endif
+#else
+# define	PR_DEFAULT_SHELL	""
+#endif
+
 #endif /* PR_OPTIONS_H */
--- a/src/auth.c
+++ b/src/auth.c
@@ -1860,9 +1860,13 @@ int pr_auth_is_valid_shell(xaset_t *ctx, const char *shell) {
   int res = TRUE;
   unsigned char *require_valid_shell;
 
-  if (shell == NULL) {
-    return res;
-  }
+  /*
+   * if password entry for user account does not provide a shell,
+   * then we should assume a default one, which is defined
+   * at compile time.
+   */
+  if ((shell == NULL) || (shell[0] == '\0'))
+    shell = PR_DEFAULT_SHELL;
 
   require_valid_shell = get_param_ptr(ctx, "RequireValidShell", FALSE);