# # Currently, proftpd requires all users to have a non-empty shell # field in pwentry. However, it looks like the consensus is to # interpret a missing (undefined) shell in pwentry as /bin/sh. # The patch has been submitted to upstream: # https://github.com/proftpd/proftpd/pull/733 # --- a/configure.in +++ b/configure.in @@ -1746,7 +1746,7 @@ if test x"$ac_add_mod_cap" = xyes; then fi AC_CHECK_HEADERS(bstring.h crypt.h ctype.h execinfo.h iconv.h inttypes.h langinfo.h limits.h locale.h sasl/sasl.h) -AC_CHECK_HEADERS(string.h strings.h stropts.h) +AC_CHECK_HEADERS(paths.h string.h strings.h stropts.h) AC_CHECK_HEADERS(sys/file.h sys/mman.h sys/types.h sys/ucred.h sys/uio.h sys/socket.h) AC_MSG_CHECKING(for net/if.h) AC_TRY_COMPILE([ --- a/include/options.h +++ b/include/options.h @@ -254,4 +254,17 @@ # define PR_TUNABLE_FS_STATCACHE_MAX_AGE 3 #endif +/* default shell to use when shell member at pwentry is empty. */ +#ifdef HAVE_PATHS_H +# include + +# ifdef _PATH_BSHELL +# define PR_DEFAULT_SHELL _PATH_BSHELL +# else +# define PR_DEFAULT_SHELL "" +# endif +#else +# define PR_DEFAULT_SHELL "" +#endif + #endif /* PR_OPTIONS_H */ --- a/src/auth.c +++ b/src/auth.c @@ -1821,9 +1821,13 @@ int pr_auth_is_valid_shell(xaset_t *ctx, const char *shell) { int res = TRUE; unsigned char *require_valid_shell; - if (shell == NULL) { - return res; - } + /* + * if password entry for user account does not provide a shell, + * then we should assume a default one, which is defined + * at compile time. + */ + if ((shell == NULL) || (shell[0] == '\0')) + shell = PR_DEFAULT_SHELL; require_valid_shell = get_param_ptr(ctx, "RequireValidShell", FALSE);