From 172baa8c32483bc6be115ef4dc7f74026dfc5f38 Mon Sep 17 00:00:00 2001
From: Jose <joserprg@gmail.com>
Date: Thu, 5 Dec 2019 16:52:57 -0400
Subject: [PATCH] Validate user/shell to prevent stuck login

---
 usr/local/share/bastille/console.sh | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/usr/local/share/bastille/console.sh b/usr/local/share/bastille/console.sh
index 536e46c..f0b11b3 100644
--- a/usr/local/share/bastille/console.sh
+++ b/usr/local/share/bastille/console.sh
@@ -57,10 +57,27 @@ if [ "${TARGET}" != 'ALL' ]; then
     JAILS=$(jls name | grep -w "${TARGET}")
 fi
 
+validate_user() {
+    if jexec -l ${_jail} id "${USER}" >/dev/null 2>&1; then
+        USER_SHELL="$(jexec -l ${_jail} getent passwd "${USER}" | cut -d: -f7)"
+        if [ -n "${USER_SHELL}" ]; then
+            if jexec -l ${_jail} grep -qwF "${USER_SHELL}" /etc/shells; then
+                jexec -l ${_jail} /usr/bin/login -f "${USER}"
+            else
+                echo "Invalid shell for user ${USER}"
+            fi
+        else
+            echo "User ${USER} has no shell"
+        fi
+    else
+        echo "Unknown user ${USER}"
+    fi
+}
+
 for _jail in ${JAILS}; do
     echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
     if [ ! -z "${USER}" ]; then
-        jexec -l ${_jail} /usr/bin/login -f "${USER}"
+        validate_user
     else
         jexec -l ${_jail} /usr/bin/login -f root
     fi