tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2001/04/17 19:34:25 

[session.c]
     move auth_approval to do_authenticated().
     do_child(): nuke hostkeys from memory
     don't source .ssh/rc for subsystems.
This commit is contained in:
Ben Lindstrom 2001-04-18 15:29:33 +00:00
parent 2b261b9035
commit 005dd22c97
2 changed files with 21 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ChangeLog
View File

@ -1,3 +1,10 @@
20010418
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/04/17 19:34:25
[session.c]
move auth_approval to do_authenticated().
do_child(): nuke hostkeys from memory
don't source .ssh/rc for subsystems.
20010417 20010417
- (bal) Add perl5 check for HP/UX, Removed GNUness from Makefile.in - (bal) Add perl5 check for HP/UX, Removed GNUness from Makefile.in
and temporary commented out 'catman-do:' since it is broken. Patches and temporary commented out 'catman-do:' since it is broken. Patches
@ -5145,4 +5152,4 @@
- Wrote replacements for strlcpy and mkdtemp - Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1 - Released 1.0pre1
$Id: ChangeLog,v 1.1135 2001/04/17 18:14:34 mouring Exp $ $Id: ChangeLog,v 1.1136 2001/04/18 15:29:33 mouring Exp $

23
session.c
View File

@ -33,7 +33,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: session.c,v 1.73 2001/04/16 08:19:31 djm Exp $"); RCSID("$OpenBSD: session.c,v 1.74 2001/04/17 19:34:25 markus Exp $");
#include "ssh.h" #include "ssh.h"
#include "ssh1.h" #include "ssh1.h"
@ -140,8 +140,8 @@ extern char *__progname;
extern int log_stderr; extern int log_stderr;
extern int debug_flag; extern int debug_flag;
extern u_int utmp_len; extern u_int utmp_len;
extern int startup_pipe; extern int startup_pipe;
extern void destroy_sensitive_data(void);
/* Local Xauthority file. */ /* Local Xauthority file. */
static char *xauthfile; static char *xauthfile;
@ -179,6 +179,12 @@ do_authenticated(Authctxt *authctxt)
error("unable to get login class"); error("unable to get login class");
return; return;
} }
#ifdef BSD_AUTH
if (auth_approval(NULL, lc, authctxt->pw->pw_name, "ssh") <= 0) {
packet_disconnect("Approval failure for %s",
authctxt->pw->pw_name);
}
#endif
#endif #endif
/* setup the channel layer */ /* setup the channel layer */
if (!no_port_forwarding_flag && options.allow_tcp_forwarding) if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
@ -1050,6 +1056,9 @@ do_child(Session *s, const char *command)
#endif /* WITH_IRIX_ARRAY */ #endif /* WITH_IRIX_ARRAY */
#endif /* WITH_IRIX_JOBS */ #endif /* WITH_IRIX_JOBS */
/* remove hostkey from the child's memory */
destroy_sensitive_data();
/* login(1) is only called if we execute the login shell */ /* login(1) is only called if we execute the login shell */
if (options.use_login && command != NULL) if (options.use_login && command != NULL)
options.use_login = 0; options.use_login = 0;
@ -1097,13 +1106,6 @@ do_child(Session *s, const char *command)
perror("unable to set user context"); perror("unable to set user context");
exit(1); exit(1);
} }
#ifdef BSD_AUTH
if (auth_approval(NULL, lc, pw->pw_name, "ssh") <= 0) {
error("approval failure for %s", pw->pw_name);
fprintf(stderr, "Approval failure");
exit(1);
}
#endif
# else /* HAVE_LOGIN_CAP */ # else /* HAVE_LOGIN_CAP */
#if defined(HAVE_GETLUID) && defined(HAVE_SETLUID) #if defined(HAVE_GETLUID) && defined(HAVE_SETLUID)
/* Sets login uid for accounting */ /* Sets login uid for accounting */
@ -1389,7 +1391,8 @@ do_child(Session *s, const char *command)
* in this order). * in this order).
*/ */
if (!options.use_login) { if (!options.use_login) {
if (stat(_PATH_SSH_USER_RC, &st) >= 0) { /* ignore _PATH_SSH_USER_RC for subsystems */
if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
if (debug_flag) if (debug_flag)
fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, fprintf(stderr, "Running %s %s\n", _PATH_BSHELL,
_PATH_SSH_USER_RC); _PATH_SSH_USER_RC);