- markus@cvs.openbsd.org 2001/04/17 19:34:25
[session.c]
move auth_approval to do_authenticated().
do_child(): nuke hostkeys from memory
don't source .ssh/rc for subsystems.
This commit is contained in:
Ben Lindstrom
parent
2b261b9035
commit
005dd22c97
|
|
@ -1,3 +1,10 @@
|
|||
20010418
|
||||
- OpenBSD CVS Sync
|
||||
- markus@cvs.openbsd.org 2001/04/17 19:34:25
|
||||
[session.c]
|
||||
move auth_approval to do_authenticated().
|
||||
do_child(): nuke hostkeys from memory
|
||||
don't source .ssh/rc for subsystems.
|
||||
20010417
|
||||
- (bal) Add perl5 check for HP/UX, Removed GNUness from Makefile.in
|
||||
and temporary commented out 'catman-do:' since it is broken. Patches
|
||||
|
|
@ -5145,4 +5152,4 @@
|
|||
- Wrote replacements for strlcpy and mkdtemp
|
||||
- Released 1.0pre1
|
||||
|
||||
$Id: ChangeLog,v 1.1135 2001/04/17 18:14:34 mouring Exp $
|
||||
$Id: ChangeLog,v 1.1136 2001/04/18 15:29:33 mouring Exp $
|
||||
|
|
|
|||
23
session.c
23
session.c
|
|
@ -33,7 +33,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: session.c,v 1.73 2001/04/16 08:19:31 djm Exp $");
|
||||
RCSID("$OpenBSD: session.c,v 1.74 2001/04/17 19:34:25 markus Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
|
|
@ -140,8 +140,8 @@ extern char *__progname;
|
|||
extern int log_stderr;
|
||||
extern int debug_flag;
|
||||
extern u_int utmp_len;
|
||||
|
||||
extern int startup_pipe;
|
||||
extern void destroy_sensitive_data(void);
|
||||
|
||||
/* Local Xauthority file. */
|
||||
static char *xauthfile;
|
||||
|
|
@ -179,6 +179,12 @@ do_authenticated(Authctxt *authctxt)
|
|||
error("unable to get login class");
|
||||
return;
|
||||
}
|
||||
#ifdef BSD_AUTH
|
||||
if (auth_approval(NULL, lc, authctxt->pw->pw_name, "ssh") <= 0) {
|
||||
packet_disconnect("Approval failure for %s",
|
||||
authctxt->pw->pw_name);
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
/* setup the channel layer */
|
||||
if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
|
||||
|
|
@ -1050,6 +1056,9 @@ do_child(Session *s, const char *command)
|
|||
#endif /* WITH_IRIX_ARRAY */
|
||||
#endif /* WITH_IRIX_JOBS */
|
||||
|
||||
/* remove hostkey from the child's memory */
|
||||
destroy_sensitive_data();
|
||||
|
||||
/* login(1) is only called if we execute the login shell */
|
||||
if (options.use_login && command != NULL)
|
||||
options.use_login = 0;
|
||||
|
|
@ -1097,13 +1106,6 @@ do_child(Session *s, const char *command)
|
|||
perror("unable to set user context");
|
||||
exit(1);
|
||||
}
|
||||
#ifdef BSD_AUTH
|
||||
if (auth_approval(NULL, lc, pw->pw_name, "ssh") <= 0) {
|
||||
error("approval failure for %s", pw->pw_name);
|
||||
fprintf(stderr, "Approval failure");
|
||||
exit(1);
|
||||
}
|
||||
#endif
|
||||
# else /* HAVE_LOGIN_CAP */
|
||||
#if defined(HAVE_GETLUID) && defined(HAVE_SETLUID)
|
||||
/* Sets login uid for accounting */
|
||||
|
|
@ -1389,7 +1391,8 @@ do_child(Session *s, const char *command)
|
|||
* in this order).
|
||||
*/
|
||||
if (!options.use_login) {
|
||||
if (stat(_PATH_SSH_USER_RC, &st) >= 0) {
|
||||
/* ignore _PATH_SSH_USER_RC for subsystems */
|
||||
if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
|
||||
if (debug_flag)
|
||||
fprintf(stderr, "Running %s %s\n", _PATH_BSHELL,
|
||||
_PATH_SSH_USER_RC);
|
||||
|
|
|
|||
Loading…
Reference in New Issue