summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-04-18 15:29:33 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-04-18 15:29:33 +0000
commit005dd22c97239f8814319daff6a41469158bd495 (patch)
tree8c7e1d5b5455e8b2baaf4780cbd3270d3edd13f2
parent2b261b9035031f5319c4694a0f2c9a5deeb9d906 (diff)
- markus@cvs.openbsd.org 2001/04/17 19:34:25
[session.c] move auth_approval to do_authenticated(). do_child(): nuke hostkeys from memory don't source .ssh/rc for subsystems.
-rw-r--r--ChangeLog9
-rw-r--r--session.c23
2 files changed, 21 insertions, 11 deletions
diff --git a/ChangeLog b/ChangeLog
index d0b761fec..b83507e01 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
120010418
2 - OpenBSD CVS Sync
3 - markus@cvs.openbsd.org 2001/04/17 19:34:25
4 [session.c]
5 move auth_approval to do_authenticated().
6 do_child(): nuke hostkeys from memory
7 don't source .ssh/rc for subsystems.
120010417 820010417
2 - (bal) Add perl5 check for HP/UX, Removed GNUness from Makefile.in 9 - (bal) Add perl5 check for HP/UX, Removed GNUness from Makefile.in
3 and temporary commented out 'catman-do:' since it is broken. Patches 10 and temporary commented out 'catman-do:' since it is broken. Patches
@@ -5145,4 +5152,4 @@
5145 - Wrote replacements for strlcpy and mkdtemp 5152 - Wrote replacements for strlcpy and mkdtemp
5146 - Released 1.0pre1 5153 - Released 1.0pre1
5147 5154
5148$Id: ChangeLog,v 1.1135 2001/04/17 18:14:34 mouring Exp $ 5155$Id: ChangeLog,v 1.1136 2001/04/18 15:29:33 mouring Exp $
diff --git a/session.c b/session.c
index 4580c3025..3960c9f25 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
33 */ 33 */
34 34
35#include "includes.h" 35#include "includes.h"
36RCSID("$OpenBSD: session.c,v 1.73 2001/04/16 08:19:31 djm Exp $"); 36RCSID("$OpenBSD: session.c,v 1.74 2001/04/17 19:34:25 markus Exp $");
37 37
38#include "ssh.h" 38#include "ssh.h"
39#include "ssh1.h" 39#include "ssh1.h"
@@ -140,8 +140,8 @@ extern char *__progname;
140extern int log_stderr; 140extern int log_stderr;
141extern int debug_flag; 141extern int debug_flag;
142extern u_int utmp_len; 142extern u_int utmp_len;
143
144extern int startup_pipe; 143extern int startup_pipe;
144extern void destroy_sensitive_data(void);
145 145
146/* Local Xauthority file. */ 146/* Local Xauthority file. */
147static char *xauthfile; 147static char *xauthfile;
@@ -179,6 +179,12 @@ do_authenticated(Authctxt *authctxt)
179 error("unable to get login class"); 179 error("unable to get login class");
180 return; 180 return;
181 } 181 }
182#ifdef BSD_AUTH
183 if (auth_approval(NULL, lc, authctxt->pw->pw_name, "ssh") <= 0) {
184 packet_disconnect("Approval failure for %s",
185 authctxt->pw->pw_name);
186 }
187#endif
182#endif 188#endif
183 /* setup the channel layer */ 189 /* setup the channel layer */
184 if (!no_port_forwarding_flag && options.allow_tcp_forwarding) 190 if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
@@ -1050,6 +1056,9 @@ do_child(Session *s, const char *command)
1050#endif /* WITH_IRIX_ARRAY */ 1056#endif /* WITH_IRIX_ARRAY */
1051#endif /* WITH_IRIX_JOBS */ 1057#endif /* WITH_IRIX_JOBS */
1052 1058
1059 /* remove hostkey from the child's memory */
1060 destroy_sensitive_data();
1061
1053 /* login(1) is only called if we execute the login shell */ 1062 /* login(1) is only called if we execute the login shell */
1054 if (options.use_login && command != NULL) 1063 if (options.use_login && command != NULL)
1055 options.use_login = 0; 1064 options.use_login = 0;
@@ -1097,13 +1106,6 @@ do_child(Session *s, const char *command)
1097 perror("unable to set user context"); 1106 perror("unable to set user context");
1098 exit(1); 1107 exit(1);
1099 } 1108 }
1100#ifdef BSD_AUTH
1101 if (auth_approval(NULL, lc, pw->pw_name, "ssh") <= 0) {
1102 error("approval failure for %s", pw->pw_name);
1103 fprintf(stderr, "Approval failure");
1104 exit(1);
1105 }
1106#endif
1107# else /* HAVE_LOGIN_CAP */ 1109# else /* HAVE_LOGIN_CAP */
1108#if defined(HAVE_GETLUID) && defined(HAVE_SETLUID) 1110#if defined(HAVE_GETLUID) && defined(HAVE_SETLUID)
1109 /* Sets login uid for accounting */ 1111 /* Sets login uid for accounting */
@@ -1389,7 +1391,8 @@ do_child(Session *s, const char *command)
1389 * in this order). 1391 * in this order).
1390 */ 1392 */
1391 if (!options.use_login) { 1393 if (!options.use_login) {
1392 if (stat(_PATH_SSH_USER_RC, &st) >= 0) { 1394 /* ignore _PATH_SSH_USER_RC for subsystems */
1395 if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
1393 if (debug_flag) 1396 if (debug_flag)
1394 fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, 1397 fprintf(stderr, "Running %s %s\n", _PATH_BSHELL,
1395 _PATH_SSH_USER_RC); 1398 _PATH_SSH_USER_RC);