diff options
| author | Colin Watson <cjwatson@debian.org> | 2013-05-07 11:47:26 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2013-05-07 11:47:26 +0100 |
| commit | 2ea3f720daeb1ca9f765365fce3a9546961fe624 (patch) | |
| tree | c4fb7d1f51fa51e7677232de806aae150e29e2ac /session.c | |
| parent | f5efcd3450bbf8261915e0c4a6f851229dddaa79 (diff) | |
| parent | ecebda56da46a03dafff923d91c382f31faa9eec (diff) | |
* New upstream release (http://www.openssh.com/txt/release-6.2).
- Add support for multiple required authentication in SSH protocol 2 via
an AuthenticationMethods option (closes: #195716).
- Fix Sophie Germain formula in moduli(5) (closes: #698612).
- Update ssh-copy-id to Phil Hands' greatly revised version (closes:
#99785, #322228, #620428; LP: #518883, #835901, #1074798).
Diffstat (limited to 'session.c')
| -rw-r--r-- | session.c | 14 |
1 files changed, 11 insertions, 3 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: session.c,v 1.260 2012/03/15 03:10:27 guenther Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.261 2012/12/02 20:46:11 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 4 | * All rights reserved | 4 | * All rights reserved |
| @@ -274,7 +274,10 @@ do_authenticated(Authctxt *authctxt) | |||
| 274 | setproctitle("%s", authctxt->pw->pw_name); | 274 | setproctitle("%s", authctxt->pw->pw_name); |
| 275 | 275 | ||
| 276 | /* setup the channel layer */ | 276 | /* setup the channel layer */ |
| 277 | if (!no_port_forwarding_flag && options.allow_tcp_forwarding) | 277 | if (no_port_forwarding_flag || |
| 278 | (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) | ||
| 279 | channel_disable_adm_local_opens(); | ||
| 280 | else | ||
| 278 | channel_permit_all_opens(); | 281 | channel_permit_all_opens(); |
| 279 | 282 | ||
| 280 | auth_debug_send(); | 283 | auth_debug_send(); |
| @@ -384,7 +387,7 @@ do_authenticated1(Authctxt *authctxt) | |||
| 384 | debug("Port forwarding not permitted for this authentication."); | 387 | debug("Port forwarding not permitted for this authentication."); |
| 385 | break; | 388 | break; |
| 386 | } | 389 | } |
| 387 | if (!options.allow_tcp_forwarding) { | 390 | if (!(options.allow_tcp_forwarding & FORWARD_REMOTE)) { |
| 388 | debug("Port forwarding not permitted."); | 391 | debug("Port forwarding not permitted."); |
| 389 | break; | 392 | break; |
| 390 | } | 393 | } |
| @@ -1526,6 +1529,11 @@ do_setusercontext(struct passwd *pw, const char *role) | |||
| 1526 | perror("unable to set user context (setuser)"); | 1529 | perror("unable to set user context (setuser)"); |
| 1527 | exit(1); | 1530 | exit(1); |
| 1528 | } | 1531 | } |
| 1532 | /* | ||
| 1533 | * FreeBSD's setusercontext() will not apply the user's | ||
| 1534 | * own umask setting unless running with the user's UID. | ||
| 1535 | */ | ||
| 1536 | (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); | ||
| 1529 | #else | 1537 | #else |
| 1530 | /* Permanently switch to the desired uid. */ | 1538 | /* Permanently switch to the desired uid. */ |
| 1531 | permanently_set_uid(pw); | 1539 | permanently_set_uid(pw); |