summaryrefslogtreecommitdiff
path: root/session.c
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-04-18 15:29:33 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-04-18 15:29:33 +0000
commit005dd22c97239f8814319daff6a41469158bd495 (patch)
tree8c7e1d5b5455e8b2baaf4780cbd3270d3edd13f2 /session.c
parent2b261b9035031f5319c4694a0f2c9a5deeb9d906 (diff)
- markus@cvs.openbsd.org 2001/04/17 19:34:25
[session.c] move auth_approval to do_authenticated(). do_child(): nuke hostkeys from memory don't source .ssh/rc for subsystems.
Diffstat (limited to 'session.c')
-rw-r--r--session.c23
1 files changed, 13 insertions, 10 deletions
diff --git a/session.c b/session.c
index 4580c3025..3960c9f25 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
33 */ 33 */
34 34
35#include "includes.h" 35#include "includes.h"
36RCSID("$OpenBSD: session.c,v 1.73 2001/04/16 08:19:31 djm Exp $"); 36RCSID("$OpenBSD: session.c,v 1.74 2001/04/17 19:34:25 markus Exp $");
37 37
38#include "ssh.h" 38#include "ssh.h"
39#include "ssh1.h" 39#include "ssh1.h"
@@ -140,8 +140,8 @@ extern char *__progname;
140extern int log_stderr; 140extern int log_stderr;
141extern int debug_flag; 141extern int debug_flag;
142extern u_int utmp_len; 142extern u_int utmp_len;
143
144extern int startup_pipe; 143extern int startup_pipe;
144extern void destroy_sensitive_data(void);
145 145
146/* Local Xauthority file. */ 146/* Local Xauthority file. */
147static char *xauthfile; 147static char *xauthfile;
@@ -179,6 +179,12 @@ do_authenticated(Authctxt *authctxt)
179 error("unable to get login class"); 179 error("unable to get login class");
180 return; 180 return;
181 } 181 }
182#ifdef BSD_AUTH
183 if (auth_approval(NULL, lc, authctxt->pw->pw_name, "ssh") <= 0) {
184 packet_disconnect("Approval failure for %s",
185 authctxt->pw->pw_name);
186 }
187#endif
182#endif 188#endif
183 /* setup the channel layer */ 189 /* setup the channel layer */
184 if (!no_port_forwarding_flag && options.allow_tcp_forwarding) 190 if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
@@ -1050,6 +1056,9 @@ do_child(Session *s, const char *command)
1050#endif /* WITH_IRIX_ARRAY */ 1056#endif /* WITH_IRIX_ARRAY */
1051#endif /* WITH_IRIX_JOBS */ 1057#endif /* WITH_IRIX_JOBS */
1052 1058
1059 /* remove hostkey from the child's memory */
1060 destroy_sensitive_data();
1061
1053 /* login(1) is only called if we execute the login shell */ 1062 /* login(1) is only called if we execute the login shell */
1054 if (options.use_login && command != NULL) 1063 if (options.use_login && command != NULL)
1055 options.use_login = 0; 1064 options.use_login = 0;
@@ -1097,13 +1106,6 @@ do_child(Session *s, const char *command)
1097 perror("unable to set user context"); 1106 perror("unable to set user context");
1098 exit(1); 1107 exit(1);
1099 } 1108 }
1100#ifdef BSD_AUTH
1101 if (auth_approval(NULL, lc, pw->pw_name, "ssh") <= 0) {
1102 error("approval failure for %s", pw->pw_name);
1103 fprintf(stderr, "Approval failure");
1104 exit(1);
1105 }
1106#endif
1107# else /* HAVE_LOGIN_CAP */ 1109# else /* HAVE_LOGIN_CAP */
1108#if defined(HAVE_GETLUID) && defined(HAVE_SETLUID) 1110#if defined(HAVE_GETLUID) && defined(HAVE_SETLUID)
1109 /* Sets login uid for accounting */ 1111 /* Sets login uid for accounting */
@@ -1389,7 +1391,8 @@ do_child(Session *s, const char *command)
1389 * in this order). 1391 * in this order).
1390 */ 1392 */
1391 if (!options.use_login) { 1393 if (!options.use_login) {
1392 if (stat(_PATH_SSH_USER_RC, &st) >= 0) { 1394 /* ignore _PATH_SSH_USER_RC for subsystems */
1395 if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
1393 if (debug_flag) 1396 if (debug_flag)
1394 fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, 1397 fprintf(stderr, "Running %s %s\n", _PATH_BSHELL,
1395 _PATH_SSH_USER_RC); 1398 _PATH_SSH_USER_RC);
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-30 11:44:23 +0000