upstream commit

remove UseLogin option and support for having /bin/login manage login sessions; ok deraadt markus dtucker Upstream-ID: bea7213fbf158efab7e602d9d844fba4837d2712
author: djm@openbsd.org <djm@openbsd.org> 2016-08-19 03:18:06 +0000
committer: Damien Miller <djm@mindrot.org> 2016-08-23 14:29:07 +1000
commit: 83b581862a1dbb06fc859959f829dde2654aef3c (patch)
tree: fc8569112cdf47a9f27fc778ab9bf9d4fecdcfbb /session.c
parent: ffe6549c2f7a999cc5264b873a60322e91862581 (diff)
1 files changed, 61 insertions, 110 deletions
diff --git a/session.c b/session.c
index 9bad653fc..fcfa80000 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.283 2016/08/13 17:47:41 markus Exp $ */
+/* $OpenBSD: session.c,v 1.284 2016/08/19 03:18:06 djm Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -544,7 +544,7 @@ do_exec_pty(Session *s, const char *command)
                /* record login, etc. similar to login(1) */
 #ifndef HAVE_OSF_SIA
-                if (!(options.use_login && command == NULL)) {
+                if (command != NULL) {
 #ifdef _UNICOS
                        cray_init_job(s->pw); /* set up cray jid and tmpdir */
 #endif /* _UNICOS */
@@ -1019,69 +1019,63 @@ do_setup_env(Session *s, const char *shell)
        ssh_gssapi_do_child(&env, &envsize);
 #endif
-        if (!options.use_login) {
+        /* Set basic environment. */
-                /* Set basic environment. */
+        for (i = 0; i < s->num_env; i++)
-                for (i = 0; i < s->num_env; i++)
+                child_set_env(&env, &envsize, s->env[i].name, s->env[i].val);
-                        child_set_env(&env, &envsize, s->env[i].name,
-                            s->env[i].val);
-                child_set_env(&env, &envsize, "USER", pw->pw_name);
+        child_set_env(&env, &envsize, "USER", pw->pw_name);
-                child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
+        child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
 #ifdef _AIX
-                child_set_env(&env, &envsize, "LOGIN", pw->pw_name);
+        child_set_env(&env, &envsize, "LOGIN", pw->pw_name);
 #endif
-                child_set_env(&env, &envsize, "HOME", pw->pw_dir);
+        child_set_env(&env, &envsize, "HOME", pw->pw_dir);
 #ifdef HAVE_LOGIN_CAP
-                if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)
+        if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)
-                        child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
+                child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
-                else
+        else
-                        child_set_env(&env, &envsize, "PATH", getenv("PATH"));
+                child_set_env(&env, &envsize, "PATH", getenv("PATH"));
 #else /* HAVE_LOGIN_CAP */
 # ifndef HAVE_CYGWIN
-                /*
+        /*
-                 * There's no standard path on Windows. The path contains
+         * There's no standard path on Windows. The path contains
-                 * important components pointing to the system directories,
+         * important components pointing to the system directories,
-                 * needed for loading shared libraries. So the path better
+         * needed for loading shared libraries. So the path better
-                 * remains intact here.
+         * remains intact here.
-                 */
+         */
 #  ifdef HAVE_ETC_DEFAULT_LOGIN
-                read_etc_default_login(&env, &envsize, pw->pw_uid);
+        read_etc_default_login(&env, &envsize, pw->pw_uid);
-                path = child_get_env(env, "PATH");
+        path = child_get_env(env, "PATH");
 #  endif /* HAVE_ETC_DEFAULT_LOGIN */
-                if (path == NULL || *path == '\0') {
+        if (path == NULL || *path == '\0') {
-                        child_set_env(&env, &envsize, "PATH",
+                child_set_env(&env, &envsize, "PATH",
-                            s->pw->pw_uid == 0 ?
+                    s->pw->pw_uid == 0 ?  SUPERUSER_PATH : _PATH_STDPATH);
-                                SUPERUSER_PATH : _PATH_STDPATH);
+        }
-                }
 # endif /* HAVE_CYGWIN */
 #endif /* HAVE_LOGIN_CAP */
-                snprintf(buf, sizeof buf, "%.200s/%.50s",
+        snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name);
-                         _PATH_MAILDIR, pw->pw_name);
+        child_set_env(&env, &envsize, "MAIL", buf);
-                child_set_env(&env, &envsize, "MAIL", buf);
+        /* Normal systems set SHELL by default. */
+        child_set_env(&env, &envsize, "SHELL", shell);
-                /* Normal systems set SHELL by default. */
-                child_set_env(&env, &envsize, "SHELL", shell);
-        }
        if (getenv("TZ"))
                child_set_env(&env, &envsize, "TZ", getenv("TZ"));
        /* Set custom environment options from RSA authentication. */
-        if (!options.use_login) {
+        while (custom_environment) {
-                while (custom_environment) {
+                struct envstring *ce = custom_environment;
-                        struct envstring *ce = custom_environment;
+                char *str = ce->s;
-                        char *str = ce->s;
+                for (i = 0; str[i] != '=' && str[i]; i++)
-                        for (i = 0; str[i] != '=' && str[i]; i++)
+                        ;
-                                ;
+                if (str[i] == '=') {
-                        if (str[i] == '=') {
+                        str[i] = 0;
-                                str[i] = 0;
+                        child_set_env(&env, &envsize, str, str + i + 1);
-                                child_set_env(&env, &envsize, str, str + i + 1);
-                        }
-                        custom_environment = ce->next;
-                        free(ce->s);
-                        free(ce);
                }
+                custom_environment = ce->next;
+                free(ce->s);
+                free(ce);
        }
        /* SSH_CLIENT deprecated */
@@ -1143,7 +1137,7 @@ do_setup_env(Session *s, const char *shell)
         * Pull in any environment variables that may have
         * been set by PAM.
         */
-        if (options.use_pam && !options.use_login) {
+        if (options.use_pam) {
                char **p;
                p = fetch_pam_child_environment();
@@ -1161,7 +1155,7 @@ do_setup_env(Session *s, const char *shell)
                    auth_sock_name);
        /* read $HOME/.ssh/environment. */
-        if (options.permit_user_env && !options.use_login) {
+        if (options.permit_user_env) {
                snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
                    strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
                read_environment_file(&env, &envsize, buf);
@@ -1443,27 +1437,6 @@ do_pwchange(Session *s)
 }
 static void
-launch_login(struct passwd *pw, const char *hostname)
-{
-        /* Launch login(1). */
-        execl(LOGIN_PROGRAM, "login", "-h", hostname,
-#ifdef xxxLOGIN_NEEDS_TERM
-                    (s->term ? s->term : "unknown"),
-#endif /* LOGIN_NEEDS_TERM */
-#ifdef LOGIN_NO_ENDOPT
-            "-p", "-f", pw->pw_name, (char *)NULL);
-#else
-            "-p", "-f", "--", pw->pw_name, (char *)NULL);
-#endif
-        /* Login couldn't be executed, die. */
-        perror("login");
-        exit(1);
-}
-static void
 child_close_fds(void)
 {
        extern int auth_sock;
@@ -1510,11 +1483,10 @@ child_close_fds(void)
 void
 do_child(Session *s, const char *command)
 {
-        struct ssh *ssh = active_state; /* XXX */
        extern char **environ;
        char **env;
        char *argv[ARGV_MAX];
-        const char *shell, *shell0, *hostname = NULL;
+        const char *shell, *shell0;
        struct passwd *pw = s->pw;
        int r = 0;
@@ -1529,10 +1501,6 @@ do_child(Session *s, const char *command)
                exit(1);
        }
-        /* login(1) is only called if we execute the login shell */
-        if (options.use_login && command != NULL)
-                options.use_login = 0;
 #ifdef _UNICOS
        cray_setup(pw->pw_uid, pw->pw_name, command);
 #endif /* _UNICOS */
@@ -1541,28 +1509,26 @@ do_child(Session *s, const char *command)
         * Login(1) does this as well, and it needs uid 0 for the "-h"
         * switch, so we let login(1) to this for us.
         */
-        if (!options.use_login) {
 #ifdef HAVE_OSF_SIA
-                session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty);
+        session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty);
-                if (!check_quietlogin(s, command))
+        if (!check_quietlogin(s, command))
-                        do_motd();
+                do_motd();
 #else /* HAVE_OSF_SIA */
-                /* When PAM is enabled we rely on it to do the nologin check */
+        /* When PAM is enabled we rely on it to do the nologin check */
-                if (!options.use_pam)
+        if (!options.use_pam)
-                        do_nologin(pw);
+                do_nologin(pw);
-                do_setusercontext(pw);
+        do_setusercontext(pw);
-                /*
+        /*
-                 * PAM session modules in do_setusercontext may have
+         * PAM session modules in do_setusercontext may have
-                 * generated messages, so if this in an interactive
+         * generated messages, so if this in an interactive
-                 * login then display them too.
+         * login then display them too.
-                 */
+         */
-                if (!check_quietlogin(s, command))
+        if (!check_quietlogin(s, command))
-                        display_loginmsg();
+                display_loginmsg();
 #endif /* HAVE_OSF_SIA */
-        }
 #ifdef USE_PAM
-        if (options.use_pam && !options.use_login && !is_pam_session_open()) {
+        if (options.use_pam && !is_pam_session_open()) {
                debug3("PAM session not opened, exiting");
                display_loginmsg();
                exit(254);
@@ -1585,10 +1551,6 @@ do_child(Session *s, const char *command)
        shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
 #endif
-        /* we have to stash the hostname before we close our socket. */
-        if (options.use_login)
-                hostname = session_get_remote_name_or_ip(ssh, utmp_len,
-                    options.use_dns);
        /*
         * Close the connection descriptors; note that this is the child, and
         * the server will still have the socket open, and it is important
@@ -1647,8 +1609,7 @@ do_child(Session *s, const char *command)
        closefrom(STDERR_FILENO + 1);
-        if (!options.use_login)
+        do_rc_files(s, shell);
-                do_rc_files(s, shell);
        /* restore SIGPIPE for child */
        signal(SIGPIPE, SIG_DFL);
@@ -1678,11 +1639,6 @@ do_child(Session *s, const char *command)
        fflush(NULL);
-        if (options.use_login) {
-                launch_login(pw, hostname);
-                /* NEVERREACHED */
-        }
        /* Get the last component of the shell name. */
        if ((shell0 = strrchr(shell, '/')) != NULL)
                shell0++;
@@ -2502,11 +2458,6 @@ session_setup_x11fwd(Session *s)
                packet_send_debug("No xauth program; cannot forward with spoofing.");
                return 0;
        }
-        if (options.use_login) {
-                packet_send_debug("X11 forwarding disabled; "
-                    "not compatible with UseLogin=yes.");
-                return 0;
-        }
        if (s->display != NULL) {
                debug("X11 display already set.");
                return 0;
author	djm@openbsd.org <djm@openbsd.org>	2016-08-19 03:18:06 +0000
committer	Damien Miller <djm@mindrot.org>	2016-08-23 14:29:07 +1000
commit	83b581862a1dbb06fc859959f829dde2654aef3c (patch)
tree	fc8569112cdf47a9f27fc778ab9bf9d4fecdcfbb /session.c
parent	ffe6549c2f7a999cc5264b873a60322e91862581 (diff)

diff --git a/session.c b/session.c index 9bad653fc..fcfa80000 100644 --- a/session.c +++ b/session.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: session.c,v 1.283 2016/08/13 17:47:41 markus Exp $ */	1	/* $OpenBSD: session.c,v 1.284 2016/08/19 03:18:06 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4	* All rights reserved	4	* All rights reserved
@@ -544,7 +544,7 @@ do_exec_pty(Session s, const char command)
544		544
545	/* record login, etc. similar to login(1) */	545	/* record login, etc. similar to login(1) */
546	#ifndef HAVE_OSF_SIA	546	#ifndef HAVE_OSF_SIA
547	if (!(options.use_login && command == NULL)) {	547	if (command != NULL) {
548	#ifdef _UNICOS	548	#ifdef _UNICOS
549	cray_init_job(s->pw); /* set up cray jid and tmpdir */	549	cray_init_job(s->pw); /* set up cray jid and tmpdir */
550	#endif /* _UNICOS */	550	#endif /* _UNICOS */
@@ -1019,69 +1019,63 @@ do_setup_env(Session s, const char shell)
1019	ssh_gssapi_do_child(&env, &envsize);	1019	ssh_gssapi_do_child(&env, &envsize);
1020	#endif	1020	#endif
1021		1021
1022	if (!options.use_login) {	1022	/* Set basic environment. */
1023	/* Set basic environment. */	1023	for (i = 0; i < s->num_env; i++)
1024	for (i = 0; i < s->num_env; i++)	1024	child_set_env(&env, &envsize, s->env[i].name, s->env[i].val);
1025	child_set_env(&env, &envsize, s->env[i].name,
1026	s->env[i].val);
1027		1025
1028	child_set_env(&env, &envsize, "USER", pw->pw_name);	1026	child_set_env(&env, &envsize, "USER", pw->pw_name);
1029	child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);	1027	child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
1030	#ifdef _AIX	1028	#ifdef _AIX
1031	child_set_env(&env, &envsize, "LOGIN", pw->pw_name);	1029	child_set_env(&env, &envsize, "LOGIN", pw->pw_name);
1032	#endif	1030	#endif
1033	child_set_env(&env, &envsize, "HOME", pw->pw_dir);	1031	child_set_env(&env, &envsize, "HOME", pw->pw_dir);
1034	#ifdef HAVE_LOGIN_CAP	1032	#ifdef HAVE_LOGIN_CAP
1035	if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)	1033	if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)
1036	child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);	1034	child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
1037	else	1035	else
1038	child_set_env(&env, &envsize, "PATH", getenv("PATH"));	1036	child_set_env(&env, &envsize, "PATH", getenv("PATH"));
1039	#else /* HAVE_LOGIN_CAP */	1037	#else /* HAVE_LOGIN_CAP */
1040	# ifndef HAVE_CYGWIN	1038	# ifndef HAVE_CYGWIN
1041	/*	1039	/*
1042	* There's no standard path on Windows. The path contains	1040	* There's no standard path on Windows. The path contains
1043	* important components pointing to the system directories,	1041	* important components pointing to the system directories,
1044	* needed for loading shared libraries. So the path better	1042	* needed for loading shared libraries. So the path better
1045	* remains intact here.	1043	* remains intact here.
1046	*/	1044	*/
1047	# ifdef HAVE_ETC_DEFAULT_LOGIN	1045	# ifdef HAVE_ETC_DEFAULT_LOGIN
1048	read_etc_default_login(&env, &envsize, pw->pw_uid);	1046	read_etc_default_login(&env, &envsize, pw->pw_uid);
1049	path = child_get_env(env, "PATH");	1047	path = child_get_env(env, "PATH");
1050	# endif /* HAVE_ETC_DEFAULT_LOGIN */	1048	# endif /* HAVE_ETC_DEFAULT_LOGIN */
1051	if (path == NULL \|\| *path == '\0') {	1049	if (path == NULL \|\| *path == '\0') {
1052	child_set_env(&env, &envsize, "PATH",	1050	child_set_env(&env, &envsize, "PATH",
1053	s->pw->pw_uid == 0 ?	1051	s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH);
1054	SUPERUSER_PATH : _PATH_STDPATH);	1052	}
1055	}
1056	# endif /* HAVE_CYGWIN */	1053	# endif /* HAVE_CYGWIN */
1057	#endif /* HAVE_LOGIN_CAP */	1054	#endif /* HAVE_LOGIN_CAP */
1058		1055
1059	snprintf(buf, sizeof buf, "%.200s/%.50s",	1056	snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name);
1060	_PATH_MAILDIR, pw->pw_name);	1057	child_set_env(&env, &envsize, "MAIL", buf);
1061	child_set_env(&env, &envsize, "MAIL", buf);	1058
		1059	/* Normal systems set SHELL by default. */
		1060	child_set_env(&env, &envsize, "SHELL", shell);
1062		1061
1063	/* Normal systems set SHELL by default. */
1064	child_set_env(&env, &envsize, "SHELL", shell);
1065	}
1066	if (getenv("TZ"))	1062	if (getenv("TZ"))
1067	child_set_env(&env, &envsize, "TZ", getenv("TZ"));	1063	child_set_env(&env, &envsize, "TZ", getenv("TZ"));
1068		1064
1069	/* Set custom environment options from RSA authentication. */	1065	/* Set custom environment options from RSA authentication. */
1070	if (!options.use_login) {	1066	while (custom_environment) {
1071	while (custom_environment) {	1067	struct envstring *ce = custom_environment;
1072	struct envstring *ce = custom_environment;	1068	char *str = ce->s;
1073	char *str = ce->s;	1069
1074		1070	for (i = 0; str[i] != '=' && str[i]; i++)
1075	for (i = 0; str[i] != '=' && str[i]; i++)	1071	;
1076	;	1072	if (str[i] == '=') {
1077	if (str[i] == '=') {	1073	str[i] = 0;
1078	str[i] = 0;	1074	child_set_env(&env, &envsize, str, str + i + 1);
1079	child_set_env(&env, &envsize, str, str + i + 1);
1080	}
1081	custom_environment = ce->next;
1082	free(ce->s);
1083	free(ce);
1084	}	1075	}
		1076	custom_environment = ce->next;
		1077	free(ce->s);
		1078	free(ce);
1085	}	1079	}
1086		1080
1087	/* SSH_CLIENT deprecated */	1081	/* SSH_CLIENT deprecated */
@@ -1143,7 +1137,7 @@ do_setup_env(Session s, const char shell)
1143	* Pull in any environment variables that may have	1137	* Pull in any environment variables that may have
1144	* been set by PAM.	1138	* been set by PAM.
1145	*/	1139	*/
1146	if (options.use_pam && !options.use_login) {	1140	if (options.use_pam) {
1147	char **p;	1141	char **p;
1148		1142
1149	p = fetch_pam_child_environment();	1143	p = fetch_pam_child_environment();
@@ -1161,7 +1155,7 @@ do_setup_env(Session s, const char shell)
1161	auth_sock_name);	1155	auth_sock_name);
1162		1156
1163	/* read $HOME/.ssh/environment. */	1157	/* read $HOME/.ssh/environment. */
1164	if (options.permit_user_env && !options.use_login) {	1158	if (options.permit_user_env) {
1165	snprintf(buf, sizeof buf, "%.200s/.ssh/environment",	1159	snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
1166	strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");	1160	strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
1167	read_environment_file(&env, &envsize, buf);	1161	read_environment_file(&env, &envsize, buf);
@@ -1443,27 +1437,6 @@ do_pwchange(Session *s)
1443	}	1437	}
1444		1438
1445	static void	1439	static void
1446	launch_login(struct passwd pw, const char hostname)
1447	{
1448	/* Launch login(1). */
1449
1450	execl(LOGIN_PROGRAM, "login", "-h", hostname,
1451	#ifdef xxxLOGIN_NEEDS_TERM
1452	(s->term ? s->term : "unknown"),
1453	#endif /* LOGIN_NEEDS_TERM */
1454	#ifdef LOGIN_NO_ENDOPT
1455	"-p", "-f", pw->pw_name, (char *)NULL);
1456	#else
1457	"-p", "-f", "--", pw->pw_name, (char *)NULL);
1458	#endif
1459
1460	/* Login couldn't be executed, die. */
1461
1462	perror("login");
1463	exit(1);
1464	}
1465
1466	static void
1467	child_close_fds(void)	1440	child_close_fds(void)
1468	{	1441	{
1469	extern int auth_sock;	1442	extern int auth_sock;
@@ -1510,11 +1483,10 @@ child_close_fds(void)
1510	void	1483	void
1511	do_child(Session s, const char command)	1484	do_child(Session s, const char command)
1512	{	1485	{
1513	struct ssh ssh = active_state; / XXX */
1514	extern char **environ;	1486	extern char **environ;
1515	char **env;	1487	char **env;
1516	char *argv[ARGV_MAX];	1488	char *argv[ARGV_MAX];
1517	const char shell, shell0, *hostname = NULL;	1489	const char shell, shell0;
1518	struct passwd *pw = s->pw;	1490	struct passwd *pw = s->pw;
1519	int r = 0;	1491	int r = 0;
1520		1492
@@ -1529,10 +1501,6 @@ do_child(Session s, const char command)
1529	exit(1);	1501	exit(1);
1530	}	1502	}
1531		1503
1532	/* login(1) is only called if we execute the login shell */
1533	if (options.use_login && command != NULL)
1534	options.use_login = 0;
1535
1536	#ifdef _UNICOS	1504	#ifdef _UNICOS
1537	cray_setup(pw->pw_uid, pw->pw_name, command);	1505	cray_setup(pw->pw_uid, pw->pw_name, command);
1538	#endif /* _UNICOS */	1506	#endif /* _UNICOS */
@@ -1541,28 +1509,26 @@ do_child(Session s, const char command)
1541	* Login(1) does this as well, and it needs uid 0 for the "-h"	1509	* Login(1) does this as well, and it needs uid 0 for the "-h"
1542	* switch, so we let login(1) to this for us.	1510	* switch, so we let login(1) to this for us.
1543	*/	1511	*/
1544	if (!options.use_login) {
1545	#ifdef HAVE_OSF_SIA	1512	#ifdef HAVE_OSF_SIA
1546	session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty);	1513	session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty);
1547	if (!check_quietlogin(s, command))	1514	if (!check_quietlogin(s, command))
1548	do_motd();	1515	do_motd();
1549	#else /* HAVE_OSF_SIA */	1516	#else /* HAVE_OSF_SIA */
1550	/* When PAM is enabled we rely on it to do the nologin check */	1517	/* When PAM is enabled we rely on it to do the nologin check */
1551	if (!options.use_pam)	1518	if (!options.use_pam)
1552	do_nologin(pw);	1519	do_nologin(pw);
1553	do_setusercontext(pw);	1520	do_setusercontext(pw);
1554	/*	1521	/*
1555	* PAM session modules in do_setusercontext may have	1522	* PAM session modules in do_setusercontext may have
1556	* generated messages, so if this in an interactive	1523	* generated messages, so if this in an interactive
1557	* login then display them too.	1524	* login then display them too.
1558	*/	1525	*/
1559	if (!check_quietlogin(s, command))	1526	if (!check_quietlogin(s, command))
1560	display_loginmsg();	1527	display_loginmsg();
1561	#endif /* HAVE_OSF_SIA */	1528	#endif /* HAVE_OSF_SIA */
1562	}
1563		1529
1564	#ifdef USE_PAM	1530	#ifdef USE_PAM
1565	if (options.use_pam && !options.use_login && !is_pam_session_open()) {	1531	if (options.use_pam && !is_pam_session_open()) {
1566	debug3("PAM session not opened, exiting");	1532	debug3("PAM session not opened, exiting");
1567	display_loginmsg();	1533	display_loginmsg();
1568	exit(254);	1534	exit(254);
@@ -1585,10 +1551,6 @@ do_child(Session s, const char command)
1585	shell = login_getcapstr(lc, "shell", (char )shell, (char )shell);	1551	shell = login_getcapstr(lc, "shell", (char )shell, (char )shell);
1586	#endif	1552	#endif
1587		1553
1588	/* we have to stash the hostname before we close our socket. */
1589	if (options.use_login)
1590	hostname = session_get_remote_name_or_ip(ssh, utmp_len,
1591	options.use_dns);
1592	/*	1554	/*
1593	* Close the connection descriptors; note that this is the child, and	1555	* Close the connection descriptors; note that this is the child, and
1594	* the server will still have the socket open, and it is important	1556	* the server will still have the socket open, and it is important
@@ -1647,8 +1609,7 @@ do_child(Session s, const char command)
1647		1609
1648	closefrom(STDERR_FILENO + 1);	1610	closefrom(STDERR_FILENO + 1);
1649		1611
1650	if (!options.use_login)	1612	do_rc_files(s, shell);
1651	do_rc_files(s, shell);
1652		1613
1653	/* restore SIGPIPE for child */	1614	/* restore SIGPIPE for child */
1654	signal(SIGPIPE, SIG_DFL);	1615	signal(SIGPIPE, SIG_DFL);
@@ -1678,11 +1639,6 @@ do_child(Session s, const char command)
1678		1639
1679	fflush(NULL);	1640	fflush(NULL);
1680		1641
1681	if (options.use_login) {
1682	launch_login(pw, hostname);
1683	/* NEVERREACHED */
1684	}
1685
1686	/* Get the last component of the shell name. */	1642	/* Get the last component of the shell name. */
1687	if ((shell0 = strrchr(shell, '/')) != NULL)	1643	if ((shell0 = strrchr(shell, '/')) != NULL)
1688	shell0++;	1644	shell0++;
@@ -2502,11 +2458,6 @@ session_setup_x11fwd(Session *s)
2502	packet_send_debug("No xauth program; cannot forward with spoofing.");	2458	packet_send_debug("No xauth program; cannot forward with spoofing.");
2503	return 0;	2459	return 0;
2504	}	2460	}
2505	if (options.use_login) {
2506	packet_send_debug("X11 forwarding disabled; "
2507	"not compatible with UseLogin=yes.");
2508	return 0;
2509	}
2510	if (s->display != NULL) {	2461	if (s->display != NULL) {
2511	debug("X11 display already set.");	2462	debug("X11 display already set.");
2512	return 0;	2463	return 0;