* New upstream release (http://www.openssh.com/txt/release-6.1).

  - Enable pre-auth sandboxing by default for new installs.
  - Allow "PermitOpen none" to refuse all port-forwarding requests
    (closes: #543683).

1 files changed, 25 insertions, 22 deletions

diff --git a/ssh.c b/ssh.c
index 7dd41f59a..58c04f88f 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.368 2011/10/24 02:10:46 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.370 2012/07/06 01:47:38 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -638,10 +638,6 @@ main(int ac, char **av)
         /* Initialize the command to execute on remote host. */
         buffer_init(&command);
 
-        if (options.request_tty == REQUEST_TTY_YES ||
-            options.request_tty == REQUEST_TTY_FORCE)
-                tty_flag = 1;
-
         /*
          * Save the command to execute on the remote host in a buffer. There
          * is no limit on the length of the command, except by the maximum
@@ -649,7 +645,6 @@ main(int ac, char **av)
          */
         if (!ac) {
                 /* No command specified - execute shell on a tty. */
-                tty_flag = options.request_tty != REQUEST_TTY_NO;
                 if (subsystem_flag) {
                         fprintf(stderr,
                             "You must specify a subsystem to invoke.\n");
@@ -670,22 +665,6 @@ main(int ac, char **av)
                 fatal("Cannot fork into background without a command "
                     "to execute.");
 
-        /* Allocate a tty by default if no command specified. */
-        if (buffer_len(&command) == 0)
-                tty_flag = options.request_tty != REQUEST_TTY_NO;
-
-        /* Force no tty */
-        if (options.request_tty == REQUEST_TTY_NO || muxclient_command != 0)
-                tty_flag = 0;
-        /* Do not allocate a tty if stdin is not a tty. */
-        if ((!isatty(fileno(stdin)) || stdin_null_flag) &&
-            options.request_tty != REQUEST_TTY_FORCE) {
-                if (tty_flag && options.log_level != SYSLOG_LEVEL_QUIET)
-                        logit("Pseudo-terminal will not be allocated because "
-                            "stdin is not a terminal.");
-                tty_flag = 0;
-        }
-
         /*
          * Initialize "log" output.  Since we are the client all output
          * actually goes to stderr.
@@ -721,6 +700,26 @@ main(int ac, char **av)
         /* reinit */
         log_init(argv0, options.log_level, SYSLOG_FACILITY_USER, !use_syslog);
 
+        if (options.request_tty == REQUEST_TTY_YES ||
+            options.request_tty == REQUEST_TTY_FORCE)
+                tty_flag = 1;
+
+        /* Allocate a tty by default if no command specified. */
+        if (buffer_len(&command) == 0)
+                tty_flag = options.request_tty != REQUEST_TTY_NO;
+
+        /* Force no tty */
+        if (options.request_tty == REQUEST_TTY_NO || muxclient_command != 0)
+                tty_flag = 0;
+        /* Do not allocate a tty if stdin is not a tty. */
+        if ((!isatty(fileno(stdin)) || stdin_null_flag) &&
+            options.request_tty != REQUEST_TTY_FORCE) {
+                if (tty_flag && options.log_level != SYSLOG_LEVEL_QUIET)
+                        logit("Pseudo-terminal will not be allocated because "
+                            "stdin is not a terminal.");
+                tty_flag = 0;
+        }
+
         seed_rng();
 
         if (options.user == NULL)
@@ -1359,6 +1358,10 @@ ssh_session2_setup(int id, int success, void *arg)
                 packet_send();
         }
 
+        /* Tell the packet module whether this is an interactive session. */
+        packet_set_interactive(interactive,
+            options.ip_qos_interactive, options.ip_qos_bulk);
+
         client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"),
             NULL, fileno(stdin), &command, environ);
 }