diff options
Diffstat (limited to 'session.c')
-rw-r--r-- | session.c | 14 |
1 files changed, 11 insertions, 3 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: session.c,v 1.260 2012/03/15 03:10:27 guenther Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.261 2012/12/02 20:46:11 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -274,7 +274,10 @@ do_authenticated(Authctxt *authctxt) | |||
274 | setproctitle("%s", authctxt->pw->pw_name); | 274 | setproctitle("%s", authctxt->pw->pw_name); |
275 | 275 | ||
276 | /* setup the channel layer */ | 276 | /* setup the channel layer */ |
277 | if (!no_port_forwarding_flag && options.allow_tcp_forwarding) | 277 | if (no_port_forwarding_flag || |
278 | (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) | ||
279 | channel_disable_adm_local_opens(); | ||
280 | else | ||
278 | channel_permit_all_opens(); | 281 | channel_permit_all_opens(); |
279 | 282 | ||
280 | auth_debug_send(); | 283 | auth_debug_send(); |
@@ -384,7 +387,7 @@ do_authenticated1(Authctxt *authctxt) | |||
384 | debug("Port forwarding not permitted for this authentication."); | 387 | debug("Port forwarding not permitted for this authentication."); |
385 | break; | 388 | break; |
386 | } | 389 | } |
387 | if (!options.allow_tcp_forwarding) { | 390 | if (!(options.allow_tcp_forwarding & FORWARD_REMOTE)) { |
388 | debug("Port forwarding not permitted."); | 391 | debug("Port forwarding not permitted."); |
389 | break; | 392 | break; |
390 | } | 393 | } |
@@ -1526,6 +1529,11 @@ do_setusercontext(struct passwd *pw, const char *role) | |||
1526 | perror("unable to set user context (setuser)"); | 1529 | perror("unable to set user context (setuser)"); |
1527 | exit(1); | 1530 | exit(1); |
1528 | } | 1531 | } |
1532 | /* | ||
1533 | * FreeBSD's setusercontext() will not apply the user's | ||
1534 | * own umask setting unless running with the user's UID. | ||
1535 | */ | ||
1536 | (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); | ||
1529 | #else | 1537 | #else |
1530 | /* Permanently switch to the desired uid. */ | 1538 | /* Permanently switch to the desired uid. */ |
1531 | permanently_set_uid(pw); | 1539 | permanently_set_uid(pw); |