diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-04-18 15:29:33 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-04-18 15:29:33 +0000 |
commit | 005dd22c97239f8814319daff6a41469158bd495 (patch) | |
tree | 8c7e1d5b5455e8b2baaf4780cbd3270d3edd13f2 | |
parent | 2b261b9035031f5319c4694a0f2c9a5deeb9d906 (diff) |
- markus@cvs.openbsd.org 2001/04/17 19:34:25
[session.c]
move auth_approval to do_authenticated().
do_child(): nuke hostkeys from memory
don't source .ssh/rc for subsystems.
-rw-r--r-- | ChangeLog | 9 | ||||
-rw-r--r-- | session.c | 23 |
2 files changed, 21 insertions, 11 deletions
@@ -1,3 +1,10 @@ +20010418 + - OpenBSD CVS Sync + - markus@cvs.openbsd.org 2001/04/17 19:34:25 + [session.c] + move auth_approval to do_authenticated(). + do_child(): nuke hostkeys from memory + don't source .ssh/rc for subsystems. 20010417 - (bal) Add perl5 check for HP/UX, Removed GNUness from Makefile.in and temporary commented out 'catman-do:' since it is broken. Patches @@ -5145,4 +5152,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1135 2001/04/17 18:14:34 mouring Exp $ +$Id: ChangeLog,v 1.1136 2001/04/18 15:29:33 mouring Exp $ @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.73 2001/04/16 08:19:31 djm Exp $"); +RCSID("$OpenBSD: session.c,v 1.74 2001/04/17 19:34:25 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -140,8 +140,8 @@ extern char *__progname; extern int log_stderr; extern int debug_flag; extern u_int utmp_len; - extern int startup_pipe; +extern void destroy_sensitive_data(void); /* Local Xauthority file. */ static char *xauthfile; @@ -179,6 +179,12 @@ do_authenticated(Authctxt *authctxt) error("unable to get login class"); return; } +#ifdef BSD_AUTH + if (auth_approval(NULL, lc, authctxt->pw->pw_name, "ssh") <= 0) { + packet_disconnect("Approval failure for %s", + authctxt->pw->pw_name); + } +#endif #endif /* setup the channel layer */ if (!no_port_forwarding_flag && options.allow_tcp_forwarding) @@ -1050,6 +1056,9 @@ do_child(Session *s, const char *command) #endif /* WITH_IRIX_ARRAY */ #endif /* WITH_IRIX_JOBS */ + /* remove hostkey from the child's memory */ + destroy_sensitive_data(); + /* login(1) is only called if we execute the login shell */ if (options.use_login && command != NULL) options.use_login = 0; @@ -1097,13 +1106,6 @@ do_child(Session *s, const char *command) perror("unable to set user context"); exit(1); } -#ifdef BSD_AUTH - if (auth_approval(NULL, lc, pw->pw_name, "ssh") <= 0) { - error("approval failure for %s", pw->pw_name); - fprintf(stderr, "Approval failure"); - exit(1); - } -#endif # else /* HAVE_LOGIN_CAP */ #if defined(HAVE_GETLUID) && defined(HAVE_SETLUID) /* Sets login uid for accounting */ @@ -1389,7 +1391,8 @@ do_child(Session *s, const char *command) * in this order). */ if (!options.use_login) { - if (stat(_PATH_SSH_USER_RC, &st) >= 0) { + /* ignore _PATH_SSH_USER_RC for subsystems */ + if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { if (debug_flag) fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, _PATH_SSH_USER_RC); |