From fbb4b5fd4f8e0bb89732670a01954e18b69e15ba Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Fri, 25 May 2018 07:11:01 +0000
Subject: upstream: Do not ban PTY allocation when a sshd session is restricted

because the user password is expired as it breaks password change dialog.

regression in openssh-7.7 reported by Daniel Wagner

OpenBSD-Commit-ID: 9fc09c584c6f1964b00595e3abe7f83db4d90d73
---
 auth.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'auth.c')

diff --git a/auth.c b/auth.c
index 63366768..0b7a335f 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.127 2018/03/12 00:52:01 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.128 2018/05/25 07:11:01 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -1080,6 +1080,7 @@ auth_restrict_session(struct ssh *ssh)
 
 	/* A blank sshauthopt defaults to permitting nothing */
 	restricted = sshauthopt_new();
+	restricted->permit_pty_flag = 1;
 	restricted->restricted = 1;
 
 	if (auth_activate_options(ssh, restricted) != 0)
-- 
cgit v1.2.3