summaryrefslogtreecommitdiff
path: root/security/openssh/patches/patch-ao
diff options
context:
space:
mode:
Diffstat (limited to 'security/openssh/patches/patch-ao')
-rw-r--r--security/openssh/patches/patch-ao37
1 files changed, 29 insertions, 8 deletions
diff --git a/security/openssh/patches/patch-ao b/security/openssh/patches/patch-ao
index 5533c0d999f..103c10ac9eb 100644
--- a/security/openssh/patches/patch-ao
+++ b/security/openssh/patches/patch-ao
@@ -1,8 +1,17 @@
-$NetBSD: patch-ao,v 1.9 2006/10/31 03:31:20 taca Exp $
+$NetBSD: patch-ao,v 1.10 2008/04/03 07:59:08 tonnerre Exp $
---- session.c.orig 2006-10-29 17:01:29.000000000 +0900
+--- session.c.orig 2007-08-16 13:28:04.000000000 +0000
+++ session.c
-@@ -956,7 +956,7 @@ read_etc_default_login(char ***env, u_in
+@@ -347,7 +347,7 @@ do_authenticated1(Authctxt *authctxt)
+ break;
+ }
+ debug("Received TCP/IP port forwarding request.");
+- if (channel_input_port_forward_request(s->pw->pw_uid == 0,
++ if (channel_input_port_forward_request(s->pw->pw_uid == ROOTUID,
+ options.gateway_ports) < 0) {
+ debug("Port forwarding failed.");
+ break;
+@@ -954,7 +954,7 @@ read_etc_default_login(char ***env, u_in
if (tmpenv == NULL)
return;
@@ -11,7 +20,7 @@ $NetBSD: patch-ao,v 1.9 2006/10/31 03:31:20 taca Exp $
var = child_get_env(tmpenv, "SUPATH");
else
var = child_get_env(tmpenv, "PATH");
-@@ -1065,7 +1065,7 @@ do_setup_env(Session *s, const char *she
+@@ -1063,7 +1063,7 @@ do_setup_env(Session *s, const char *she
# endif /* HAVE_ETC_DEFAULT_LOGIN */
if (path == NULL || *path == '\0') {
child_set_env(&env, &envsize, "PATH",
@@ -20,7 +29,7 @@ $NetBSD: patch-ao,v 1.9 2006/10/31 03:31:20 taca Exp $
SUPERUSER_PATH : _PATH_STDPATH);
}
# endif /* HAVE_CYGWIN */
-@@ -1179,6 +1179,18 @@ do_setup_env(Session *s, const char *she
+@@ -1177,6 +1177,18 @@ do_setup_env(Session *s, const char *she
strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
read_environment_file(&env, &envsize, buf);
}
@@ -39,7 +48,19 @@ $NetBSD: patch-ao,v 1.9 2006/10/31 03:31:20 taca Exp $
if (debug_flag) {
/* dump the environment */
fprintf(stderr, "Environment:\n");
-@@ -1289,9 +1301,9 @@ do_nologin(struct passwd *pw)
+@@ -1201,8 +1213,9 @@ do_rc_files(Session *s, const char *shel
+ do_xauth =
+ s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
+
+- /* ignore _PATH_SSH_USER_RC for subsystems */
+- if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
++ /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */
++ if (!s->is_subsystem && options.adm_forced_command == NULL &&
++ (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
+ snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
+ shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
+ if (debug_flag)
+@@ -1287,9 +1300,9 @@ do_nologin(struct passwd *pw)
void
do_setusercontext(struct passwd *pw)
{
@@ -51,7 +72,7 @@ $NetBSD: patch-ao,v 1.9 2006/10/31 03:31:20 taca Exp $
{
#ifdef HAVE_SETPCRED
-@@ -1333,11 +1345,13 @@ do_setusercontext(struct passwd *pw)
+@@ -1331,11 +1344,13 @@ do_setusercontext(struct passwd *pw)
perror("setgid");
exit(1);
}
@@ -65,7 +86,7 @@ $NetBSD: patch-ao,v 1.9 2006/10/31 03:31:20 taca Exp $
endgrent();
#ifdef GSSAPI
if (options.gss_authentication) {
-@@ -2095,7 +2109,7 @@ session_pty_cleanup2(Session *s)
+@@ -2086,7 +2101,7 @@ session_pty_cleanup2(Session *s)
record_logout(s->pid, s->tty, s->pw->pw_name);
/* Release the pseudo-tty. */
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-27 17:11:56 +0000