diff options
Diffstat (limited to 'security/openssh/patches/patch-ao')
-rw-r--r-- | security/openssh/patches/patch-ao | 37 |
1 files changed, 29 insertions, 8 deletions
diff --git a/security/openssh/patches/patch-ao b/security/openssh/patches/patch-ao index 5533c0d999f..103c10ac9eb 100644 --- a/security/openssh/patches/patch-ao +++ b/security/openssh/patches/patch-ao @@ -1,8 +1,17 @@ -$NetBSD: patch-ao,v 1.9 2006/10/31 03:31:20 taca Exp $ +$NetBSD: patch-ao,v 1.10 2008/04/03 07:59:08 tonnerre Exp $ ---- session.c.orig 2006-10-29 17:01:29.000000000 +0900 +--- session.c.orig 2007-08-16 13:28:04.000000000 +0000 +++ session.c -@@ -956,7 +956,7 @@ read_etc_default_login(char ***env, u_in +@@ -347,7 +347,7 @@ do_authenticated1(Authctxt *authctxt) + break; + } + debug("Received TCP/IP port forwarding request."); +- if (channel_input_port_forward_request(s->pw->pw_uid == 0, ++ if (channel_input_port_forward_request(s->pw->pw_uid == ROOTUID, + options.gateway_ports) < 0) { + debug("Port forwarding failed."); + break; +@@ -954,7 +954,7 @@ read_etc_default_login(char ***env, u_in if (tmpenv == NULL) return; @@ -11,7 +20,7 @@ $NetBSD: patch-ao,v 1.9 2006/10/31 03:31:20 taca Exp $ var = child_get_env(tmpenv, "SUPATH"); else var = child_get_env(tmpenv, "PATH"); -@@ -1065,7 +1065,7 @@ do_setup_env(Session *s, const char *she +@@ -1063,7 +1063,7 @@ do_setup_env(Session *s, const char *she # endif /* HAVE_ETC_DEFAULT_LOGIN */ if (path == NULL || *path == '\0') { child_set_env(&env, &envsize, "PATH", @@ -20,7 +29,7 @@ $NetBSD: patch-ao,v 1.9 2006/10/31 03:31:20 taca Exp $ SUPERUSER_PATH : _PATH_STDPATH); } # endif /* HAVE_CYGWIN */ -@@ -1179,6 +1179,18 @@ do_setup_env(Session *s, const char *she +@@ -1177,6 +1177,18 @@ do_setup_env(Session *s, const char *she strcmp(pw->pw_dir, "/") ? pw->pw_dir : ""); read_environment_file(&env, &envsize, buf); } @@ -39,7 +48,19 @@ $NetBSD: patch-ao,v 1.9 2006/10/31 03:31:20 taca Exp $ if (debug_flag) { /* dump the environment */ fprintf(stderr, "Environment:\n"); -@@ -1289,9 +1301,9 @@ do_nologin(struct passwd *pw) +@@ -1201,8 +1213,9 @@ do_rc_files(Session *s, const char *shel + do_xauth = + s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; + +- /* ignore _PATH_SSH_USER_RC for subsystems */ +- if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { ++ /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ ++ if (!s->is_subsystem && options.adm_forced_command == NULL && ++ (stat(_PATH_SSH_USER_RC, &st) >= 0)) { + snprintf(cmd, sizeof cmd, "%s -c '%s %s'", + shell, _PATH_BSHELL, _PATH_SSH_USER_RC); + if (debug_flag) +@@ -1287,9 +1300,9 @@ do_nologin(struct passwd *pw) void do_setusercontext(struct passwd *pw) { @@ -51,7 +72,7 @@ $NetBSD: patch-ao,v 1.9 2006/10/31 03:31:20 taca Exp $ { #ifdef HAVE_SETPCRED -@@ -1333,11 +1345,13 @@ do_setusercontext(struct passwd *pw) +@@ -1331,11 +1344,13 @@ do_setusercontext(struct passwd *pw) perror("setgid"); exit(1); } @@ -65,7 +86,7 @@ $NetBSD: patch-ao,v 1.9 2006/10/31 03:31:20 taca Exp $ endgrent(); #ifdef GSSAPI if (options.gss_authentication) { -@@ -2095,7 +2109,7 @@ session_pty_cleanup2(Session *s) +@@ -2086,7 +2101,7 @@ session_pty_cleanup2(Session *s) record_logout(s->pid, s->tty, s->pw->pw_name); /* Release the pseudo-tty. */ |