diff options
author | des <des@FreeBSD.org> | 2013-03-22 17:55:38 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2013-03-22 17:55:38 +0000 |
commit | b291eafe8d40c45b908e0f6481f471ca44a0a2f8 (patch) | |
tree | dd7d7e2bece2a6008e83b0bf90e7410032c4be13 /crypto/openssh/session.c | |
parent | 19db167f418891cf677735a56370ffbcbdb37d67 (diff) | |
parent | 5a4dbb83324b0cc6594abbb5fcaa8fe0415febc5 (diff) | |
download | FreeBSD-src-b291eafe8d40c45b908e0f6481f471ca44a0a2f8.zip FreeBSD-src-b291eafe8d40c45b908e0f6481f471ca44a0a2f8.tar.gz |
Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.
Diffstat (limited to 'crypto/openssh/session.c')
-rw-r--r-- | crypto/openssh/session.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c index 82913ff..315538e 100644 --- a/crypto/openssh/session.c +++ b/crypto/openssh/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.260 2012/03/15 03:10:27 guenther Exp $ */ +/* $OpenBSD: session.c,v 1.261 2012/12/02 20:46:11 djm Exp $ */ /* $FreeBSD$ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -278,7 +278,10 @@ do_authenticated(Authctxt *authctxt) setproctitle("%s", authctxt->pw->pw_name); /* setup the channel layer */ - if (!no_port_forwarding_flag && options.allow_tcp_forwarding) + if (no_port_forwarding_flag || + (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) + channel_disable_adm_local_opens(); + else channel_permit_all_opens(); auth_debug_send(); @@ -388,7 +391,7 @@ do_authenticated1(Authctxt *authctxt) debug("Port forwarding not permitted for this authentication."); break; } - if (!options.allow_tcp_forwarding) { + if (!(options.allow_tcp_forwarding & FORWARD_REMOTE)) { debug("Port forwarding not permitted."); break; } @@ -1533,12 +1536,11 @@ do_setusercontext(struct passwd *pw) perror("unable to set user context (setuser)"); exit(1); } - - /* + /* * FreeBSD's setusercontext() will not apply the user's * own umask setting unless running with the user's UID. */ - setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); + (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); #else /* Permanently switch to the desired uid. */ permanently_set_uid(pw); |