diff options
Diffstat (limited to 'crypto/openssh/session.c')
| -rw-r--r-- | crypto/openssh/session.c | 80 |
1 files changed, 9 insertions, 71 deletions
diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c index bc4d7a9..242a861 100644 --- a/crypto/openssh/session.c +++ b/crypto/openssh/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.256 2010/06/25 07:20:04 djm Exp $ */ +/* $OpenBSD: session.c,v 1.258 2010/11/25 04:10:09 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -586,7 +586,8 @@ do_exec_no_pty(Session *s, const char *command) s->pid = pid; /* Set interactive/non-interactive mode. */ - packet_set_interactive(s->display != NULL); + packet_set_interactive(s->display != NULL, + options.ip_qos_interactive, options.ip_qos_bulk); /* * Clear loginmsg, since it's the child's responsibility to display @@ -740,7 +741,8 @@ do_exec_pty(Session *s, const char *command) /* Enter interactive session. */ s->ptymaster = ptymaster; - packet_set_interactive(1); + packet_set_interactive(1, + options.ip_qos_interactive, options.ip_qos_bulk); if (compat20) { session_set_fds(s, ptyfd, fdout, -1, 1, 1); } else { @@ -1481,36 +1483,16 @@ do_setusercontext(struct passwd *pw) { char *chroot_path, *tmp; -#ifdef WITH_SELINUX - /* Cache selinux status for later use */ - (void)ssh_selinux_enabled(); -#endif + platform_setusercontext(pw); -#ifndef HAVE_CYGWIN - if (getuid() == 0 || geteuid() == 0) -#endif /* HAVE_CYGWIN */ - { + if (platform_privileged_uidswap()) { #ifdef HAVE_LOGIN_CAP -# ifdef __bsdi__ - setpgid(0, 0); -# endif -# ifdef USE_PAM - if (options.use_pam) { - do_pam_setcred(use_privsep); - } -# endif /* USE_PAM */ if (setusercontext(lc, pw, pw->pw_uid, (LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH|LOGIN_SETUSER))) < 0) { perror("unable to set user context"); exit(1); } #else -# if defined(HAVE_GETLUID) && defined(HAVE_SETLUID) - /* Sets login uid for accounting */ - if (getluid() == -1 && setluid(pw->pw_uid) == -1) - error("setluid: %s", strerror(errno)); -# endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */ - if (setlogin(pw->pw_name) < 0) error("setlogin failed: %s", strerror(errno)); if (setgid(pw->pw_gid) < 0) { @@ -1523,50 +1505,9 @@ do_setusercontext(struct passwd *pw) exit(1); } endgrent(); -# ifdef USE_PAM - /* - * PAM credentials may take the form of supplementary groups. - * These will have been wiped by the above initgroups() call. - * Reestablish them here. - */ - if (options.use_pam) { - do_pam_setcred(use_privsep); - } -# endif /* USE_PAM */ -# if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) - irix_setusercontext(pw); -# endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ -# ifdef _AIX - aix_usrinfo(pw); -# endif /* _AIX */ -# ifdef USE_LIBIAF - if (set_id(pw->pw_name) != 0) { - exit(1); - } -# endif /* USE_LIBIAF */ #endif -#ifdef HAVE_SETPCRED - /* - * If we have a chroot directory, we set all creds except real - * uid which we will need for chroot. If we don't have a - * chroot directory, we don't override anything. - */ - { - char **creds = NULL, *chroot_creds[] = - { "REAL_USER=root", NULL }; - - if (options.chroot_directory != NULL && - strcasecmp(options.chroot_directory, "none") != 0) - creds = chroot_creds; - - if (setpcred(pw->pw_name, creds) == -1) - fatal("Failed to set process credentials"); - } -#endif /* HAVE_SETPCRED */ -#ifdef WITH_SELINUX - ssh_selinux_setup_exec_context(pw->pw_name); -#endif + platform_setusercontext_post_groups(pw); if (options.chroot_directory != NULL && strcasecmp(options.chroot_directory, "none") != 0) { @@ -1640,8 +1581,6 @@ launch_login(struct passwd *pw, const char *hostname) static void child_close_fds(void) { - int i; - if (packet_get_connection_in() == packet_get_connection_out()) close(packet_get_connection_in()); else { @@ -1667,8 +1606,7 @@ child_close_fds(void) * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. */ - for (i = 3; i < 64; i++) - close(i); + closefrom(STDERR_FILENO + 1); } /* |
