diff options
author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2013-03-22 11:19:48 +0000 |
---|---|---|
committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2013-03-22 11:19:48 +0000 |
commit | 9b81c128761e4627fc5291f371e0d07903eb4e72 (patch) | |
tree | 7ff06aa6c4c960e7fe13b294a9c2eaddce18a2f1 /session.c | |
parent | 925f1fb7e466dbf645650dc4ea9d2a34e728ef9c (diff) | |
download | src-9b81c128761e4627fc5291f371e0d07903eb4e72.tar.gz src-9b81c128761e4627fc5291f371e0d07903eb4e72.zip |
Vendor import of OpenSSH 6.2p1.vendor/openssh/6.2p1
Notes
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=248613
svn path=/vendor-crypto/openssh/6.2p1/; revision=248614; tag=vendor/openssh/6.2p1
Diffstat (limited to 'session.c')
-rw-r--r-- | session.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/session.c b/session.c index 65bf2877618c..19eaa20c3584 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.260 2012/03/15 03:10:27 guenther Exp $ */ +/* $OpenBSD: session.c,v 1.261 2012/12/02 20:46:11 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -273,7 +273,10 @@ do_authenticated(Authctxt *authctxt) setproctitle("%s", authctxt->pw->pw_name); /* setup the channel layer */ - if (!no_port_forwarding_flag && options.allow_tcp_forwarding) + if (no_port_forwarding_flag || + (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) + channel_disable_adm_local_opens(); + else channel_permit_all_opens(); auth_debug_send(); @@ -383,7 +386,7 @@ do_authenticated1(Authctxt *authctxt) debug("Port forwarding not permitted for this authentication."); break; } - if (!options.allow_tcp_forwarding) { + if (!(options.allow_tcp_forwarding & FORWARD_REMOTE)) { debug("Port forwarding not permitted."); break; } @@ -1517,6 +1520,11 @@ do_setusercontext(struct passwd *pw) perror("unable to set user context (setuser)"); exit(1); } + /* + * FreeBSD's setusercontext() will not apply the user's + * own umask setting unless running with the user's UID. + */ + (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); #else /* Permanently switch to the desired uid. */ permanently_set_uid(pw); |