[PATCH] Use login_getpwclass() instead of login_getclass() so that the root vs. default login class distinction is made correctly.

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



From: Brian Feldman <green@xxxxxxxxxxx>

>From FreeBSD 885a59f2e067 by Brian Feldman <green@xxxxxxxxxxx>.

Details in FreeBSD PR 37416 https://bugs.freebsd.org/37416 - summary:

> sshd uses the "default" login class for users with uid=0 instead of
> the "root" login class when setting up the user's session.
> ...
> How-To-Repeat: 
> I added a :umask=002: entry to the default login class and a :umask=022:
> entry to the root login class in </etc/login.conf>. After this, if root
> logs in via a getty on a virtual console or via telnet, the umask is
> 022 as expected, but if root logs in via ssh the umask is 002. However,
> if root's password entry is changed to mention the root login class
> explicitly, the umask is set to 022 when root logs in via ssh.

Posted for discussion; if accepted I will see about adding autoconf goop,
if necessary (i.e. if some systems have login_getclass but not
login_getpwclass).
---
 auth.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/auth.c b/auth.c
index 9a5498b66..c8e1ed074 100644
--- a/auth.c
+++ b/auth.c
@@ -600,7 +600,7 @@ getpwnamallow(struct ssh *ssh, const char *user)
 	if (!allowed_user(ssh, pw))
 		return (NULL);
 #ifdef HAVE_LOGIN_CAP
-	if ((lc = login_getclass(pw->pw_class)) == NULL) {
+	if ((lc = login_getpwclass(pw)) == NULL) {
 		debug("unable to get login class: %s", user);
 		return (NULL);
 	}
-- 
2.30.0

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux