diff options
Diffstat (limited to 'session.c')
| -rw-r--r-- | session.c | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/session.c b/session.c index c9415114db94..6444c77f31c2 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.338 2024/05/17 00:30:24 djm Exp $ */ +/* $OpenBSD: session.c,v 1.341 2025/04/09 07:00:03 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -1433,7 +1433,7 @@ do_pwchange(Session *s) fprintf(stderr, "WARNING: Your password has expired.\n"); if (s->ttyfd != -1) { fprintf(stderr, - "You must change your password now and login again!\n"); + "You must change your password now and log in again!\n"); #ifdef WITH_SELINUX setexeccon(NULL); #endif @@ -1510,8 +1510,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id)); - /* remove hostkey from the child's memory */ - destroy_sensitive_data(); + /* remove keys from memory */ ssh_packet_clear_keys(ssh); /* Force a password change */ @@ -2145,10 +2144,6 @@ session_signal_req(struct ssh *ssh, Session *s) signame, s->forced ? "forced-command" : "subsystem"); goto out; } - if (mm_is_monitor()) { - error_f("session signalling requires privilege separation"); - goto out; - } debug_f("signal %s, killpg(%ld, %d)", signame, (long)s->pid, sig); temporarily_use_uid(s->pw); @@ -2176,7 +2171,8 @@ session_auth_agent_req(struct ssh *ssh, Session *s) if ((r = sshpkt_get_end(ssh)) != 0) sshpkt_fatal(ssh, r, "%s: parse packet", __func__); if (!auth_opts->permit_agent_forwarding_flag || - !options.allow_agent_forwarding) { + !options.allow_agent_forwarding || + options.disable_forwarding) { debug_f("agent forwarding disabled"); return 0; } @@ -2571,7 +2567,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s) ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options."); return 0; } - if (!options.x11_forwarding) { + if (!options.x11_forwarding || options.disable_forwarding) { debug("X11 forwarding disabled in server configuration file."); return 0; } |