[PATCH] Use login_getpwclass() instead of login_getclass() so that the root vs. default login class distinction is made correctly.
Ed Maste
emaste at FreeBSD.org
Tue Feb 16 06:10:00 AEDT 2021
From: Brian Feldman <green at FreeBSD.org>
>From FreeBSD 885a59f2e067 by Brian Feldman <green at FreeBSD.org>.
Details in FreeBSD PR 37416 https://bugs.freebsd.org/37416 - summary:
> sshd uses the "default" login class for users with uid=0 instead of
> the "root" login class when setting up the user's session.
> ...
> How-To-Repeat:
> I added a :umask=002: entry to the default login class and a :umask=022:
> entry to the root login class in </etc/login.conf>. After this, if root
> logs in via a getty on a virtual console or via telnet, the umask is
> 022 as expected, but if root logs in via ssh the umask is 002. However,
> if root's password entry is changed to mention the root login class
> explicitly, the umask is set to 022 when root logs in via ssh.
Posted for discussion; if accepted I will see about adding autoconf goop,
if necessary (i.e. if some systems have login_getclass but not
login_getpwclass).
---
auth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/auth.c b/auth.c
index 9a5498b66..c8e1ed074 100644
--- a/auth.c
+++ b/auth.c
@@ -600,7 +600,7 @@ getpwnamallow(struct ssh *ssh, const char *user)
if (!allowed_user(ssh, pw))
return (NULL);
#ifdef HAVE_LOGIN_CAP
- if ((lc = login_getclass(pw->pw_class)) == NULL) {
+ if ((lc = login_getpwclass(pw)) == NULL) {
debug("unable to get login class: %s", user);
return (NULL);
}
--
2.30.0
More information about the openssh-unix-dev
mailing list