Do not ban PTY allocation when a sshd session is restricted because

the user password is expired as it breaks password change dialog. regression in openssh-7.7 reported by Daniel Wagner
author: djm <djm@openbsd.org> 2018-05-25 07:11:01 +0000
committer: djm <djm@openbsd.org> 2018-05-25 07:11:01 +0000
commit: ddf3e44b3dcc7daee84c181ad5f805cde42b9956 (patch)
tree: 868db0870b349222753d4e95ef986e280508f87c /usr.bin/ssh/auth.c
parent: Prepare in_ioctl() for further refactoring with the goal of merging the (diff)
download: wireguard-openbsd-ddf3e44b3dcc7daee84c181ad5f805cde42b9956.tar.xz
wireguard-openbsd-ddf3e44b3dcc7daee84c181ad5f805cde42b9956.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c
index 9a8d1660a31..999677bc746 100644
--- a/usr.bin/ssh/auth.c
+++ b/usr.bin/ssh/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.127 2018/03/12 00:52:01 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.128 2018/05/25 07:11:01 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -946,6 +946,7 @@ auth_restrict_session(struct ssh *ssh)
 
 	/* A blank sshauthopt defaults to permitting nothing */
 	restricted = sshauthopt_new();
+	restricted->permit_pty_flag = 1;
 	restricted->restricted = 1;
 
 	if (auth_activate_options(ssh, restricted) != 0)
author	djm <djm@openbsd.org>	2018-05-25 07:11:01 +0000
committer	djm <djm@openbsd.org>	2018-05-25 07:11:01 +0000
commit	ddf3e44b3dcc7daee84c181ad5f805cde42b9956 (patch)
tree	868db0870b349222753d4e95ef986e280508f87c /usr.bin/ssh/auth.c
parent	Prepare in_ioctl() for further refactoring with the goal of merging the (diff)
download	wireguard-openbsd-ddf3e44b3dcc7daee84c181ad5f805cde42b9956.tar.xz wireguard-openbsd-ddf3e44b3dcc7daee84c181ad5f805cde42b9956.zip