 @@ -1,31 +1,31 @@
-$NetBSD: distinfo,v 1.67 2008/04/03 07:59:08 tonnerre Exp $
+$NetBSD: distinfo,v 1.68 2008/04/08 06:36:47 taca Exp $
 SHA1 (openssh-4.7.1-20070919/openssh-4.7p1-hpn12v18.diff.gz) = 8ab61d12b5bcf70d0ffe9cb1d157136d20ebb22c
 RMD160 (openssh-4.7.1-20070919/openssh-4.7p1-hpn12v18.diff.gz) = 7b35eb1a3f6f3b703ac7f155f620bff63a900a0e
 Size (openssh-4.7.1-20070919/openssh-4.7p1-hpn12v18.diff.gz) = 16094 bytes
 SHA1 (openssh-4.7.1-20070919/openssh-4.7p1.tar.gz) = 58357db9e64ba6382bef3d73d1d386fcdc0508f4
 RMD160 (openssh-4.7.1-20070919/openssh-4.7p1.tar.gz) = b828e79d3d1a931cb77651ec7d7276cf3ba22d90
 Size (openssh-4.7.1-20070919/openssh-4.7p1.tar.gz) = 991119 bytes
 SHA1 (patch-aa) = 8b7a16e9a63cfff3b73d70b9cebb6627b96396e0
 SHA1 (patch-ab) = a105c238c8dc774ed6992791b131da56824869e9
 SHA1 (patch-ac) = dfb054ef02fbb5d206f6adaf82944f16da20eaf9
 SHA1 (patch-ad) = 7921e029b56c0e4769a7ada03dff3eb2e275db7d
 SHA1 (patch-ae) = 9585221f9e49b4ebea31c374066d70e11aa804a1
 SHA1 (patch-af) = ca3224af0b648803404776a8c12ed678db4f8ff6
 SHA1 (patch-ag) = b6f92a5394a3442fcc0c2a2ee204c10df5a4aea5
 SHA1 (patch-ah) = bc0d7c2903ecf264e62b53f3864812af5f2f04ce
 SHA1 (patch-ai) = becad6262e5daeef2a6db14097a8971c40088403
 SHA1 (patch-aj) = 4f477f40d1d891dcda9083cec5521e80410ebd54
 SHA1 (patch-ak) = 3720afb4e95356d5310762cda881820d524dcffc
 SHA1 (patch-al) = d312a068047a375e52180026554bab745efdcdb7
 SHA1 (patch-am) = 4e2278b20e87e530e1819efde976d4414e160e38
 SHA1 (patch-an) = 2f955b8891bedd79986490d282eb09acd4910250
-SHA1 (patch-ao) = 1061066758f7fe2fca630b15a55cbdc1ab041758
+SHA1 (patch-ao) = f2188b57baff4c88a793eee37dad69ffc523f7e5
 SHA1 (patch-ap) = 2c0c092637661328046b71292a7412d09e92bb2a
 SHA1 (patch-aq) = a619b57361b04d5ab3d41375c18f7b99d71c8b34
 SHA1 (patch-ar) = fce4dc1011a124f02b8e14980cda1d633b36aa7d
 SHA1 (patch-as) = 19660f5983931ea3b053e6f4289cf6fae2ce50f3
 SHA1 (patch-au) = 6cfdfc531e2267017a15e66ea48c7ecfa2a3926f
 SHA1 (patch-av) = 00f54c3fae7318b278b16bd0b01881a90bd31365
 SHA1 (patch-aw) = 2a88b7563c6f52163c6c5f716e437ecaea613a30
 SHA1 (patch-ax) = 1ddf59636b6f3b544850f787ca63287fd93cae88

 @@ -1,97 +1,92 @@
-$NetBSD: patch-ao,v 1.10 2008/04/03 07:59:08 tonnerre Exp $
+$NetBSD: patch-ao,v 1.11 2008/04/08 06:36:47 taca Exp $
 One more replacing 0 with ROOTUID is handled by using SUBST framework
 because patch can't handle it when hpn-patch option is enabled.
 So, don't simply update this file with mkpatch command.
 --- session.c.orig	2007-08-16 13:28:04.000000000 +0000
 +++ session.c
@@ -347,7 +347,7 @@ do_authenticated1(Authctxt *authctxt)
  				break;
  			debug("Received TCP/IP port forwarding request.");
 -			if (channel_input_port_forward_request(s->pw->pw_uid == 0,
 +			if (channel_input_port_forward_request(s->pw->pw_uid == ROOTUID,
  			    options.gateway_ports) < 0) {
  				debug("Port forwarding failed.");
  				break;
 @@ -954,7 +954,7 @@ read_etc_default_login(char ***env, u_in
  	if (tmpenv == NULL)
  		return;
 -	if (uid == 0)
 +	if (uid == ROOTUID)
  		var = child_get_env(tmpenv, "SUPATH");
  	else
  		var = child_get_env(tmpenv, "PATH");
 @@ -1063,7 +1063,7 @@ do_setup_env(Session *s, const char *she
  #  endif /* HAVE_ETC_DEFAULT_LOGIN */
  		if (path == NULL || *path == '\0') {
  			child_set_env(&env, &envsize, "PATH",
 -			    s->pw->pw_uid == 0 ?
 +			    s->pw->pw_uid == ROOTUID ?
  				SUPERUSER_PATH : _PATH_STDPATH);
+ 		}
  # endif /* HAVE_CYGWIN */
 @@ -1177,6 +1177,18 @@ do_setup_env(Session *s, const char *she
  		    strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
  		read_environment_file(&env, &envsize, buf);
+ 	}
++
 +#ifdef HAVE_INTERIX
 +	{
 +		/* copy standard Windows environment, then apply changes */
 +		env_t *winenv = env_login(pw);
 +		env_putarray(winenv, env, ENV_OVERRIDE);
++
 +		/* swap over to altered environment as a traditional array */
 +		env = env_array(winenv);
 +	}
 +#endif
++
  	if (debug_flag) {
  		/* dump the environment */
  		fprintf(stderr, "Environment:\n");
 @@ -1201,8 +1213,9 @@ do_rc_files(Session *s, const char *shel
  	do_xauth =
  	    s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
 -	/* ignore _PATH_SSH_USER_RC for subsystems */
 -	if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
 +	/* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */
 +	if (!s->is_subsystem && options.adm_forced_command == NULL &&
 +	    (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
  		snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
  		    shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
  		if (debug_flag)
 @@ -1287,9 +1300,9 @@ do_nologin(struct passwd *pw)
  void
  do_setusercontext(struct passwd *pw)
+ {
 -#ifndef HAVE_CYGWIN
 +#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX)
  	if (getuid() == 0 || geteuid() == 0)
 -#endif /* HAVE_CYGWIN */
 +#endif /* !HAVE_CYGWIN && !HAVE_INTERIX */
+ 	{
  #ifdef HAVE_SETPCRED
 @@ -1331,11 +1344,13 @@ do_setusercontext(struct passwd *pw)
  			perror("setgid");
  			exit(1);
+ 		}
 +# if !defined(HAVE_INTERIX)
  		/* Initialize the group list. */
  		if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
  			perror("initgroups");
  			exit(1);
+ 		}
 +# endif /* !HAVE_INTERIX */
  		endgrent();
  #ifdef GSSAPI
  		if (options.gss_authentication) {
 @@ -2086,7 +2101,7 @@ session_pty_cleanup2(Session *s)
  		record_logout(s->pid, s->tty, s->pw->pw_name);
  	/* Release the pseudo-tty. */
 -	if (getuid() == 0)
 +	if (getuid() == ROOTUID)
  		pty_release(s->tty);
  	/*