summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Rice <tim@multitalents.net>2014-06-18 16:17:28 -0700
committerTim Rice <tim@multitalents.net>2014-06-18 16:17:28 -0700
commita261b8df59117f7dc52abb3a34b35a40c2c9fa88 (patch)
tree9b21dbe7e8c2bc51c1fe93f5dfe3264b294fa667
parent316fac6f18f87262a315c79bcf68b9f92c9337e4 (diff)
- (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare
-rw-r--r--ChangeLog3
-rw-r--r--session.c15
2 files changed, 17 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index f7c5b1297..ccc9407ed 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
120140618
2 - (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare
3
120140617 420140617
2 - (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h} 5 - (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h}
3 openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}] 6 openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}]
diff --git a/session.c b/session.c
index c0b0a942e..11f2571e0 100644
--- a/session.c
+++ b/session.c
@@ -1505,6 +1505,9 @@ void
1505do_setusercontext(struct passwd *pw) 1505do_setusercontext(struct passwd *pw)
1506{ 1506{
1507 char *chroot_path, *tmp; 1507 char *chroot_path, *tmp;
1508#ifdef USE_LIBIAF
1509 int doing_chroot = 0;
1510#endif
1508 1511
1509 platform_setusercontext(pw); 1512 platform_setusercontext(pw);
1510 1513
@@ -1544,6 +1547,9 @@ do_setusercontext(struct passwd *pw)
1544 /* Make sure we don't attempt to chroot again */ 1547 /* Make sure we don't attempt to chroot again */
1545 free(options.chroot_directory); 1548 free(options.chroot_directory);
1546 options.chroot_directory = NULL; 1549 options.chroot_directory = NULL;
1550#ifdef USE_LIBIAF
1551 doing_chroot = 1;
1552#endif
1547 } 1553 }
1548 1554
1549#ifdef HAVE_LOGIN_CAP 1555#ifdef HAVE_LOGIN_CAP
@@ -1558,7 +1564,14 @@ do_setusercontext(struct passwd *pw)
1558 (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); 1564 (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);
1559#else 1565#else
1560# ifdef USE_LIBIAF 1566# ifdef USE_LIBIAF
1561 if (set_id(pw->pw_name) != 0) { 1567/* In a chroot environment, the set_id() will always fail; typically
1568 * because of the lack of necessary authentication services and runtime
1569 * such as ./usr/lib/libiaf.so, ./usr/lib/libpam.so.1, and ./etc/passwd
1570 * We skip it in the internal sftp chroot case.
1571 * We'll lose auditing and ACLs but permanently_set_uid will
1572 * take care of the rest.
1573 */
1574 if ((doing_chroot == 0) && set_id(pw->pw_name) != 0) {
1562 fatal("set_id(%s) Failed", pw->pw_name); 1575 fatal("set_id(%s) Failed", pw->pw_name);
1563 } 1576 }
1564# endif /* USE_LIBIAF */ 1577# endif /* USE_LIBIAF */