diff options
author | Darren Tucker <dtucker@zip.com.au> | 2010-11-05 12:41:13 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2010-11-05 12:41:13 +1100 |
commit | 4db380701d15727e43600e41a567d36177e4226e (patch) | |
tree | a8848d805cfb763a6bd998557a316511cdc2c18e | |
parent | 920612e45ae8183226e8841ff27cdc54a8287ba2 (diff) |
- (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
platform.c
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | platform.c | 20 | ||||
-rw-r--r-- | session.c | 18 |
3 files changed, 21 insertions, 19 deletions
@@ -26,6 +26,8 @@ | |||
26 | ok djm@ | 26 | ok djm@ |
27 | - (dtucker) [platform.c platform.h session.c] Add a platform hook to run | 27 | - (dtucker) [platform.c platform.h session.c] Add a platform hook to run |
28 | after the user's groups are established and move the selinux calls into it. | 28 | after the user's groups are established and move the selinux calls into it. |
29 | - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into | ||
30 | platform.c | ||
29 | 31 | ||
30 | 20101025 | 32 | 20101025 |
31 | - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with | 33 | - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with |
diff --git a/platform.c b/platform.c index 730e7b718..1604f8b59 100644 --- a/platform.c +++ b/platform.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: platform.c,v 1.5 2010/11/05 01:36:15 dtucker Exp $ */ | 1 | /* $Id: platform.c,v 1.6 2010/11/05 01:41:13 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2006 Darren Tucker. All rights reserved. | 4 | * Copyright (c) 2006 Darren Tucker. All rights reserved. |
@@ -83,6 +83,24 @@ platform_setusercontext(struct passwd *pw) | |||
83 | void | 83 | void |
84 | platform_setusercontext_post_groups(struct passwd *pw) | 84 | platform_setusercontext_post_groups(struct passwd *pw) |
85 | { | 85 | { |
86 | #ifdef HAVE_SETPCRED | ||
87 | /* | ||
88 | * If we have a chroot directory, we set all creds except real | ||
89 | * uid which we will need for chroot. If we don't have a | ||
90 | * chroot directory, we don't override anything. | ||
91 | */ | ||
92 | { | ||
93 | char **creds = NULL, *chroot_creds[] = | ||
94 | { "REAL_USER=root", NULL }; | ||
95 | |||
96 | if (options.chroot_directory != NULL && | ||
97 | strcasecmp(options.chroot_directory, "none") != 0) | ||
98 | creds = chroot_creds; | ||
99 | |||
100 | if (setpcred(pw->pw_name, creds) == -1) | ||
101 | fatal("Failed to set process credentials"); | ||
102 | } | ||
103 | #endif /* HAVE_SETPCRED */ | ||
86 | #ifdef WITH_SELINUX | 104 | #ifdef WITH_SELINUX |
87 | ssh_selinux_setup_exec_context(pw->pw_name); | 105 | ssh_selinux_setup_exec_context(pw->pw_name); |
88 | #endif | 106 | #endif |
@@ -1530,24 +1530,6 @@ do_setusercontext(struct passwd *pw) | |||
1530 | } | 1530 | } |
1531 | # endif /* USE_LIBIAF */ | 1531 | # endif /* USE_LIBIAF */ |
1532 | #endif | 1532 | #endif |
1533 | #ifdef HAVE_SETPCRED | ||
1534 | /* | ||
1535 | * If we have a chroot directory, we set all creds except real | ||
1536 | * uid which we will need for chroot. If we don't have a | ||
1537 | * chroot directory, we don't override anything. | ||
1538 | */ | ||
1539 | { | ||
1540 | char **creds = NULL, *chroot_creds[] = | ||
1541 | { "REAL_USER=root", NULL }; | ||
1542 | |||
1543 | if (options.chroot_directory != NULL && | ||
1544 | strcasecmp(options.chroot_directory, "none") != 0) | ||
1545 | creds = chroot_creds; | ||
1546 | |||
1547 | if (setpcred(pw->pw_name, creds) == -1) | ||
1548 | fatal("Failed to set process credentials"); | ||
1549 | } | ||
1550 | #endif /* HAVE_SETPCRED */ | ||
1551 | 1533 | ||
1552 | platform_setusercontext_post_groups(pw); | 1534 | platform_setusercontext_post_groups(pw); |
1553 | 1535 | ||