diff options
author | Darren Tucker <dtucker@zip.com.au> | 2010-11-05 13:00:05 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2010-11-05 13:00:05 +1100 |
commit | 728d8371a1dc1b615284ece94b0085897b4c0b51 (patch) | |
tree | 949dc94374774d643bb2799e4de1795fc92e559c | |
parent | fd4d8aa2cbe0acad520ab168656759cb46054c03 (diff) |
- (dtucker) [platform.c session.c] Move the PAM credential establishment for
the LOGIN_CAP case into platform.c.
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | platform.c | 16 | ||||
-rw-r--r-- | session.c | 5 |
3 files changed, 17 insertions, 6 deletions
@@ -31,6 +31,8 @@ | |||
31 | - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. | 31 | - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. |
32 | - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to | 32 | - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to |
33 | retain previous behavior. | 33 | retain previous behavior. |
34 | - (dtucker) [platform.c session.c] Move the PAM credential establishment for | ||
35 | the LOGIN_CAP case into platform.c. | ||
34 | 36 | ||
35 | 20101025 | 37 | 20101025 |
36 | - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with | 38 | - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with |
diff --git a/platform.c b/platform.c index 570f130ae..0335eaae6 100644 --- a/platform.c +++ b/platform.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: platform.c,v 1.8 2010/11/05 01:50:41 dtucker Exp $ */ | 1 | /* $Id: platform.c,v 1.9 2010/11/05 02:00:05 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2006 Darren Tucker. All rights reserved. | 4 | * Copyright (c) 2006 Darren Tucker. All rights reserved. |
@@ -21,6 +21,8 @@ | |||
21 | 21 | ||
22 | #include "openbsd-compat/openbsd-compat.h" | 22 | #include "openbsd-compat/openbsd-compat.h" |
23 | 23 | ||
24 | extern int use_privsep; | ||
25 | |||
24 | void | 26 | void |
25 | platform_pre_listen(void) | 27 | platform_pre_listen(void) |
26 | { | 28 | { |
@@ -79,6 +81,18 @@ platform_setusercontext(struct passwd *pw) | |||
79 | if (getuid() == 0 || geteuid() == 0) | 81 | if (getuid() == 0 || geteuid() == 0) |
80 | setpgid(0, 0); | 82 | setpgid(0, 0); |
81 | # endif | 83 | # endif |
84 | |||
85 | #if defined(HAVE_LOGIN_CAP) && defined(USE_PAM) | ||
86 | /* | ||
87 | * If we have both LOGIN_CAP and PAM, we want to establish creds | ||
88 | * before calling setusercontext (in session.c:do_setusercontext). | ||
89 | */ | ||
90 | if (getuid() == 0 || geteuid() == 0) { | ||
91 | if (options.use_pam) { | ||
92 | do_pam_setcred(use_privsep); | ||
93 | } | ||
94 | } | ||
95 | # endif /* USE_PAM */ | ||
82 | } | 96 | } |
83 | 97 | ||
84 | /* | 98 | /* |
@@ -1476,11 +1476,6 @@ do_setusercontext(struct passwd *pw) | |||
1476 | #endif /* HAVE_CYGWIN */ | 1476 | #endif /* HAVE_CYGWIN */ |
1477 | { | 1477 | { |
1478 | #ifdef HAVE_LOGIN_CAP | 1478 | #ifdef HAVE_LOGIN_CAP |
1479 | # ifdef USE_PAM | ||
1480 | if (options.use_pam) { | ||
1481 | do_pam_setcred(use_privsep); | ||
1482 | } | ||
1483 | # endif /* USE_PAM */ | ||
1484 | if (setusercontext(lc, pw, pw->pw_uid, | 1479 | if (setusercontext(lc, pw, pw->pw_uid, |
1485 | (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) { | 1480 | (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) { |
1486 | perror("unable to set user context"); | 1481 | perror("unable to set user context"); |