diff options
| author | Damien Miller <djm@mindrot.org> | 2006-09-07 10:36:43 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2006-09-07 10:36:43 +1000 |
| commit | 6433df036e6cf37c5ac8fc69dcedc464e6424b16 (patch) | |
| tree | 6524438f390452a9020cc76e253801c4c3ec8b02 /auth.c | |
| parent | 6e1033318cc0bc82a45a18d97894bee7bd60e935 (diff) | |
- (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
be used to drop privilege to; fixes Solaris GSSAPI crash reported by
Magnus Abrante; suggestion and feedback dtucker@
NB. this change will require that the privilege separation user must
exist on all the time, not just when UsePrivilegeSeparation=yes
Diffstat (limited to 'auth.c')
| -rw-r--r-- | auth.c | 3 |
1 files changed, 3 insertions, 0 deletions
| @@ -73,6 +73,7 @@ | |||
| 73 | extern ServerOptions options; | 73 | extern ServerOptions options; |
| 74 | extern int use_privsep; | 74 | extern int use_privsep; |
| 75 | extern Buffer loginmsg; | 75 | extern Buffer loginmsg; |
| 76 | extern struct passwd *privsep_pw; | ||
| 76 | 77 | ||
| 77 | /* Debugging messages */ | 78 | /* Debugging messages */ |
| 78 | Buffer auth_debug; | 79 | Buffer auth_debug; |
| @@ -570,6 +571,8 @@ fakepw(void) | |||
| 570 | fake.pw_gecos = "NOUSER"; | 571 | fake.pw_gecos = "NOUSER"; |
| 571 | fake.pw_uid = (uid_t)-1; | 572 | fake.pw_uid = (uid_t)-1; |
| 572 | fake.pw_gid = (gid_t)-1; | 573 | fake.pw_gid = (gid_t)-1; |
| 574 | fake.pw_uid = privsep_pw->pw_uid; | ||
| 575 | fake.pw_gid = privsep_pw->pw_gid; | ||
| 573 | #ifdef HAVE_PW_CLASS_IN_PASSWD | 576 | #ifdef HAVE_PW_CLASS_IN_PASSWD |
| 574 | fake.pw_class = ""; | 577 | fake.pw_class = ""; |
| 575 | #endif | 578 | #endif |