diff options
author | Damien Miller <djm@mindrot.org> | 2006-09-07 10:36:43 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2006-09-07 10:36:43 +1000 |
commit | 6433df036e6cf37c5ac8fc69dcedc464e6424b16 (patch) | |
tree | 6524438f390452a9020cc76e253801c4c3ec8b02 /auth.c | |
parent | 6e1033318cc0bc82a45a18d97894bee7bd60e935 (diff) |
- (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
be used to drop privilege to; fixes Solaris GSSAPI crash reported by
Magnus Abrante; suggestion and feedback dtucker@
NB. this change will require that the privilege separation user must
exist on all the time, not just when UsePrivilegeSeparation=yes
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -73,6 +73,7 @@ | |||
73 | extern ServerOptions options; | 73 | extern ServerOptions options; |
74 | extern int use_privsep; | 74 | extern int use_privsep; |
75 | extern Buffer loginmsg; | 75 | extern Buffer loginmsg; |
76 | extern struct passwd *privsep_pw; | ||
76 | 77 | ||
77 | /* Debugging messages */ | 78 | /* Debugging messages */ |
78 | Buffer auth_debug; | 79 | Buffer auth_debug; |
@@ -570,6 +571,8 @@ fakepw(void) | |||
570 | fake.pw_gecos = "NOUSER"; | 571 | fake.pw_gecos = "NOUSER"; |
571 | fake.pw_uid = (uid_t)-1; | 572 | fake.pw_uid = (uid_t)-1; |
572 | fake.pw_gid = (gid_t)-1; | 573 | fake.pw_gid = (gid_t)-1; |
574 | fake.pw_uid = privsep_pw->pw_uid; | ||
575 | fake.pw_gid = privsep_pw->pw_gid; | ||
573 | #ifdef HAVE_PW_CLASS_IN_PASSWD | 576 | #ifdef HAVE_PW_CLASS_IN_PASSWD |
574 | fake.pw_class = ""; | 577 | fake.pw_class = ""; |
575 | #endif | 578 | #endif |