- (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into

platform.c
author: Darren Tucker <dtucker@zip.com.au> 2010-11-05 12:41:13 +1100
committer: Darren Tucker <dtucker@zip.com.au> 2010-11-05 12:41:13 +1100
commit: 4db380701d15727e43600e41a567d36177e4226e (patch)
tree: a8848d805cfb763a6bd998557a316511cdc2c18e /platform.c
parent: 920612e45ae8183226e8841ff27cdc54a8287ba2 (diff)
1 files changed, 19 insertions, 1 deletions
diff --git a/platform.c b/platform.c
index 730e7b718..1604f8b59 100644
--- a/platform.c
+++ b/platform.c
@@ -1,4 +1,4 @@
-/* $Id: platform.c,v 1.5 2010/11/05 01:36:15 dtucker Exp $ */
+/* $Id: platform.c,v 1.6 2010/11/05 01:41:13 dtucker Exp $ */
 /*
 * Copyright (c) 2006 Darren Tucker.  All rights reserved.
@@ -83,6 +83,24 @@ platform_setusercontext(struct passwd *pw)
 void
 platform_setusercontext_post_groups(struct passwd *pw)
 {
+#ifdef HAVE_SETPCRED
+        /*
+         * If we have a chroot directory, we set all creds except real
+         * uid which we will need for chroot.  If we don't have a
+         * chroot directory, we don't override anything.
+         */
+        {
+                char **creds = NULL, *chroot_creds[] =
+                    { "REAL_USER=root", NULL };
+                if (options.chroot_directory != NULL &&
+                    strcasecmp(options.chroot_directory, "none") != 0)
+                        creds = chroot_creds;
+                if (setpcred(pw->pw_name, creds) == -1)
+                        fatal("Failed to set process credentials");
+        }
+#endif /* HAVE_SETPCRED */
 #ifdef WITH_SELINUX
        ssh_selinux_setup_exec_context(pw->pw_name);
 #endif
author	Darren Tucker <dtucker@zip.com.au>	2010-11-05 12:41:13 +1100
committer	Darren Tucker <dtucker@zip.com.au>	2010-11-05 12:41:13 +1100
commit	4db380701d15727e43600e41a567d36177e4226e (patch)
tree	a8848d805cfb763a6bd998557a316511cdc2c18e /platform.c
parent	920612e45ae8183226e8841ff27cdc54a8287ba2 (diff)

diff --git a/platform.c b/platform.c index 730e7b718..1604f8b59 100644 --- a/platform.c +++ b/platform.c
@@ -1,4 +1,4 @@
1	/* $Id: platform.c,v 1.5 2010/11/05 01:36:15 dtucker Exp $ */	1	/* $Id: platform.c,v 1.6 2010/11/05 01:41:13 dtucker Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2006 Darren Tucker. All rights reserved.	4	* Copyright (c) 2006 Darren Tucker. All rights reserved.
@@ -83,6 +83,24 @@ platform_setusercontext(struct passwd *pw)
83	void	83	void
84	platform_setusercontext_post_groups(struct passwd *pw)	84	platform_setusercontext_post_groups(struct passwd *pw)
85	{	85	{
		86	#ifdef HAVE_SETPCRED
		87	/*
		88	* If we have a chroot directory, we set all creds except real
		89	* uid which we will need for chroot. If we don't have a
		90	* chroot directory, we don't override anything.
		91	*/
		92	{
		93	char *creds = NULL, chroot_creds[] =
		94	{ "REAL_USER=root", NULL };
		95
		96	if (options.chroot_directory != NULL &&
		97	strcasecmp(options.chroot_directory, "none") != 0)
		98	creds = chroot_creds;
		99
		100	if (setpcred(pw->pw_name, creds) == -1)
		101	fatal("Failed to set process credentials");
		102	}
		103	#endif /* HAVE_SETPCRED */
86	#ifdef WITH_SELINUX	104	#ifdef WITH_SELINUX
87	ssh_selinux_setup_exec_context(pw->pw_name);	105	ssh_selinux_setup_exec_context(pw->pw_name);
88	#endif	106	#endif