diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-22 03:11:49 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-22 03:11:49 +0000 |
commit | c7431341911e911993776c357ca57d1fb7ed1b23 (patch) | |
tree | 3e7fec3c3985b8f7584b4a03ce7df035d361c442 /servconf.c | |
parent | f34e4eb6c730fa38640aeef5f6801035caaba460 (diff) |
- stevesk@cvs.openbsd.org 2002/03/20 19:12:25
[servconf.c servconf.h ssh.h sshd.c]
for unprivileged user, group do:
pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 21 |
1 files changed, 2 insertions, 19 deletions
diff --git a/servconf.c b/servconf.c index 085854908..8e6ee5bb3 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: servconf.c,v 1.104 2002/03/19 03:03:43 stevesk Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.105 2002/03/20 19:12:24 stevesk Exp $"); |
14 | 14 | ||
15 | #if defined(KRB4) || defined(KRB5) | 15 | #if defined(KRB4) || defined(KRB5) |
16 | #include <krb.h> | 16 | #include <krb.h> |
@@ -113,9 +113,6 @@ initialize_server_options(ServerOptions *options) | |||
113 | options->authorized_keys_file = NULL; | 113 | options->authorized_keys_file = NULL; |
114 | options->authorized_keys_file2 = NULL; | 114 | options->authorized_keys_file2 = NULL; |
115 | 115 | ||
116 | options->unprivileged_user = -1; | ||
117 | options->unprivileged_group = -1; | ||
118 | |||
119 | /* Needs to be accessable in many places */ | 116 | /* Needs to be accessable in many places */ |
120 | use_privsep = -1; | 117 | use_privsep = -1; |
121 | } | 118 | } |
@@ -247,10 +244,6 @@ fill_default_server_options(ServerOptions *options) | |||
247 | /* Turn privilege separation _off_ by default */ | 244 | /* Turn privilege separation _off_ by default */ |
248 | if (use_privsep == -1) | 245 | if (use_privsep == -1) |
249 | use_privsep = 0; | 246 | use_privsep = 0; |
250 | if (options->unprivileged_user == -1) | ||
251 | options->unprivileged_user = 32767; | ||
252 | if (options->unprivileged_group == -1) | ||
253 | options->unprivileged_group = 32767; | ||
254 | } | 247 | } |
255 | 248 | ||
256 | /* Keyword tokens. */ | 249 | /* Keyword tokens. */ |
@@ -283,7 +276,7 @@ typedef enum { | |||
283 | sBanner, sVerifyReverseMapping, sHostbasedAuthentication, | 276 | sBanner, sVerifyReverseMapping, sHostbasedAuthentication, |
284 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 277 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
285 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, | 278 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
286 | sUsePrivilegeSeparation, sUnprivUser, sUnprivGroup, | 279 | sUsePrivilegeSeparation, |
287 | sDeprecated | 280 | sDeprecated |
288 | } ServerOpCodes; | 281 | } ServerOpCodes; |
289 | 282 | ||
@@ -360,8 +353,6 @@ static struct { | |||
360 | { "authorizedkeysfile", sAuthorizedKeysFile }, | 353 | { "authorizedkeysfile", sAuthorizedKeysFile }, |
361 | { "authorizedkeysfile2", sAuthorizedKeysFile2 }, | 354 | { "authorizedkeysfile2", sAuthorizedKeysFile2 }, |
362 | { "useprivilegeseparation", sUsePrivilegeSeparation}, | 355 | { "useprivilegeseparation", sUsePrivilegeSeparation}, |
363 | { "unprivuser", sUnprivUser}, | ||
364 | { "unprivgroup", sUnprivGroup}, | ||
365 | { NULL, sBadOption } | 356 | { NULL, sBadOption } |
366 | }; | 357 | }; |
367 | 358 | ||
@@ -742,14 +733,6 @@ parse_flag: | |||
742 | intptr = &use_privsep; | 733 | intptr = &use_privsep; |
743 | goto parse_flag; | 734 | goto parse_flag; |
744 | 735 | ||
745 | case sUnprivUser: | ||
746 | intptr = &options->unprivileged_user; | ||
747 | goto parse_int; | ||
748 | |||
749 | case sUnprivGroup: | ||
750 | intptr = &options->unprivileged_group; | ||
751 | goto parse_int; | ||
752 | |||
753 | case sAllowUsers: | 736 | case sAllowUsers: |
754 | while ((arg = strdelim(&cp)) && *arg != '\0') { | 737 | while ((arg = strdelim(&cp)) && *arg != '\0') { |
755 | if (options->num_allow_users >= MAX_ALLOW_USERS) | 738 | if (options->num_allow_users >= MAX_ALLOW_USERS) |