diff options
author | Darren Tucker <dtucker@zip.com.au> | 2009-08-20 16:20:50 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2009-08-20 16:20:50 +1000 |
commit | 82edf23fffc4accf7686da08367e9fd5b5baa487 (patch) | |
tree | 34ffab829333d3e6c583edb7e49956773fe9540b /session.c | |
parent | 2a5588daeb27c118a3a55a203a7be14978d96bf7 (diff) |
- (dtucker) [session.c openbsd-compat/port-aix.h] Bugs #1249 and #1567: move
the setpcred call on AIX to immediately before the permanently_set_uid().
Ensures that we still have privileges when we call chroot and
pam_open_sesson. Based on a patch from David Leonard.
Diffstat (limited to 'session.c')
-rw-r--r-- | session.c | 9 |
1 files changed, 4 insertions, 5 deletions
@@ -1466,11 +1466,6 @@ do_setusercontext(struct passwd *pw) | |||
1466 | if (getuid() == 0 || geteuid() == 0) | 1466 | if (getuid() == 0 || geteuid() == 0) |
1467 | #endif /* HAVE_CYGWIN */ | 1467 | #endif /* HAVE_CYGWIN */ |
1468 | { | 1468 | { |
1469 | |||
1470 | #ifdef HAVE_SETPCRED | ||
1471 | if (setpcred(pw->pw_name, (char **)NULL) == -1) | ||
1472 | fatal("Failed to set process credentials"); | ||
1473 | #endif /* HAVE_SETPCRED */ | ||
1474 | #ifdef HAVE_LOGIN_CAP | 1469 | #ifdef HAVE_LOGIN_CAP |
1475 | # ifdef __bsdi__ | 1470 | # ifdef __bsdi__ |
1476 | setpgid(0, 0); | 1471 | setpgid(0, 0); |
@@ -1538,6 +1533,10 @@ do_setusercontext(struct passwd *pw) | |||
1538 | free(chroot_path); | 1533 | free(chroot_path); |
1539 | } | 1534 | } |
1540 | 1535 | ||
1536 | #ifdef HAVE_SETPCRED | ||
1537 | if (setpcred(pw->pw_name, (char **)NULL) == -1) | ||
1538 | fatal("Failed to set process credentials"); | ||
1539 | #endif /* HAVE_SETPCRED */ | ||
1541 | #ifdef HAVE_LOGIN_CAP | 1540 | #ifdef HAVE_LOGIN_CAP |
1542 | if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) { | 1541 | if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) { |
1543 | perror("unable to set user context (setuser)"); | 1542 | perror("unable to set user context (setuser)"); |