- (dtucker) [session.c openbsd-compat/port-aix.h] Bugs #1249 and #1567: move

the setpcred call on AIX to immediately before the permanently_set_uid(). Ensures that we still have privileges when we call chroot and pam_open_sesson. Based on a patch from David Leonard.
author: Darren Tucker <dtucker@zip.com.au> 2009-08-20 16:20:50 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2009-08-20 16:20:50 +1000
commit: 82edf23fffc4accf7686da08367e9fd5b5baa487 (patch)
tree: 34ffab829333d3e6c583edb7e49956773fe9540b /session.c
parent: 2a5588daeb27c118a3a55a203a7be14978d96bf7 (diff)
1 files changed, 4 insertions, 5 deletions
diff --git a/session.c b/session.c
index cdbf88ab7..f4a363543 100644
--- a/session.c
+++ b/session.c
@@ -1466,11 +1466,6 @@ do_setusercontext(struct passwd *pw)
        if (getuid() == 0 || geteuid() == 0)
 #endif /* HAVE_CYGWIN */
        {
-#ifdef HAVE_SETPCRED
-                if (setpcred(pw->pw_name, (char **)NULL) == -1)
-                        fatal("Failed to set process credentials");
-#endif /* HAVE_SETPCRED */
 #ifdef HAVE_LOGIN_CAP
 # ifdef __bsdi__
                setpgid(0, 0);
@@ -1538,6 +1533,10 @@ do_setusercontext(struct passwd *pw)
                        free(chroot_path);
                }
+#ifdef HAVE_SETPCRED
+                if (setpcred(pw->pw_name, (char **)NULL) == -1)
+                        fatal("Failed to set process credentials");
+#endif /* HAVE_SETPCRED */
 #ifdef HAVE_LOGIN_CAP
                if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
                        perror("unable to set user context (setuser)");
author	Darren Tucker <dtucker@zip.com.au>	2009-08-20 16:20:50 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2009-08-20 16:20:50 +1000
commit	82edf23fffc4accf7686da08367e9fd5b5baa487 (patch)
tree	34ffab829333d3e6c583edb7e49956773fe9540b /session.c
parent	2a5588daeb27c118a3a55a203a7be14978d96bf7 (diff)