- (dtucker) [session.c] Bug #1567: move setpcred call to before chroot and

   do not set real uid, since that's needed for the chroot, and will be set
   by permanently_set_uid.

1 files changed, 18 insertions, 4 deletions

diff --git a/session.c b/session.c
index fd7acbe03..8f978faa6 100644
--- a/session.c
+++ b/session.c
@@ -1530,6 +1530,24 @@ do_setusercontext(struct passwd *pw)
                 }
 # endif /* USE_LIBIAF */
 #endif
+#ifdef HAVE_SETPCRED
+                /*
+                 * If we have a chroot directory, we set all creds except real
+                 * uid which we will need for chroot.  If we don't have a
+                 * chroot directory, we don't override anything.
+                 */
+                {
+                        char **creds, *chroot_creds[] =
+                            { "REAL_USER=root", NULL };
+
+                        if (options.chroot_directory != NULL &&
+                            strcasecmp(options.chroot_directory, "none") != 0)
+                                creds = chroot_creds;
+
+                        if (setpcred(pw->pw_name, creds) == -1)
+                                fatal("Failed to set process credentials");
+                }
+#endif /* HAVE_SETPCRED */
 
                 if (options.chroot_directory != NULL &&
                     strcasecmp(options.chroot_directory, "none") != 0) {
@@ -1542,10 +1560,6 @@ do_setusercontext(struct passwd *pw)
                         free(chroot_path);
                 }
 
-#ifdef HAVE_SETPCRED
-                if (setpcred(pw->pw_name, (char **)NULL) == -1)
-                        fatal("Failed to set process credentials");
-#endif /* HAVE_SETPCRED */
 #ifdef HAVE_LOGIN_CAP
                 if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
                         perror("unable to set user context (setuser)");