diff options
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | platform.c | 20 | ||||
| -rw-r--r-- | session.c | 18 |
3 files changed, 21 insertions, 19 deletions
| @@ -26,6 +26,8 @@ | |||
| 26 | ok djm@ | 26 | ok djm@ |
| 27 | - (dtucker) [platform.c platform.h session.c] Add a platform hook to run | 27 | - (dtucker) [platform.c platform.h session.c] Add a platform hook to run |
| 28 | after the user's groups are established and move the selinux calls into it. | 28 | after the user's groups are established and move the selinux calls into it. |
| 29 | - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into | ||
| 30 | platform.c | ||
| 29 | 31 | ||
| 30 | 20101025 | 32 | 20101025 |
| 31 | - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with | 33 | - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with |
diff --git a/platform.c b/platform.c index 730e7b718..1604f8b59 100644 --- a/platform.c +++ b/platform.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $Id: platform.c,v 1.5 2010/11/05 01:36:15 dtucker Exp $ */ | 1 | /* $Id: platform.c,v 1.6 2010/11/05 01:41:13 dtucker Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2006 Darren Tucker. All rights reserved. | 4 | * Copyright (c) 2006 Darren Tucker. All rights reserved. |
| @@ -83,6 +83,24 @@ platform_setusercontext(struct passwd *pw) | |||
| 83 | void | 83 | void |
| 84 | platform_setusercontext_post_groups(struct passwd *pw) | 84 | platform_setusercontext_post_groups(struct passwd *pw) |
| 85 | { | 85 | { |
| 86 | #ifdef HAVE_SETPCRED | ||
| 87 | /* | ||
| 88 | * If we have a chroot directory, we set all creds except real | ||
| 89 | * uid which we will need for chroot. If we don't have a | ||
| 90 | * chroot directory, we don't override anything. | ||
| 91 | */ | ||
| 92 | { | ||
| 93 | char **creds = NULL, *chroot_creds[] = | ||
| 94 | { "REAL_USER=root", NULL }; | ||
| 95 | |||
| 96 | if (options.chroot_directory != NULL && | ||
| 97 | strcasecmp(options.chroot_directory, "none") != 0) | ||
| 98 | creds = chroot_creds; | ||
| 99 | |||
| 100 | if (setpcred(pw->pw_name, creds) == -1) | ||
| 101 | fatal("Failed to set process credentials"); | ||
| 102 | } | ||
| 103 | #endif /* HAVE_SETPCRED */ | ||
| 86 | #ifdef WITH_SELINUX | 104 | #ifdef WITH_SELINUX |
| 87 | ssh_selinux_setup_exec_context(pw->pw_name); | 105 | ssh_selinux_setup_exec_context(pw->pw_name); |
| 88 | #endif | 106 | #endif |
| @@ -1530,24 +1530,6 @@ do_setusercontext(struct passwd *pw) | |||
| 1530 | } | 1530 | } |
| 1531 | # endif /* USE_LIBIAF */ | 1531 | # endif /* USE_LIBIAF */ |
| 1532 | #endif | 1532 | #endif |
| 1533 | #ifdef HAVE_SETPCRED | ||
| 1534 | /* | ||
| 1535 | * If we have a chroot directory, we set all creds except real | ||
| 1536 | * uid which we will need for chroot. If we don't have a | ||
| 1537 | * chroot directory, we don't override anything. | ||
| 1538 | */ | ||
| 1539 | { | ||
| 1540 | char **creds = NULL, *chroot_creds[] = | ||
| 1541 | { "REAL_USER=root", NULL }; | ||
| 1542 | |||
| 1543 | if (options.chroot_directory != NULL && | ||
| 1544 | strcasecmp(options.chroot_directory, "none") != 0) | ||
| 1545 | creds = chroot_creds; | ||
| 1546 | |||
| 1547 | if (setpcred(pw->pw_name, creds) == -1) | ||
| 1548 | fatal("Failed to set process credentials"); | ||
| 1549 | } | ||
| 1550 | #endif /* HAVE_SETPCRED */ | ||
| 1551 | 1533 | ||
| 1552 | platform_setusercontext_post_groups(pw); | 1534 | platform_setusercontext_post_groups(pw); |
| 1553 | 1535 | ||