diff options
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | platform.c | 16 | ||||
| -rw-r--r-- | session.c | 5 |
3 files changed, 17 insertions, 6 deletions
| @@ -31,6 +31,8 @@ | |||
| 31 | - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. | 31 | - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. |
| 32 | - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to | 32 | - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to |
| 33 | retain previous behavior. | 33 | retain previous behavior. |
| 34 | - (dtucker) [platform.c session.c] Move the PAM credential establishment for | ||
| 35 | the LOGIN_CAP case into platform.c. | ||
| 34 | 36 | ||
| 35 | 20101025 | 37 | 20101025 |
| 36 | - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with | 38 | - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with |
diff --git a/platform.c b/platform.c index 570f130ae..0335eaae6 100644 --- a/platform.c +++ b/platform.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $Id: platform.c,v 1.8 2010/11/05 01:50:41 dtucker Exp $ */ | 1 | /* $Id: platform.c,v 1.9 2010/11/05 02:00:05 dtucker Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2006 Darren Tucker. All rights reserved. | 4 | * Copyright (c) 2006 Darren Tucker. All rights reserved. |
| @@ -21,6 +21,8 @@ | |||
| 21 | 21 | ||
| 22 | #include "openbsd-compat/openbsd-compat.h" | 22 | #include "openbsd-compat/openbsd-compat.h" |
| 23 | 23 | ||
| 24 | extern int use_privsep; | ||
| 25 | |||
| 24 | void | 26 | void |
| 25 | platform_pre_listen(void) | 27 | platform_pre_listen(void) |
| 26 | { | 28 | { |
| @@ -79,6 +81,18 @@ platform_setusercontext(struct passwd *pw) | |||
| 79 | if (getuid() == 0 || geteuid() == 0) | 81 | if (getuid() == 0 || geteuid() == 0) |
| 80 | setpgid(0, 0); | 82 | setpgid(0, 0); |
| 81 | # endif | 83 | # endif |
| 84 | |||
| 85 | #if defined(HAVE_LOGIN_CAP) && defined(USE_PAM) | ||
| 86 | /* | ||
| 87 | * If we have both LOGIN_CAP and PAM, we want to establish creds | ||
| 88 | * before calling setusercontext (in session.c:do_setusercontext). | ||
| 89 | */ | ||
| 90 | if (getuid() == 0 || geteuid() == 0) { | ||
| 91 | if (options.use_pam) { | ||
| 92 | do_pam_setcred(use_privsep); | ||
| 93 | } | ||
| 94 | } | ||
| 95 | # endif /* USE_PAM */ | ||
| 82 | } | 96 | } |
| 83 | 97 | ||
| 84 | /* | 98 | /* |
| @@ -1476,11 +1476,6 @@ do_setusercontext(struct passwd *pw) | |||
| 1476 | #endif /* HAVE_CYGWIN */ | 1476 | #endif /* HAVE_CYGWIN */ |
| 1477 | { | 1477 | { |
| 1478 | #ifdef HAVE_LOGIN_CAP | 1478 | #ifdef HAVE_LOGIN_CAP |
| 1479 | # ifdef USE_PAM | ||
| 1480 | if (options.use_pam) { | ||
| 1481 | do_pam_setcred(use_privsep); | ||
| 1482 | } | ||
| 1483 | # endif /* USE_PAM */ | ||
| 1484 | if (setusercontext(lc, pw, pw->pw_uid, | 1479 | if (setusercontext(lc, pw, pw->pw_uid, |
| 1485 | (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) { | 1480 | (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) { |
| 1486 | perror("unable to set user context"); | 1481 | perror("unable to set user context"); |