diff options
Diffstat (limited to 'platform.c')
-rw-r--r-- | platform.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/platform.c b/platform.c index 730e7b718..1604f8b59 100644 --- a/platform.c +++ b/platform.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: platform.c,v 1.5 2010/11/05 01:36:15 dtucker Exp $ */ | 1 | /* $Id: platform.c,v 1.6 2010/11/05 01:41:13 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2006 Darren Tucker. All rights reserved. | 4 | * Copyright (c) 2006 Darren Tucker. All rights reserved. |
@@ -83,6 +83,24 @@ platform_setusercontext(struct passwd *pw) | |||
83 | void | 83 | void |
84 | platform_setusercontext_post_groups(struct passwd *pw) | 84 | platform_setusercontext_post_groups(struct passwd *pw) |
85 | { | 85 | { |
86 | #ifdef HAVE_SETPCRED | ||
87 | /* | ||
88 | * If we have a chroot directory, we set all creds except real | ||
89 | * uid which we will need for chroot. If we don't have a | ||
90 | * chroot directory, we don't override anything. | ||
91 | */ | ||
92 | { | ||
93 | char **creds = NULL, *chroot_creds[] = | ||
94 | { "REAL_USER=root", NULL }; | ||
95 | |||
96 | if (options.chroot_directory != NULL && | ||
97 | strcasecmp(options.chroot_directory, "none") != 0) | ||
98 | creds = chroot_creds; | ||
99 | |||
100 | if (setpcred(pw->pw_name, creds) == -1) | ||
101 | fatal("Failed to set process credentials"); | ||
102 | } | ||
103 | #endif /* HAVE_SETPCRED */ | ||
86 | #ifdef WITH_SELINUX | 104 | #ifdef WITH_SELINUX |
87 | ssh_selinux_setup_exec_context(pw->pw_name); | 105 | ssh_selinux_setup_exec_context(pw->pw_name); |
88 | #endif | 106 | #endif |