diff options
Diffstat (limited to 'session.c')
-rw-r--r-- | session.c | 22 |
1 files changed, 18 insertions, 4 deletions
@@ -1530,6 +1530,24 @@ do_setusercontext(struct passwd *pw) | |||
1530 | } | 1530 | } |
1531 | # endif /* USE_LIBIAF */ | 1531 | # endif /* USE_LIBIAF */ |
1532 | #endif | 1532 | #endif |
1533 | #ifdef HAVE_SETPCRED | ||
1534 | /* | ||
1535 | * If we have a chroot directory, we set all creds except real | ||
1536 | * uid which we will need for chroot. If we don't have a | ||
1537 | * chroot directory, we don't override anything. | ||
1538 | */ | ||
1539 | { | ||
1540 | char **creds, *chroot_creds[] = | ||
1541 | { "REAL_USER=root", NULL }; | ||
1542 | |||
1543 | if (options.chroot_directory != NULL && | ||
1544 | strcasecmp(options.chroot_directory, "none") != 0) | ||
1545 | creds = chroot_creds; | ||
1546 | |||
1547 | if (setpcred(pw->pw_name, creds) == -1) | ||
1548 | fatal("Failed to set process credentials"); | ||
1549 | } | ||
1550 | #endif /* HAVE_SETPCRED */ | ||
1533 | 1551 | ||
1534 | if (options.chroot_directory != NULL && | 1552 | if (options.chroot_directory != NULL && |
1535 | strcasecmp(options.chroot_directory, "none") != 0) { | 1553 | strcasecmp(options.chroot_directory, "none") != 0) { |
@@ -1542,10 +1560,6 @@ do_setusercontext(struct passwd *pw) | |||
1542 | free(chroot_path); | 1560 | free(chroot_path); |
1543 | } | 1561 | } |
1544 | 1562 | ||
1545 | #ifdef HAVE_SETPCRED | ||
1546 | if (setpcred(pw->pw_name, (char **)NULL) == -1) | ||
1547 | fatal("Failed to set process credentials"); | ||
1548 | #endif /* HAVE_SETPCRED */ | ||
1549 | #ifdef HAVE_LOGIN_CAP | 1563 | #ifdef HAVE_LOGIN_CAP |
1550 | if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) { | 1564 | if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) { |
1551 | perror("unable to set user context (setuser)"); | 1565 | perror("unable to set user context (setuser)"); |