diff options
Diffstat (limited to 'session.c')
-rw-r--r-- | session.c | 15 |
1 files changed, 14 insertions, 1 deletions
@@ -1505,6 +1505,9 @@ void | |||
1505 | do_setusercontext(struct passwd *pw) | 1505 | do_setusercontext(struct passwd *pw) |
1506 | { | 1506 | { |
1507 | char *chroot_path, *tmp; | 1507 | char *chroot_path, *tmp; |
1508 | #ifdef USE_LIBIAF | ||
1509 | int doing_chroot = 0; | ||
1510 | #endif | ||
1508 | 1511 | ||
1509 | platform_setusercontext(pw); | 1512 | platform_setusercontext(pw); |
1510 | 1513 | ||
@@ -1544,6 +1547,9 @@ do_setusercontext(struct passwd *pw) | |||
1544 | /* Make sure we don't attempt to chroot again */ | 1547 | /* Make sure we don't attempt to chroot again */ |
1545 | free(options.chroot_directory); | 1548 | free(options.chroot_directory); |
1546 | options.chroot_directory = NULL; | 1549 | options.chroot_directory = NULL; |
1550 | #ifdef USE_LIBIAF | ||
1551 | doing_chroot = 1; | ||
1552 | #endif | ||
1547 | } | 1553 | } |
1548 | 1554 | ||
1549 | #ifdef HAVE_LOGIN_CAP | 1555 | #ifdef HAVE_LOGIN_CAP |
@@ -1558,7 +1564,14 @@ do_setusercontext(struct passwd *pw) | |||
1558 | (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); | 1564 | (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); |
1559 | #else | 1565 | #else |
1560 | # ifdef USE_LIBIAF | 1566 | # ifdef USE_LIBIAF |
1561 | if (set_id(pw->pw_name) != 0) { | 1567 | /* In a chroot environment, the set_id() will always fail; typically |
1568 | * because of the lack of necessary authentication services and runtime | ||
1569 | * such as ./usr/lib/libiaf.so, ./usr/lib/libpam.so.1, and ./etc/passwd | ||
1570 | * We skip it in the internal sftp chroot case. | ||
1571 | * We'll lose auditing and ACLs but permanently_set_uid will | ||
1572 | * take care of the rest. | ||
1573 | */ | ||
1574 | if ((doing_chroot == 0) && set_id(pw->pw_name) != 0) { | ||
1562 | fatal("set_id(%s) Failed", pw->pw_name); | 1575 | fatal("set_id(%s) Failed", pw->pw_name); |
1563 | } | 1576 | } |
1564 | # endif /* USE_LIBIAF */ | 1577 | # endif /* USE_LIBIAF */ |