summaryrefslogtreecommitdiff
path: root/session.c
diff options
context:
space:
mode:
Diffstat (limited to 'session.c')
-rw-r--r--session.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/session.c b/session.c
index c0b0a942e..11f2571e0 100644
--- a/session.c
+++ b/session.c
@@ -1505,6 +1505,9 @@ void
1505do_setusercontext(struct passwd *pw) 1505do_setusercontext(struct passwd *pw)
1506{ 1506{
1507 char *chroot_path, *tmp; 1507 char *chroot_path, *tmp;
1508#ifdef USE_LIBIAF
1509 int doing_chroot = 0;
1510#endif
1508 1511
1509 platform_setusercontext(pw); 1512 platform_setusercontext(pw);
1510 1513
@@ -1544,6 +1547,9 @@ do_setusercontext(struct passwd *pw)
1544 /* Make sure we don't attempt to chroot again */ 1547 /* Make sure we don't attempt to chroot again */
1545 free(options.chroot_directory); 1548 free(options.chroot_directory);
1546 options.chroot_directory = NULL; 1549 options.chroot_directory = NULL;
1550#ifdef USE_LIBIAF
1551 doing_chroot = 1;
1552#endif
1547 } 1553 }
1548 1554
1549#ifdef HAVE_LOGIN_CAP 1555#ifdef HAVE_LOGIN_CAP
@@ -1558,7 +1564,14 @@ do_setusercontext(struct passwd *pw)
1558 (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); 1564 (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);
1559#else 1565#else
1560# ifdef USE_LIBIAF 1566# ifdef USE_LIBIAF
1561 if (set_id(pw->pw_name) != 0) { 1567/* In a chroot environment, the set_id() will always fail; typically
1568 * because of the lack of necessary authentication services and runtime
1569 * such as ./usr/lib/libiaf.so, ./usr/lib/libpam.so.1, and ./etc/passwd
1570 * We skip it in the internal sftp chroot case.
1571 * We'll lose auditing and ACLs but permanently_set_uid will
1572 * take care of the rest.
1573 */
1574 if ((doing_chroot == 0) && set_id(pw->pw_name) != 0) {
1562 fatal("set_id(%s) Failed", pw->pw_name); 1575 fatal("set_id(%s) Failed", pw->pw_name);
1563 } 1576 }
1564# endif /* USE_LIBIAF */ 1577# endif /* USE_LIBIAF */