From 6433df036e6cf37c5ac8fc69dcedc464e6424b16 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Thu, 7 Sep 2006 10:36:43 +1000
Subject:  - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it
 can    be used to drop privilege to; fixes Solaris GSSAPI crash reported by  
  Magnus Abrante; suggestion and feedback dtucker@    NB. this change will
 require that the privilege separation user must    exist on all the time, not
 just when UsePrivilegeSeparation=yes

---
 auth.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'auth.c')

diff --git a/auth.c b/auth.c
index 5da140b07..db2aa7bf9 100644
--- a/auth.c
+++ b/auth.c
@@ -73,6 +73,7 @@
 extern ServerOptions options;
 extern int use_privsep;
 extern Buffer loginmsg;
+extern struct passwd *privsep_pw;
 
 /* Debugging messages */
 Buffer auth_debug;
@@ -570,6 +571,8 @@ fakepw(void)
 	fake.pw_gecos = "NOUSER";
 	fake.pw_uid = (uid_t)-1;
 	fake.pw_gid = (gid_t)-1;
+	fake.pw_uid = privsep_pw->pw_uid;
+	fake.pw_gid = privsep_pw->pw_gid;
 #ifdef HAVE_PW_CLASS_IN_PASSWD
 	fake.pw_class = "";
 #endif
-- 
cgit v1.2.3