upstream commit
skip "Could not chdir to home directory" message when chrooted patch from Christian Hesse in bz#2485 ok dtucker@ Upstream-ID: 86783c1953da426dff5b03b03ce46e699d9e5431
This commit is contained in:
parent
a820a8618e
commit
44fc7cd7dc
30
session.c
30
session.c
|
@ -160,6 +160,7 @@ login_cap_t *lc;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static int is_child = 0;
|
static int is_child = 0;
|
||||||
|
static int in_chroot = 0;
|
||||||
|
|
||||||
/* Name and directory of socket for authentication agent forwarding. */
|
/* Name and directory of socket for authentication agent forwarding. */
|
||||||
static char *auth_sock_name = NULL;
|
static char *auth_sock_name = NULL;
|
||||||
|
@ -1490,9 +1491,6 @@ void
|
||||||
do_setusercontext(struct passwd *pw)
|
do_setusercontext(struct passwd *pw)
|
||||||
{
|
{
|
||||||
char *chroot_path, *tmp;
|
char *chroot_path, *tmp;
|
||||||
#ifdef USE_LIBIAF
|
|
||||||
int doing_chroot = 0;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
platform_setusercontext(pw);
|
platform_setusercontext(pw);
|
||||||
|
|
||||||
|
@ -1520,7 +1518,7 @@ do_setusercontext(struct passwd *pw)
|
||||||
|
|
||||||
platform_setusercontext_post_groups(pw);
|
platform_setusercontext_post_groups(pw);
|
||||||
|
|
||||||
if (options.chroot_directory != NULL &&
|
if (!in_chroot && options.chroot_directory != NULL &&
|
||||||
strcasecmp(options.chroot_directory, "none") != 0) {
|
strcasecmp(options.chroot_directory, "none") != 0) {
|
||||||
tmp = tilde_expand_filename(options.chroot_directory,
|
tmp = tilde_expand_filename(options.chroot_directory,
|
||||||
pw->pw_uid);
|
pw->pw_uid);
|
||||||
|
@ -1532,9 +1530,7 @@ do_setusercontext(struct passwd *pw)
|
||||||
/* Make sure we don't attempt to chroot again */
|
/* Make sure we don't attempt to chroot again */
|
||||||
free(options.chroot_directory);
|
free(options.chroot_directory);
|
||||||
options.chroot_directory = NULL;
|
options.chroot_directory = NULL;
|
||||||
#ifdef USE_LIBIAF
|
in_chroot = 1;
|
||||||
doing_chroot = 1;
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef HAVE_LOGIN_CAP
|
#ifdef HAVE_LOGIN_CAP
|
||||||
|
@ -1549,16 +1545,16 @@ do_setusercontext(struct passwd *pw)
|
||||||
(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);
|
(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);
|
||||||
#else
|
#else
|
||||||
# ifdef USE_LIBIAF
|
# ifdef USE_LIBIAF
|
||||||
/* In a chroot environment, the set_id() will always fail; typically
|
/*
|
||||||
* because of the lack of necessary authentication services and runtime
|
* In a chroot environment, the set_id() will always fail;
|
||||||
* such as ./usr/lib/libiaf.so, ./usr/lib/libpam.so.1, and ./etc/passwd
|
* typically because of the lack of necessary authentication
|
||||||
* We skip it in the internal sftp chroot case.
|
* services and runtime such as ./usr/lib/libiaf.so,
|
||||||
* We'll lose auditing and ACLs but permanently_set_uid will
|
* ./usr/lib/libpam.so.1, and ./etc/passwd We skip it in the
|
||||||
* take care of the rest.
|
* internal sftp chroot case. We'll lose auditing and ACLs but
|
||||||
|
* permanently_set_uid will take care of the rest.
|
||||||
*/
|
*/
|
||||||
if ((doing_chroot == 0) && set_id(pw->pw_name) != 0) {
|
if (!in_chroot && set_id(pw->pw_name) != 0)
|
||||||
fatal("set_id(%s) Failed", pw->pw_name);
|
fatal("set_id(%s) Failed", pw->pw_name);
|
||||||
}
|
|
||||||
# endif /* USE_LIBIAF */
|
# endif /* USE_LIBIAF */
|
||||||
/* Permanently switch to the desired uid. */
|
/* Permanently switch to the desired uid. */
|
||||||
permanently_set_uid(pw);
|
permanently_set_uid(pw);
|
||||||
|
@ -1790,11 +1786,11 @@ do_child(Session *s, const char *command)
|
||||||
#ifdef HAVE_LOGIN_CAP
|
#ifdef HAVE_LOGIN_CAP
|
||||||
r = login_getcapbool(lc, "requirehome", 0);
|
r = login_getcapbool(lc, "requirehome", 0);
|
||||||
#endif
|
#endif
|
||||||
if (r || options.chroot_directory == NULL ||
|
if (r || !in_chroot) {
|
||||||
strcasecmp(options.chroot_directory, "none") == 0)
|
|
||||||
fprintf(stderr, "Could not chdir to home "
|
fprintf(stderr, "Could not chdir to home "
|
||||||
"directory %s: %s\n", pw->pw_dir,
|
"directory %s: %s\n", pw->pw_dir,
|
||||||
strerror(errno));
|
strerror(errno));
|
||||||
|
}
|
||||||
if (r)
|
if (r)
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue