tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into 

platform.c
This commit is contained in:
Darren Tucker 2010-11-05 12:41:13 +11:00
parent 920612e45a
commit 4db380701d
3 changed files with 21 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -26,6 +26,8 @@
ok djm@
- (dtucker) [platform.c platform.h session.c] Add a platform hook to run
after the user's groups are established and move the selinux calls into it.
- (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
platform.c
20101025
- (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with

20
platform.c
View File

@ -1,4 +1,4 @@
/* $Id: platform.c,v 1.5 2010/11/05 01:36:15 dtucker Exp $ */
/* $Id: platform.c,v 1.6 2010/11/05 01:41:13 dtucker Exp $ */
/*
* Copyright (c) 2006 Darren Tucker. All rights reserved.
@ -83,6 +83,24 @@ platform_setusercontext(struct passwd *pw)
void
platform_setusercontext_post_groups(struct passwd *pw)
{
#ifdef HAVE_SETPCRED
/*
* If we have a chroot directory, we set all creds except real
* uid which we will need for chroot. If we don't have a
* chroot directory, we don't override anything.
*/
{
char **creds = NULL, *chroot_creds[] =
{ "REAL_USER=root", NULL };
if (options.chroot_directory != NULL &&
strcasecmp(options.chroot_directory, "none") != 0)
creds = chroot_creds;
if (setpcred(pw->pw_name, creds) == -1)
fatal("Failed to set process credentials");
}
#endif /* HAVE_SETPCRED */
#ifdef WITH_SELINUX
ssh_selinux_setup_exec_context(pw->pw_name);
#endif

18
session.c
View File

@ -1530,24 +1530,6 @@ do_setusercontext(struct passwd *pw)
}
# endif /* USE_LIBIAF */
#endif
#ifdef HAVE_SETPCRED
/*
* If we have a chroot directory, we set all creds except real
* uid which we will need for chroot. If we don't have a
* chroot directory, we don't override anything.
*/
{
char **creds = NULL, *chroot_creds[] =
{ "REAL_USER=root", NULL };
if (options.chroot_directory != NULL &&
strcasecmp(options.chroot_directory, "none") != 0)
creds = chroot_creds;
if (setpcred(pw->pw_name, creds) == -1)
fatal("Failed to set process credentials");
}
#endif /* HAVE_SETPCRED */
platform_setusercontext_post_groups(pw);