tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-31 01:35:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

- (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into

Browse Source 
platform.c
This commit is contained in:
Darren Tucker 2010-11-05 12:41:13 +11:00
parent 920612e45a
commit 4db380701d
3 changed files with 21 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -26,6 +26,8 @@
ok djm@ ok djm@
- (dtucker) [platform.c platform.h session.c] Add a platform hook to run - (dtucker) [platform.c platform.h session.c] Add a platform hook to run
after the user's groups are established and move the selinux calls into it. after the user's groups are established and move the selinux calls into it.
- (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
platform.c
20101025 20101025
- (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with

20
platform.c
View File

@ -1,4 +1,4 @@
/* $Id: platform.c,v 1.5 2010/11/05 01:36:15 dtucker Exp $ */ /* $Id: platform.c,v 1.6 2010/11/05 01:41:13 dtucker Exp $ */
/* /*
* Copyright (c) 2006 Darren Tucker. All rights reserved. * Copyright (c) 2006 Darren Tucker. All rights reserved.
@ -83,6 +83,24 @@ platform_setusercontext(struct passwd *pw)
void void
platform_setusercontext_post_groups(struct passwd *pw) platform_setusercontext_post_groups(struct passwd *pw)
{ {
#ifdef HAVE_SETPCRED
/*
* If we have a chroot directory, we set all creds except real
* uid which we will need for chroot. If we don't have a
* chroot directory, we don't override anything.
*/
{
char **creds = NULL, *chroot_creds[] =
{ "REAL_USER=root", NULL };
if (options.chroot_directory != NULL &&
strcasecmp(options.chroot_directory, "none") != 0)
creds = chroot_creds;
if (setpcred(pw->pw_name, creds) == -1)
fatal("Failed to set process credentials");
}
#endif /* HAVE_SETPCRED */
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
ssh_selinux_setup_exec_context(pw->pw_name); ssh_selinux_setup_exec_context(pw->pw_name);
#endif #endif

18
session.c
View File

@ -1530,24 +1530,6 @@ do_setusercontext(struct passwd *pw)
} }
# endif /* USE_LIBIAF */ # endif /* USE_LIBIAF */
#endif #endif
#ifdef HAVE_SETPCRED
/*
* If we have a chroot directory, we set all creds except real
* uid which we will need for chroot. If we don't have a
* chroot directory, we don't override anything.
*/
{
char **creds = NULL, *chroot_creds[] =
{ "REAL_USER=root", NULL };
if (options.chroot_directory != NULL &&
strcasecmp(options.chroot_directory, "none") != 0)
creds = chroot_creds;
if (setpcred(pw->pw_name, creds) == -1)
fatal("Failed to set process credentials");
}
#endif /* HAVE_SETPCRED */
platform_setusercontext_post_groups(pw); platform_setusercontext_post_groups(pw);