- (dtucker) [platform.c session.c] Move the PAM credential establishment for
the LOGIN_CAP case into platform.c.
This commit is contained in:
parent
fd4d8aa2cb
commit
728d8371a1
|
@ -31,6 +31,8 @@
|
||||||
- (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c.
|
- (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c.
|
||||||
- (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to
|
- (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to
|
||||||
retain previous behavior.
|
retain previous behavior.
|
||||||
|
- (dtucker) [platform.c session.c] Move the PAM credential establishment for
|
||||||
|
the LOGIN_CAP case into platform.c.
|
||||||
|
|
||||||
20101025
|
20101025
|
||||||
- (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with
|
- (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with
|
||||||
|
|
16
platform.c
16
platform.c
|
@ -1,4 +1,4 @@
|
||||||
/* $Id: platform.c,v 1.8 2010/11/05 01:50:41 dtucker Exp $ */
|
/* $Id: platform.c,v 1.9 2010/11/05 02:00:05 dtucker Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2006 Darren Tucker. All rights reserved.
|
* Copyright (c) 2006 Darren Tucker. All rights reserved.
|
||||||
|
@ -21,6 +21,8 @@
|
||||||
|
|
||||||
#include "openbsd-compat/openbsd-compat.h"
|
#include "openbsd-compat/openbsd-compat.h"
|
||||||
|
|
||||||
|
extern int use_privsep;
|
||||||
|
|
||||||
void
|
void
|
||||||
platform_pre_listen(void)
|
platform_pre_listen(void)
|
||||||
{
|
{
|
||||||
|
@ -79,6 +81,18 @@ platform_setusercontext(struct passwd *pw)
|
||||||
if (getuid() == 0 || geteuid() == 0)
|
if (getuid() == 0 || geteuid() == 0)
|
||||||
setpgid(0, 0);
|
setpgid(0, 0);
|
||||||
# endif
|
# endif
|
||||||
|
|
||||||
|
#if defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
|
||||||
|
/*
|
||||||
|
* If we have both LOGIN_CAP and PAM, we want to establish creds
|
||||||
|
* before calling setusercontext (in session.c:do_setusercontext).
|
||||||
|
*/
|
||||||
|
if (getuid() == 0 || geteuid() == 0) {
|
||||||
|
if (options.use_pam) {
|
||||||
|
do_pam_setcred(use_privsep);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
# endif /* USE_PAM */
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -1476,11 +1476,6 @@ do_setusercontext(struct passwd *pw)
|
||||||
#endif /* HAVE_CYGWIN */
|
#endif /* HAVE_CYGWIN */
|
||||||
{
|
{
|
||||||
#ifdef HAVE_LOGIN_CAP
|
#ifdef HAVE_LOGIN_CAP
|
||||||
# ifdef USE_PAM
|
|
||||||
if (options.use_pam) {
|
|
||||||
do_pam_setcred(use_privsep);
|
|
||||||
}
|
|
||||||
# endif /* USE_PAM */
|
|
||||||
if (setusercontext(lc, pw, pw->pw_uid,
|
if (setusercontext(lc, pw, pw->pw_uid,
|
||||||
(LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
|
(LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
|
||||||
perror("unable to set user context");
|
perror("unable to set user context");
|
||||||
|
|
Loading…
Reference in New Issue