- (dtucker) [platform.c session.c] Move the PAM credential establishment for

the LOGIN_CAP case into platform.c.
This commit is contained in:
Darren Tucker 2010-11-05 13:00:05 +11:00
parent fd4d8aa2cb
commit 728d8371a1
3 changed files with 17 additions and 6 deletions

View File

@ -31,6 +31,8 @@
- (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c.
- (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to
retain previous behavior. retain previous behavior.
- (dtucker) [platform.c session.c] Move the PAM credential establishment for
the LOGIN_CAP case into platform.c.
20101025 20101025
- (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with

View File

@ -1,4 +1,4 @@
/* $Id: platform.c,v 1.8 2010/11/05 01:50:41 dtucker Exp $ */ /* $Id: platform.c,v 1.9 2010/11/05 02:00:05 dtucker Exp $ */
/* /*
* Copyright (c) 2006 Darren Tucker. All rights reserved. * Copyright (c) 2006 Darren Tucker. All rights reserved.
@ -21,6 +21,8 @@
#include "openbsd-compat/openbsd-compat.h" #include "openbsd-compat/openbsd-compat.h"
extern int use_privsep;
void void
platform_pre_listen(void) platform_pre_listen(void)
{ {
@ -79,6 +81,18 @@ platform_setusercontext(struct passwd *pw)
if (getuid() == 0 || geteuid() == 0) if (getuid() == 0 || geteuid() == 0)
setpgid(0, 0); setpgid(0, 0);
# endif # endif
#if defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
/*
* If we have both LOGIN_CAP and PAM, we want to establish creds
* before calling setusercontext (in session.c:do_setusercontext).
*/
if (getuid() == 0 || geteuid() == 0) {
if (options.use_pam) {
do_pam_setcred(use_privsep);
}
}
# endif /* USE_PAM */
} }
/* /*

View File

@ -1476,11 +1476,6 @@ do_setusercontext(struct passwd *pw)
#endif /* HAVE_CYGWIN */ #endif /* HAVE_CYGWIN */
{ {
#ifdef HAVE_LOGIN_CAP #ifdef HAVE_LOGIN_CAP
# ifdef USE_PAM
if (options.use_pam) {
do_pam_setcred(use_privsep);
}
# endif /* USE_PAM */
if (setusercontext(lc, pw, pw->pw_uid, if (setusercontext(lc, pw, pw->pw_uid,
(LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) { (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
perror("unable to set user context"); perror("unable to set user context");