the setpcred call on AIX to immediately before the permanently_set_uid(). Ensures that we still have privileges when we call chroot and pam_open_sesson. Based on a patch from David Leonard.
This commit is contained in:
parent
2a5588daeb
commit
82edf23fff
|
@ -2,6 +2,10 @@
|
|||
- (dtucker) [includes.h] Bug #1634: do not include system glob.h if we're not
|
||||
using it since the type conflicts can cause problems on FreeBSD. Patch
|
||||
from Jonathan Chen.
|
||||
- (dtucker) [session.c openbsd-compat/port-aix.h] Bugs #1249 and #1567: move
|
||||
the setpcred call on AIX to immediately before the permanently_set_uid().
|
||||
Ensures that we still have privileges when we call chroot and
|
||||
pam_open_sesson. Based on a patch from David Leonard.
|
||||
|
||||
20090817
|
||||
- (dtucker) [configure.ac] Check for headers before libraries for openssl an
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: port-aix.h,v 1.30 2009/08/16 23:40:00 dtucker Exp $ */
|
||||
/* $Id: port-aix.h,v 1.31 2009/08/20 06:20:50 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
*
|
||||
|
@ -71,6 +71,11 @@ int passwdexpired(char *, char **);
|
|||
# include <sys/timers.h>
|
||||
#endif
|
||||
|
||||
/* for setpcred and friends */
|
||||
#ifdef HAVE_USERSEC_H
|
||||
# include <usersec.h>
|
||||
#endif
|
||||
|
||||
/*
|
||||
* According to the setauthdb man page, AIX password registries must be 15
|
||||
* chars or less plus terminating NUL.
|
||||
|
|
|
@ -1466,11 +1466,6 @@ do_setusercontext(struct passwd *pw)
|
|||
if (getuid() == 0 || geteuid() == 0)
|
||||
#endif /* HAVE_CYGWIN */
|
||||
{
|
||||
|
||||
#ifdef HAVE_SETPCRED
|
||||
if (setpcred(pw->pw_name, (char **)NULL) == -1)
|
||||
fatal("Failed to set process credentials");
|
||||
#endif /* HAVE_SETPCRED */
|
||||
#ifdef HAVE_LOGIN_CAP
|
||||
# ifdef __bsdi__
|
||||
setpgid(0, 0);
|
||||
|
@ -1538,6 +1533,10 @@ do_setusercontext(struct passwd *pw)
|
|||
free(chroot_path);
|
||||
}
|
||||
|
||||
#ifdef HAVE_SETPCRED
|
||||
if (setpcred(pw->pw_name, (char **)NULL) == -1)
|
||||
fatal("Failed to set process credentials");
|
||||
#endif /* HAVE_SETPCRED */
|
||||
#ifdef HAVE_LOGIN_CAP
|
||||
if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
|
||||
perror("unable to set user context (setuser)");
|
||||
|
|
Loading…
Reference in New Issue