- (dtucker) [session.c] Bug #1567: move setpcred call to before chroot and

do not set real uid, since that's needed for the chroot, and will be set
   by permanently_set_uid.

ChangeLog

@@ -2,6 +2,9 @@
  - (dtucker) [auth.c] Bug #1710: call setauthdb on AIX before getpwuid so that
    it gets the passwd struct from the LAM that knows about the user which is
    not necessarily the default.  Patch from Alexandre Letourneau.
+ - (dtucker) [session.c] Bug #1567: move setpcred call to before chroot and
+   do not set real uid, since that's needed for the chroot, and will be set
+   by permanently_set_uid.
 
 20100305
  - OpenBSD CVS Sync

session.c

@@ -1530,6 +1530,24 @@ do_setusercontext(struct passwd *pw)
 		}
 # endif /* USE_LIBIAF */
 #endif
+#ifdef HAVE_SETPCRED
+		/*
+		 * If we have a chroot directory, we set all creds except real
+		 * uid which we will need for chroot.  If we don't have a
+		 * chroot directory, we don't override anything.
+		 */
+		{
+			char **creds, *chroot_creds[] =
+			    { "REAL_USER=root", NULL };
+
+			if (options.chroot_directory != NULL &&
+			    strcasecmp(options.chroot_directory, "none") != 0)
+				creds = chroot_creds;
+
+			if (setpcred(pw->pw_name, creds) == -1)
+				fatal("Failed to set process credentials");
+		}
+#endif /* HAVE_SETPCRED */
 
 		if (options.chroot_directory != NULL &&
 		    strcasecmp(options.chroot_directory, "none") != 0) {
@@ -1542,10 +1560,6 @@ do_setusercontext(struct passwd *pw)
 			free(chroot_path);
 		}
 
-#ifdef HAVE_SETPCRED
-		if (setpcred(pw->pw_name, (char **)NULL) == -1)
-			fatal("Failed to set process credentials");
-#endif /* HAVE_SETPCRED */
 #ifdef HAVE_LOGIN_CAP
 		if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
 			perror("unable to set user context (setuser)");