diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2010-11-05 12:41:13 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2010-11-05 12:41:13 +1100 |
| commit | 4db380701d15727e43600e41a567d36177e4226e (patch) | |
| tree | a8848d805cfb763a6bd998557a316511cdc2c18e /platform.c | |
| parent | 920612e45ae8183226e8841ff27cdc54a8287ba2 (diff) | |
| download | openssh-git-4db380701d15727e43600e41a567d36177e4226e.tar.gz | |
- (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
platform.c
Diffstat (limited to 'platform.c')
| -rw-r--r-- | platform.c | 20 |
1 files changed, 19 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.5 2010/11/05 01:36:15 dtucker Exp $ */ +/* $Id: platform.c,v 1.6 2010/11/05 01:41:13 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -83,6 +83,24 @@ platform_setusercontext(struct passwd *pw) void platform_setusercontext_post_groups(struct passwd *pw) { +#ifdef HAVE_SETPCRED + /* + * If we have a chroot directory, we set all creds except real + * uid which we will need for chroot. If we don't have a + * chroot directory, we don't override anything. + */ + { + char **creds = NULL, *chroot_creds[] = + { "REAL_USER=root", NULL }; + + if (options.chroot_directory != NULL && + strcasecmp(options.chroot_directory, "none") != 0) + creds = chroot_creds; + + if (setpcred(pw->pw_name, creds) == -1) + fatal("Failed to set process credentials"); + } +#endif /* HAVE_SETPCRED */ #ifdef WITH_SELINUX ssh_selinux_setup_exec_context(pw->pw_name); #endif |