diff options
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | platform.c | 18 | ||||
-rw-r--r-- | platform.h | 3 | ||||
-rw-r--r-- | session.c | 5 |
4 files changed, 22 insertions, 6 deletions
@@ -40,6 +40,8 @@ platform.c. - (dtucker) [platform.c session.c] Move PAM credential establishment for the non-LOGIN_CAP case into platform.c. + - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case + check into platform.c 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.13 2010/11/05 02:32:53 dtucker Exp $ */ +/* $Id: platform.c,v 1.14 2010/11/05 03:47:01 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -17,6 +17,10 @@ */ #include "config.h" + +#include <sys/types.h> +#include <unistd.h> + #include "platform.h" #include "openbsd-compat/openbsd-compat.h" @@ -59,6 +63,18 @@ platform_post_fork_child(void) #endif } +/* return 1 if we are running with privilege to swap UIDs, 0 otherwise */ +int +platform_privileged_uidswap(void) +{ +#ifdef HAVE_CYGWIN + /* uid 0 is not special on Cygwin so always try */ + return 1; +#else + return (getuid() == 0 || geteuid() == 0); +#endif +} + /* * This gets called before switching UIDs, and is called even when sshd is * not running as root. @@ -1,4 +1,4 @@ -/* $Id: platform.h,v 1.6 2010/11/05 01:36:15 dtucker Exp $ */ +/* $Id: platform.h,v 1.7 2010/11/05 03:47:01 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -24,6 +24,7 @@ void platform_pre_listen(void); void platform_pre_fork(void); void platform_post_fork_parent(pid_t child_pid); void platform_post_fork_child(void); +int platform_privileged_uidswap(void); void platform_setusercontext(struct passwd *); void platform_setusercontext_post_groups(struct passwd *); char *platform_get_krb5_client(const char *); @@ -1471,10 +1471,7 @@ do_setusercontext(struct passwd *pw) platform_setusercontext(pw); -#ifndef HAVE_CYGWIN - if (getuid() == 0 || geteuid() == 0) -#endif /* HAVE_CYGWIN */ - { + if (platform_privileged_uidswap()) { #ifdef HAVE_LOGIN_CAP if (setusercontext(lc, pw, pw->pw_uid, (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) { |