Attachment 1807 Details for Bug 1567 – Updated AIX setpcred/chroot patch

[patch] Updated AIX setpcred/chroot patch

openssh-aix-sftp-chroot.patch (text/plain), 1.38 KB, created by Darren Tucker on 2010-03-07 12:54:37 AEDT

(hide)

Description:

Filename:

MIME Type:

Creator: Darren Tucker

Created: 2010-03-07 12:54:37 AEDT

Size: 1.38 KB

patch

obsolete

>Index: session.c
>===================================================================
>RCS file: /home/dtucker/openssh/cvs/openssh/session.c,v
>retrieving revision 1.390
>diff -u -p -r1.390 session.c
>--- session.c	12 Jan 2010 08:51:48 -0000	1.390
>+++ session.c	7 Mar 2010 01:46:50 -0000
>@@ -1530,6 +1530,24 @@ do_setusercontext(struct passwd *pw)
> 		}
> # endif /* USE_LIBIAF */
> #endif
>+#ifdef HAVE_SETPCRED
>+		/*
>+		 * If we have a chroot directory, we set all creds except real
>+		 * uid which we will need for chroot.  If we don't have a
>+		 * chroot directory, we don't override anything.
>+		 */
>+		{
>+			char **creds, *chroot_creds[] =
>+			    { "REAL_USER=root", NULL };
>+
>+			if (options.chroot_directory != NULL &&
>+			    strcasecmp(options.chroot_directory, "none") != 0)
>+				creds = chroot_creds;
>+
>+			if (setpcred(pw->pw_name, creds) == -1)
>+				fatal("Failed to set process credentials");
>+		}
>+#endif /* HAVE_SETPCRED */
> 
> 		if (options.chroot_directory != NULL &&
> 		    strcasecmp(options.chroot_directory, "none") != 0) {
>@@ -1542,10 +1560,6 @@ do_setusercontext(struct passwd *pw)
> 			free(chroot_path);
> 		}
> 
>-#ifdef HAVE_SETPCRED
>-		if (setpcred(pw->pw_name, (char **)NULL) == -1)
>-			fatal("Failed to set process credentials");
>-#endif /* HAVE_SETPCRED */
> #ifdef HAVE_LOGIN_CAP
> 		if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
> 			perror("unable to set user context (setuser)");

Actions: View | Diff

Attachments on bug 1567: 1661 | 1662 | 1669 | 1728 | 1729 | 1807