- (stevesk) --with-privsep-user; default sshd

ChangeLog

@@ -7,6 +7,7 @@
    monitor_mm.c
  - (stevesk) remove configure support for poll.h; it was removed
    from sshd.c a long time ago.
+ - (stevesk) --with-privsep-user; default sshd
 
 20020406
  - (djm) Typo in Suse SPEC file. Fix from Carsten Grohmann 
@@ -8197,4 +8198,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.2037 2002/04/07 18:12:03 stevesk Exp $
+$Id: ChangeLog,v 1.2038 2002/04/07 19:22:55 stevesk Exp $

acconfig.h

@@ -1,4 +1,4 @@
-/* $Id: acconfig.h,v 1.128 2002/04/07 16:18:04 stevesk Exp $ */
+/* $Id: acconfig.h,v 1.129 2002/04/07 19:22:54 stevesk Exp $ */
 
 #ifndef _CONFIG_H
 #define _CONFIG_H
@@ -100,6 +100,9 @@
 /* Builtin PRNG command timeout */
 #undef ENTROPY_TIMEOUT_MSEC
 
+/* non-privileged user for privilege separation */
+#undef SSH_PRIVSEP_USER
+
 /* Define if you want to install preformatted manpages.*/
 #undef MANTYPE
 

configure.ac

@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.38 2002/04/07 18:12:04 stevesk Exp $
+# $Id: configure.ac,v 1.39 2002/04/07 19:22:54 stevesk Exp $
 
 AC_INIT
 AC_CONFIG_SRCDIR([ssh.c])
@@ -993,9 +993,19 @@ AC_ARG_WITH(entropy-timeout,
 		fi
 	]	
 )
-
 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
 
+ssh_privsep_user=sshd
+AC_ARG_WITH(privsep-user,
+	[  --with-privsep-user     Specify non-privileged user for privilege separation],
+	[
+		if test -n "$withval"; then
+			ssh_privsep_user=$withval
+		fi
+	]	
+)
+AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, $ssh_privsep_user)
+
 # We do this little dance with the search path to insure
 # that programs that we select for use by installed programs
 # (which may be run by the super-user) come from trusted

ssh.h

@@ -104,7 +104,9 @@
  * sshd will change its pivileges to this user and its
  * primary group.
  */
+#ifndef SSH_PRIVSEP_USER
 #define SSH_PRIVSEP_USER		"nobody"
+#endif
 
 /* Minimum modulus size (n) for RSA keys. */
 #define SSH_RSA_MINIMUM_MODULUS_SIZE	768