RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case 

check into platform.c
This commit is contained in:
Darren Tucker 2010-11-05 14:47:01 +11:00
parent cc12418e18
commit b12fe272a0
4 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -40,6 +40,8 @@
platform.c. platform.c.
- (dtucker) [platform.c session.c] Move PAM credential establishment for the - (dtucker) [platform.c session.c] Move PAM credential establishment for the
non-LOGIN_CAP case into platform.c. non-LOGIN_CAP case into platform.c.
- (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case
check into platform.c
20101025 20101025
- (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with

18
platform.c
View File

@ -1,4 +1,4 @@
/* $Id: platform.c,v 1.13 2010/11/05 02:32:53 dtucker Exp $ */ /* $Id: platform.c,v 1.14 2010/11/05 03:47:01 dtucker Exp $ */
/* /*
* Copyright (c) 2006 Darren Tucker. All rights reserved. * Copyright (c) 2006 Darren Tucker. All rights reserved.
@ -17,6 +17,10 @@
*/ */
#include "config.h" #include "config.h"
#include <sys/types.h>
#include <unistd.h>
#include "platform.h" #include "platform.h"
#include "openbsd-compat/openbsd-compat.h" #include "openbsd-compat/openbsd-compat.h"
@ -59,6 +63,18 @@ platform_post_fork_child(void)
#endif #endif
} }
/* return 1 if we are running with privilege to swap UIDs, 0 otherwise */
int
platform_privileged_uidswap(void)
{
#ifdef HAVE_CYGWIN
/* uid 0 is not special on Cygwin so always try */
return 1;
#else
return (getuid() == 0 || geteuid() == 0);
#endif
}
/* /*
* This gets called before switching UIDs, and is called even when sshd is * This gets called before switching UIDs, and is called even when sshd is
* not running as root. * not running as root.

3
platform.h
View File

@ -1,4 +1,4 @@
/* $Id: platform.h,v 1.6 2010/11/05 01:36:15 dtucker Exp $ */ /* $Id: platform.h,v 1.7 2010/11/05 03:47:01 dtucker Exp $ */
/* /*
* Copyright (c) 2006 Darren Tucker. All rights reserved. * Copyright (c) 2006 Darren Tucker. All rights reserved.
@ -24,6 +24,7 @@ void platform_pre_listen(void);
void platform_pre_fork(void); void platform_pre_fork(void);
void platform_post_fork_parent(pid_t child_pid); void platform_post_fork_parent(pid_t child_pid);
void platform_post_fork_child(void); void platform_post_fork_child(void);
int platform_privileged_uidswap(void);
void platform_setusercontext(struct passwd *); void platform_setusercontext(struct passwd *);
void platform_setusercontext_post_groups(struct passwd *); void platform_setusercontext_post_groups(struct passwd *);
char *platform_get_krb5_client(const char *); char *platform_get_krb5_client(const char *);

5
session.c
View File

@ -1471,10 +1471,7 @@ do_setusercontext(struct passwd *pw)
platform_setusercontext(pw); platform_setusercontext(pw);
#ifndef HAVE_CYGWIN if (platform_privileged_uidswap()) {
if (getuid() == 0 || geteuid() == 0)
#endif /* HAVE_CYGWIN */
{
#ifdef HAVE_LOGIN_CAP #ifdef HAVE_LOGIN_CAP
if (setusercontext(lc, pw, pw->pw_uid, if (setusercontext(lc, pw, pw->pw_uid,
(LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) { (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {