- (dtucker) [session.c] Bug #1567: move setpcred call to before chroot and

do not set real uid, since that's needed for the chroot, and will be set by permanently_set_uid.
2010-03-07 13:21:12 +11:00 · 2010-03-07 13:21:12 +11:00 · c738e6c646
parent b3d20a3ff0
commit c738e6c646
2 changed files with 21 additions and 4 deletions
--- a/3
+++ b/3
@ -2,6 +2,9 @@
 - (dtucker) [auth.c] Bug #1710: call setauthdb on AIX before getpwuid so that
   it gets the passwd struct from the LAM that knows about the user which is
   not necessarily the default.  Patch from Alexandre Letourneau.
+ - (dtucker) [session.c] Bug #1567: move setpcred call to before chroot and
+   do not set real uid, since that's needed for the chroot, and will be set
+   by permanently_set_uid.

 20100305
 - OpenBSD CVS Sync
--- a/session.c
+++ b/session.c
@ -1530,6 +1530,24 @@ do_setusercontext(struct passwd *pw)
 		}
 # endif /* USE_LIBIAF */
 #endif
+#ifdef HAVE_SETPCRED
+		/*
+		 * If we have a chroot directory, we set all creds except real
+		 * uid which we will need for chroot.  If we don't have a
+		 * chroot directory, we don't override anything.
+		 */
+		{
+			char **creds, *chroot_creds[] =
+			    { "REAL_USER=root", NULL };
+
+			if (options.chroot_directory != NULL &&
+			    strcasecmp(options.chroot_directory, "none") != 0)
+				creds = chroot_creds;
+
+			if (setpcred(pw->pw_name, creds) == -1)
+				fatal("Failed to set process credentials");
+		}
+#endif /* HAVE_SETPCRED */

 		if (options.chroot_directory != NULL &&
 		    strcasecmp(options.chroot_directory, "none") != 0) {
@ -1542,10 +1560,6 @@ do_setusercontext(struct passwd *pw)
 			free(chroot_path);
 		}

-#ifdef HAVE_SETPCRED
-		if (setpcred(pw->pw_name, (char **)NULL) == -1)
-			fatal("Failed to set process credentials");
-#endif /* HAVE_SETPCRED */
 #ifdef HAVE_LOGIN_CAP
 		if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
 			perror("unable to set user context (setuser)");