diff options
| author | Tim Rice <tim@multitalents.net> | 2014-06-19 01:17:28 +0200 |
|---|---|---|
| committer | Tim Rice <tim@multitalents.net> | 2014-06-19 01:17:28 +0200 |
| commit | a261b8df59117f7dc52abb3a34b35a40c2c9fa88 (patch) | |
| tree | 9b21dbe7e8c2bc51c1fe93f5dfe3264b294fa667 /session.c | |
| parent | - (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h} (diff) | |
| download | openssh-a261b8df59117f7dc52abb3a34b35a40c2c9fa88.tar.xz openssh-a261b8df59117f7dc52abb3a34b35a40c2c9fa88.zip | |
- (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare
Diffstat (limited to 'session.c')
| -rw-r--r-- | session.c | 15 |
1 files changed, 14 insertions, 1 deletions
@@ -1505,6 +1505,9 @@ void do_setusercontext(struct passwd *pw) { char *chroot_path, *tmp; +#ifdef USE_LIBIAF + int doing_chroot = 0; +#endif platform_setusercontext(pw); @@ -1544,6 +1547,9 @@ do_setusercontext(struct passwd *pw) /* Make sure we don't attempt to chroot again */ free(options.chroot_directory); options.chroot_directory = NULL; +#ifdef USE_LIBIAF + doing_chroot = 1; +#endif } #ifdef HAVE_LOGIN_CAP @@ -1558,7 +1564,14 @@ do_setusercontext(struct passwd *pw) (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); #else # ifdef USE_LIBIAF - if (set_id(pw->pw_name) != 0) { +/* In a chroot environment, the set_id() will always fail; typically + * because of the lack of necessary authentication services and runtime + * such as ./usr/lib/libiaf.so, ./usr/lib/libpam.so.1, and ./etc/passwd + * We skip it in the internal sftp chroot case. + * We'll lose auditing and ACLs but permanently_set_uid will + * take care of the rest. + */ + if ((doing_chroot == 0) && set_id(pw->pw_name) != 0) { fatal("set_id(%s) Failed", pw->pw_name); } # endif /* USE_LIBIAF */ |