- (dtucker) [session.c] Bug #1567: move setpcred call to before chroot and

   do not set real uid, since that's needed for the chroot, and will be set
   by permanently_set_uid.

2 files changed, 21 insertions, 4 deletions

diff --git a/ChangeLog b/ChangeLog
index 63beb948..e9cb557d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,9 @@
  - (dtucker) [auth.c] Bug #1710: call setauthdb on AIX before getpwuid so that
    it gets the passwd struct from the LAM that knows about the user which is
    not necessarily the default.  Patch from Alexandre Letourneau.
+ - (dtucker) [session.c] Bug #1567: move setpcred call to before chroot and
+   do not set real uid, since that's needed for the chroot, and will be set
+   by permanently_set_uid.
 
 20100305
  - OpenBSD CVS Sync
diff --git a/session.c b/session.c
index fd7acbe0..8f978faa 100644
--- a/session.c
+++ b/session.c
@@ -1530,6 +1530,24 @@ do_setusercontext(struct passwd *pw)
 		}
 # endif /* USE_LIBIAF */
 #endif
+#ifdef HAVE_SETPCRED
+		/*
+		 * If we have a chroot directory, we set all creds except real
+		 * uid which we will need for chroot.  If we don't have a
+		 * chroot directory, we don't override anything.
+		 */
+		{
+			char **creds, *chroot_creds[] =
+			    { "REAL_USER=root", NULL };
+
+			if (options.chroot_directory != NULL &&
+			    strcasecmp(options.chroot_directory, "none") != 0)
+				creds = chroot_creds;
+
+			if (setpcred(pw->pw_name, creds) == -1)
+				fatal("Failed to set process credentials");
+		}
+#endif /* HAVE_SETPCRED */
 
 		if (options.chroot_directory != NULL &&
 		    strcasecmp(options.chroot_directory, "none") != 0) {
@@ -1542,10 +1560,6 @@ do_setusercontext(struct passwd *pw)
 			free(chroot_path);
 		}
 
-#ifdef HAVE_SETPCRED
-		if (setpcred(pw->pw_name, (char **)NULL) == -1)
-			fatal("Failed to set process credentials");
-#endif /* HAVE_SETPCRED */
 #ifdef HAVE_LOGIN_CAP
 		if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
 			perror("unable to set user context (setuser)");