- (tim) [platform.c session.c] Fix bug affecting SVR5 platforms introduced

   with sftp chroot support. Move set_id call after chroot.

3 files changed, 8 insertions, 7 deletions

diff --git a/ChangeLog b/ChangeLog
index 9ebe5a63..5c26fa9f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,8 @@
    -ftrapv (it seems to work but fails when trying to link ssh).  ok djm@
  - (dtucker) [aclocal.m4] Differentiate between compile-time and link-time
    tests in the configure output.  ok djm.
+ - (tim) [platform.c session.c] Fix bug affecting SVR5 platforms introduced
+   with sftp chroot support. Move set_id call after chroot.
 
 20140120
  - (dtucker) [gss-serv-krb5.c] Fall back to krb5_cc_gen_new if the Kerberos
diff --git a/platform.c b/platform.c
index 6d896c22..30fc6090 100644
--- a/platform.c
+++ b/platform.c
@@ -1,4 +1,4 @@
-/* $Id: platform.c,v 1.20 2013/09/22 09:02:40 dtucker Exp $ */
+/* $Id: platform.c,v 1.21 2014/01/21 01:59:29 tim Exp $ */
 
 /*
  * Copyright (c) 2006 Darren Tucker.  All rights reserved.
@@ -164,12 +164,6 @@ platform_setusercontext_post_groups(struct passwd *pw)
 	aix_usrinfo(pw);
 #endif /* _AIX */
 
-#if !defined(HAVE_LOGIN_CAP) && defined(USE_LIBIAF)
-	if (set_id(pw->pw_name) != 0) {
-		exit(1);
-	}
-# endif /* USE_LIBIAF */
-
 #ifdef HAVE_SETPCRED
 	/*
 	 * If we have a chroot directory, we set all creds except real
diff --git a/session.c b/session.c
index 924c11bc..6be16ca8 100644
--- a/session.c
+++ b/session.c
@@ -1552,6 +1552,11 @@ do_setusercontext(struct passwd *pw)
 		 */
 		(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);
 #else
+# ifdef USE_LIBIAF
+	if (set_id(pw->pw_name) != 0) {
+		exit(1);
+	}
+# endif /* USE_LIBIAF */
 		/* Permanently switch to the desired uid. */
 		permanently_set_uid(pw);
 #endif