- (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can

be used to drop privilege to; fixes Solaris GSSAPI crash reported by Magnus Abrante; suggestion and feedback dtucker@ NB. this change will require that the privilege separation user must exist on all the time, not just when UsePrivilegeSeparation=yes
author: Damien Miller <djm@mindrot.org> 2006-09-07 10:36:43 +1000
committer: Damien Miller <djm@mindrot.org> 2006-09-07 10:36:43 +1000
commit: 6433df036e6cf37c5ac8fc69dcedc464e6424b16 (patch)
tree: 6524438f390452a9020cc76e253801c4c3ec8b02 /auth.c
parent: 6e1033318cc0bc82a45a18d97894bee7bd60e935 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/auth.c b/auth.c
index 5da140b0..db2aa7bf 100644
--- a/auth.c
+++ b/auth.c
@@ -73,6 +73,7 @@
 extern ServerOptions options;
 extern int use_privsep;
 extern Buffer loginmsg;
+extern struct passwd *privsep_pw;
 
 /* Debugging messages */
 Buffer auth_debug;
@@ -570,6 +571,8 @@ fakepw(void)
 	fake.pw_gecos = "NOUSER";
 	fake.pw_uid = (uid_t)-1;
 	fake.pw_gid = (gid_t)-1;
+	fake.pw_uid = privsep_pw->pw_uid;
+	fake.pw_gid = privsep_pw->pw_gid;
 #ifdef HAVE_PW_CLASS_IN_PASSWD
 	fake.pw_class = "";
 #endif
author	Damien Miller <djm@mindrot.org>	2006-09-07 10:36:43 +1000
committer	Damien Miller <djm@mindrot.org>	2006-09-07 10:36:43 +1000
commit	6433df036e6cf37c5ac8fc69dcedc464e6424b16 (patch)
tree	6524438f390452a9020cc76e253801c4c3ec8b02 /auth.c
parent	6e1033318cc0bc82a45a18d97894bee7bd60e935 (diff)