From 9464ba6fb34bb42eb3501ec3c5143662e75674bf Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Mon, 20 Jan 2014 17:59:28 -0800 Subject: - (tim) [platform.c session.c] Fix bug affecting SVR5 platforms introduced with sftp chroot support. Move set_id call after chroot. --- ChangeLog | 2 ++ platform.c | 8 +------- session.c | 5 +++++ 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9ebe5a63..5c26fa9f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,8 @@ -ftrapv (it seems to work but fails when trying to link ssh). ok djm@ - (dtucker) [aclocal.m4] Differentiate between compile-time and link-time tests in the configure output. ok djm. + - (tim) [platform.c session.c] Fix bug affecting SVR5 platforms introduced + with sftp chroot support. Move set_id call after chroot. 20140120 - (dtucker) [gss-serv-krb5.c] Fall back to krb5_cc_gen_new if the Kerberos diff --git a/platform.c b/platform.c index 6d896c22..30fc6090 100644 --- a/platform.c +++ b/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.20 2013/09/22 09:02:40 dtucker Exp $ */ +/* $Id: platform.c,v 1.21 2014/01/21 01:59:29 tim Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -164,12 +164,6 @@ platform_setusercontext_post_groups(struct passwd *pw) aix_usrinfo(pw); #endif /* _AIX */ -#if !defined(HAVE_LOGIN_CAP) && defined(USE_LIBIAF) - if (set_id(pw->pw_name) != 0) { - exit(1); - } -# endif /* USE_LIBIAF */ - #ifdef HAVE_SETPCRED /* * If we have a chroot directory, we set all creds except real diff --git a/session.c b/session.c index 924c11bc..6be16ca8 100644 --- a/session.c +++ b/session.c @@ -1552,6 +1552,11 @@ do_setusercontext(struct passwd *pw) */ (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); #else +# ifdef USE_LIBIAF + if (set_id(pw->pw_name) != 0) { + exit(1); + } +# endif /* USE_LIBIAF */ /* Permanently switch to the desired uid. */ permanently_set_uid(pw); #endif -- cgit v1.2.3