From: Darren Tucker <dtucker@zip.com.au>
Date: Fri, 5 Nov 2010 01:41:13 +0000 (+1100)
Subject:  - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
X-Git-Tag: V_5_7_P1~108
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4db380701d15727e43600e41a567d36177e4226e;p=thirdparty%2Fopenssh-portable.git

 - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
   platform.c
---

diff --git a/ChangeLog b/ChangeLog
index d1a0cd0fd..cf6e00f6b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -26,6 +26,8 @@
    ok djm@
  - (dtucker) [platform.c platform.h session.c] Add a platform hook to run
    after the user's groups are established and move the selinux calls into it.
+ - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
+   platform.c
 
 20101025
  - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with
diff --git a/platform.c b/platform.c
index 730e7b718..1604f8b59 100644
--- a/platform.c
+++ b/platform.c
@@ -1,4 +1,4 @@
-/* $Id: platform.c,v 1.5 2010/11/05 01:36:15 dtucker Exp $ */
+/* $Id: platform.c,v 1.6 2010/11/05 01:41:13 dtucker Exp $ */
 
 /*
  * Copyright (c) 2006 Darren Tucker.  All rights reserved.
@@ -83,6 +83,24 @@ platform_setusercontext(struct passwd *pw)
 void
 platform_setusercontext_post_groups(struct passwd *pw)
 {
+#ifdef HAVE_SETPCRED
+	/*
+	 * If we have a chroot directory, we set all creds except real
+	 * uid which we will need for chroot.  If we don't have a
+	 * chroot directory, we don't override anything.
+	 */
+	{
+		char **creds = NULL, *chroot_creds[] =
+		    { "REAL_USER=root", NULL };
+
+		if (options.chroot_directory != NULL &&
+		    strcasecmp(options.chroot_directory, "none") != 0)
+			creds = chroot_creds;
+
+		if (setpcred(pw->pw_name, creds) == -1)
+			fatal("Failed to set process credentials");
+	}
+#endif /* HAVE_SETPCRED */
 #ifdef WITH_SELINUX
 	ssh_selinux_setup_exec_context(pw->pw_name);
 #endif
diff --git a/session.c b/session.c
index 7994dd60b..78e7c5f50 100644
--- a/session.c
+++ b/session.c
@@ -1530,24 +1530,6 @@ do_setusercontext(struct passwd *pw)
 		}
 # endif /* USE_LIBIAF */
 #endif
-#ifdef HAVE_SETPCRED
-		/*
-		 * If we have a chroot directory, we set all creds except real
-		 * uid which we will need for chroot.  If we don't have a
-		 * chroot directory, we don't override anything.
-		 */
-		{
-			char **creds = NULL, *chroot_creds[] =
-			    { "REAL_USER=root", NULL };
-
-			if (options.chroot_directory != NULL &&
-			    strcasecmp(options.chroot_directory, "none") != 0)
-				creds = chroot_creds;
-
-			if (setpcred(pw->pw_name, creds) == -1)
-				fatal("Failed to set process credentials");
-		}
-#endif /* HAVE_SETPCRED */
 
 		platform_setusercontext_post_groups(pw);