--- src/support/suexec.c.orig Wed Mar 5 18:50:29 2003
+++ src/support/suexec.c Fri Jul 18 18:09:56 2003
@@ -90,6 +90,9 @@
#include <sys/types.h>
#include <stdarg.h>
+#ifdef LOGIN_CAP
+#include <login_cap.h>
+#endif
#include "suexec.h"
@@ -322,6 +325,9 @@
#ifdef LOG_EXEC
fprintf(stderr, " -D LOG_EXEC=\"%s\"\n", LOG_EXEC);
#endif
+#ifdef LOGIN_CAP
+ fprintf(stderr, " -D LOGIN_CAP\n");
+#endif
#ifdef SAFE_PATH
fprintf(stderr, " -D SAFE_PATH=\"%s\"\n", SAFE_PATH);
#endif
@@ -480,7 +486,28 @@
/*
* Change UID/GID here so that the following tests work over NFS.
- *
+ */
+
+#ifdef LOGIN_CAP
+ /*
+ * Set user context (resources, priority and grouplist).
+ * If unsuccessful, error out.
+ */
+ if (setusercontext(NULL, pw, uid, LOGIN_SETRESOURCES | LOGIN_SETPRIORITY |
+ LOGIN_SETGROUP | LOGIN_SETLOGIN) == -1) {
+ log_err("emerg: failed to set user context (%ld: %s)\n", uid, cmd);
+ exit(108);
+ }
+
+ /*
+ * Set gid to the target group. If unsuccessful, error out.
+ */
+ if ((setgid(gid)) != 0) {
+ log_err("emerg: failed to setgid (%ld: %s)\n", gid, cmd);
+ exit(109);
+ }
+#else /* !LOGIN_CAP */
+ /*
* Initialize the group access list for the target user,
* and setgid() to the target group. If unsuccessful, error out.
*/
@@ -488,6 +515,7 @@
log_err("emerg: failed to setgid (%ld: %s)\n", gid, cmd);
exit(109);
}
+#endif /* LOGIN_CAP */
/*
* setuid() to the target user. Error out on fail.
