1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
--- lib/sshsession/sshunixuser.c.orig Tue May 4 20:09:15 1999
+++ lib/sshsession/sshunixuser.c Fri Jun 18 16:18:08 1999
@@ -56,6 +56,10 @@
#define SSH_DEBUG_MODULE "SshUnixUser"
+#ifdef HAVE_LOGIN_CAP_H
+#include <login_cap.h>
+#endif /* HAVE_LOGIN_CAP_H */
+
extern char *crypt(const char *key, const char *salt);
/* Data type to hold machine-specific user data. */
@@ -776,6 +780,24 @@
/* Set uid, gid, and groups. */
if (getuid() == UID_ROOT || geteuid() == UID_ROOT)
{
+#ifdef HAVE_LOGIN_CAP_H
+ struct passwd *pwd;
+
+ pwd = getpwnam(ssh_user_name(uc));
+ if (!pwd)
+ {
+ ssh_debug("ssh_user_become: getpwnam: %s", strerror(errno));
+ return FALSE;
+ }
+ if (setusercontext(NULL, pwd, ssh_user_uid(uc),
+ LOGIN_SETALL & ~(LOGIN_SETLOGIN|LOGIN_SETPATH|LOGIN_SETENV)) != 0)
+ {
+ ssh_debug("ssh_user_become: setusercontext: %s", strerror(errno));
+ return FALSE;
+ }
+ endpwent();
+ endgrent();
+#else
if (setgid(ssh_user_gid(uc)) < 0)
{
SSH_DEBUG(2, ("ssh_user_become: setgid: %s", strerror(errno)));
@@ -830,6 +852,7 @@
return FALSE;
}
#endif /* HAVE_SIA */
+#endif /* HAVE_LOGIN_CAP_H */
}
/* We are now running with the user's privileges. */
|
