platform.c (204917) | platform.c (221420) |
---|---|
1/* $Id: platform.c,v 1.3 2009/12/20 23:49:22 dtucker Exp $ */ | 1/* $Id: platform.c,v 1.18 2011/01/11 06:02:25 djm Exp $ */ |
2 3/* 4 * Copyright (c) 2006 Darren Tucker. All rights reserved. 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 | 2 3/* 4 * Copyright (c) 2006 Darren Tucker. All rights reserved. 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 |
19#include "config.h" | 19#include "includes.h" 20 21#include <sys/types.h> 22 23#include <stdarg.h> 24#include <unistd.h> 25 26#include "log.h" 27#include "buffer.h" 28#include "servconf.h" 29#include "key.h" 30#include "hostfile.h" 31#include "auth.h" 32#include "auth-pam.h" |
20#include "platform.h" 21 22#include "openbsd-compat/openbsd-compat.h" 23 | 33#include "platform.h" 34 35#include "openbsd-compat/openbsd-compat.h" 36 |
37extern int use_privsep; 38extern ServerOptions options; 39 |
|
24void 25platform_pre_listen(void) 26{ 27#ifdef LINUX_OOM_ADJUST 28 /* Adjust out-of-memory killer so listening process is not killed */ 29 oom_adjust_setup(); 30#endif 31} --- 20 unchanged lines hidden (view full) --- 52#ifdef USE_SOLARIS_PROCESS_CONTRACTS 53 solaris_contract_post_fork_child(); 54#endif 55#ifdef LINUX_OOM_ADJUST 56 oom_adjust_restore(); 57#endif 58} 59 | 40void 41platform_pre_listen(void) 42{ 43#ifdef LINUX_OOM_ADJUST 44 /* Adjust out-of-memory killer so listening process is not killed */ 45 oom_adjust_setup(); 46#endif 47} --- 20 unchanged lines hidden (view full) --- 68#ifdef USE_SOLARIS_PROCESS_CONTRACTS 69 solaris_contract_post_fork_child(); 70#endif 71#ifdef LINUX_OOM_ADJUST 72 oom_adjust_restore(); 73#endif 74} 75 |
76/* return 1 if we are running with privilege to swap UIDs, 0 otherwise */ 77int 78platform_privileged_uidswap(void) 79{ 80#ifdef HAVE_CYGWIN 81 /* uid 0 is not special on Cygwin so always try */ 82 return 1; 83#else 84 return (getuid() == 0 || geteuid() == 0); 85#endif 86} 87 88/* 89 * This gets called before switching UIDs, and is called even when sshd is 90 * not running as root. 91 */ 92void 93platform_setusercontext(struct passwd *pw) 94{ 95#ifdef WITH_SELINUX 96 /* Cache selinux status for later use */ 97 (void)ssh_selinux_enabled(); 98#endif 99 100#ifdef USE_SOLARIS_PROJECTS 101 /* if solaris projects were detected, set the default now */ 102 if (getuid() == 0 || geteuid() == 0) 103 solaris_set_default_project(pw); 104#endif 105 106#if defined(HAVE_LOGIN_CAP) && defined (__bsdi__) 107 if (getuid() == 0 || geteuid() == 0) 108 setpgid(0, 0); 109# endif 110 111#if defined(HAVE_LOGIN_CAP) && defined(USE_PAM) 112 /* 113 * If we have both LOGIN_CAP and PAM, we want to establish creds 114 * before calling setusercontext (in session.c:do_setusercontext). 115 */ 116 if (getuid() == 0 || geteuid() == 0) { 117 if (options.use_pam) { 118 do_pam_setcred(use_privsep); 119 } 120 } 121# endif /* USE_PAM */ 122 123#if !defined(HAVE_LOGIN_CAP) && defined(HAVE_GETLUID) && defined(HAVE_SETLUID) 124 if (getuid() == 0 || geteuid() == 0) { 125 /* Sets login uid for accounting */ 126 if (getluid() == -1 && setluid(pw->pw_uid) == -1) 127 error("setluid: %s", strerror(errno)); 128 } 129#endif 130} 131 132/* 133 * This gets called after we've established the user's groups, and is only 134 * called if sshd is running as root. 135 */ 136void 137platform_setusercontext_post_groups(struct passwd *pw) 138{ 139#if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM) 140 /* 141 * PAM credentials may take the form of supplementary groups. 142 * These will have been wiped by the above initgroups() call. 143 * Reestablish them here. 144 */ 145 if (options.use_pam) { 146 do_pam_setcred(use_privsep); 147 } 148#endif /* USE_PAM */ 149 150#if !defined(HAVE_LOGIN_CAP) && (defined(WITH_IRIX_PROJECT) || \ 151 defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)) 152 irix_setusercontext(pw); 153#endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ 154 155#ifdef _AIX 156 aix_usrinfo(pw); 157#endif /* _AIX */ 158 159#if !defined(HAVE_LOGIN_CAP) && defined(USE_LIBIAF) 160 if (set_id(pw->pw_name) != 0) { 161 exit(1); 162 } 163# endif /* USE_LIBIAF */ 164 165#ifdef HAVE_SETPCRED 166 /* 167 * If we have a chroot directory, we set all creds except real 168 * uid which we will need for chroot. If we don't have a 169 * chroot directory, we don't override anything. 170 */ 171 { 172 char **creds = NULL, *chroot_creds[] = 173 { "REAL_USER=root", NULL }; 174 175 if (options.chroot_directory != NULL && 176 strcasecmp(options.chroot_directory, "none") != 0) 177 creds = chroot_creds; 178 179 if (setpcred(pw->pw_name, creds) == -1) 180 fatal("Failed to set process credentials"); 181 } 182#endif /* HAVE_SETPCRED */ 183#ifdef WITH_SELINUX 184 ssh_selinux_setup_exec_context(pw->pw_name); 185#endif 186} 187 |
|
60char * 61platform_krb5_get_principal_name(const char *pw_name) 62{ 63#ifdef USE_AIX_KRB_NAME 64 return aix_krb5_get_principal_name(pw_name); 65#else 66 return NULL; 67#endif 68} | 188char * 189platform_krb5_get_principal_name(const char *pw_name) 190{ 191#ifdef USE_AIX_KRB_NAME 192 return aix_krb5_get_principal_name(pw_name); 193#else 194 return NULL; 195#endif 196} |