+}
+
+
+/*
+ * The rc.* and /etc/sdaemon methods of starting a program on unicos/unicosmk
+ * can have pal privileges that sshd can inherit which
+ * could allow a user to su to root with out a password.
+ * This subroutine clears all privileges.
+ */
+void
+drop_cray_privs()
+{
+#if defined(_SC_CRAY_PRIV_SU)
+ priv_proc_t* privstate;
+ int result;
+ extern int priv_set_proc();
+ extern priv_proc_t* priv_init_proc();
+ struct usrv usrv;
+
+ /*
+ * If ether of theses two flags are not set
+ * then don't allow this version of ssh to run.
+ */
+ if (!sysconf(_SC_CRAY_PRIV_SU)) fatal("Not PRIV_SU system.");
+ if (!sysconf(_SC_CRAY_POSIX_PRIV)) fatal("Not POSIX_PRIV.");
+
+ debug ("Dropping privileges.");
+
+ memset(&usrv, 0, sizeof(usrv));
+ if (setusrv(&usrv) < 0)
+ fatal ("%s(%d): setusrv(): %s\n", __FILE__, __LINE__, strerror(errno));
+
+ if ((privstate = priv_init_proc()) != NULL) {
+ result = priv_set_proc(privstate);
+ if ( result != 0 ) fatal ("%s(%d): priv_set_proc(): %s\n",
+ __FILE__, __LINE__, strerror(errno));
+ priv_free_proc(privstate);
+ }
+ debug ("Privileges should be cleared...");
+#else
+Cray systems must be run with _SC_CRAY_PRIV_SU on!
+#endif