- (dtucker) [includes.h] Bug #1634: do not include system glob.h if we're not
using it since the type conflicts can cause problems on FreeBSD. Patch
from Jonathan Chen.
+ - (dtucker) [session.c openbsd-compat/port-aix.h] Bugs #1249 and #1567: move
+ the setpcred call on AIX to immediately before the permanently_set_uid().
+ Ensures that we still have privileges when we call chroot and
+ pam_open_sesson. Based on a patch from David Leonard.
20090817
- (dtucker) [configure.ac] Check for headers before libraries for openssl an
# include <sys/timers.h>
#endif
+/* for setpcred and friends */
+#ifdef HAVE_USERSEC_H
+# include <usersec.h>
+#endif
+
/*
* According to the setauthdb man page, AIX password registries must be 15
* chars or less plus terminating NUL.
if (getuid() == 0 || geteuid() == 0)
#endif /* HAVE_CYGWIN */
{
-
-#ifdef HAVE_SETPCRED
- if (setpcred(pw->pw_name, (char **)NULL) == -1)
- fatal("Failed to set process credentials");
-#endif /* HAVE_SETPCRED */
#ifdef HAVE_LOGIN_CAP
# ifdef __bsdi__
setpgid(0, 0);
free(chroot_path);
}
+#ifdef HAVE_SETPCRED
+ if (setpcred(pw->pw_name, (char **)NULL) == -1)
+ fatal("Failed to set process credentials");
+#endif /* HAVE_SETPCRED */
#ifdef HAVE_LOGIN_CAP
if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
perror("unable to set user context (setuser)");