1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
$NetBSD: patch-av,v 1.2 2005/09/21 18:07:09 reed Exp $
--- sshd.c.orig 2005-07-26 06:54:56.000000000 -0500
+++ sshd.c
@@ -574,10 +574,15 @@
/* XXX not ready, too heavy after chroot */
do_setusercontext(pw);
#else
+#ifdef HAVE_INTERIX
+ if (setuser(pw->pw_name, NULL, SU_COMPLETE))
+ fatal("setuser: %.100s", strerror(errno));
+#else
gidset[0] = pw->pw_gid;
if (setgroups(1, gidset) < 0)
fatal("setgroups: %.100s", strerror(errno));
permanently_set_uid(pw);
+#endif /* HAVE_INTERIX */
#endif
}
@@ -617,7 +622,7 @@
close(pmonitor->m_sendfd);
/* Demote the child */
- if (getuid() == 0 || geteuid() == 0)
+ if (getuid() == ROOTUID || geteuid() == ROOTUID)
privsep_preauth_child();
setproctitle("%s", "[net]");
}
@@ -630,7 +635,7 @@
#ifdef DISABLE_FD_PASSING
if (1) {
#else
- if (authctxt->pw->pw_uid == 0 || options.use_login) {
+ if (authctxt->pw->pw_uid == ROOTUID || options.use_login) {
#endif
/* File descriptor passing is broken or root login */
monitor_apply_keystate(pmonitor);
@@ -911,7 +916,7 @@
av = saved_argv;
#endif
- if (geteuid() == 0 && setgroups(0, NULL) == -1)
+ if (geteuid() == ROOTUID && setgroups(0, NULL) == -1)
debug("setgroups(): %.200s", strerror(errno));
/* Initialize configuration options to their default values. */
@@ -1168,7 +1173,7 @@
(st.st_uid != getuid () ||
(st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
#else
- if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
+ if (st.st_uid != ROOTUID || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
#endif
fatal("%s must be owned by root and not group or "
"world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
|
