1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
$NetBSD: patch-av,v 1.3 2005/11/07 19:50:20 tv Exp $
--- sshd.c.orig 2005-07-26 07:54:56.000000000 -0400
+++ sshd.c
@@ -574,10 +574,15 @@ privsep_preauth_child(void)
/* XXX not ready, too heavy after chroot */
do_setusercontext(pw);
#else
+#ifdef HAVE_INTERIX
+ if (setuser(pw->pw_name, NULL, SU_COMPLETE))
+ fatal("setuser: %.100s", strerror(errno));
+#else
gidset[0] = pw->pw_gid;
if (setgroups(1, gidset) < 0)
fatal("setgroups: %.100s", strerror(errno));
permanently_set_uid(pw);
+#endif /* HAVE_INTERIX */
#endif
}
@@ -617,7 +622,7 @@ privsep_preauth(Authctxt *authctxt)
close(pmonitor->m_sendfd);
/* Demote the child */
- if (getuid() == 0 || geteuid() == 0)
+ if (getuid() == ROOTUID || geteuid() == ROOTUID)
privsep_preauth_child();
setproctitle("%s", "[net]");
}
@@ -630,7 +635,7 @@ privsep_postauth(Authctxt *authctxt)
#ifdef DISABLE_FD_PASSING
if (1) {
#else
- if (authctxt->pw->pw_uid == 0 || options.use_login) {
+ if (authctxt->pw->pw_uid == ROOTUID || options.use_login) {
#endif
/* File descriptor passing is broken or root login */
monitor_apply_keystate(pmonitor);
@@ -911,8 +916,10 @@ main(int ac, char **av)
av = saved_argv;
#endif
- if (geteuid() == 0 && setgroups(0, NULL) == -1)
+#ifndef HAVE_INTERIX
+ if (geteuid() == ROOTUID && setgroups(0, NULL) == -1)
debug("setgroups(): %.200s", strerror(errno));
+#endif
/* Initialize configuration options to their default values. */
initialize_server_options(&options);
@@ -1168,7 +1175,7 @@ main(int ac, char **av)
(st.st_uid != getuid () ||
(st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
#else
- if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
+ if (st.st_uid != ROOTUID || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
#endif
fatal("%s must be owned by root and not group or "
"world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
@@ -1185,8 +1192,10 @@ main(int ac, char **av)
* to create a file, and we can't control the code in every
* module which might be used).
*/
+#ifndef HAVE_INTERIX
if (setgroups(0, NULL) < 0)
debug("setgroups() failed: %.200s", strerror(errno));
+#endif
if (rexec_flag) {
rexec_argv = xmalloc(sizeof(char *) * (rexec_argc + 2));
|