コード例 #1
0
ファイル: osfc2.c プロジェクト: appleorange1/bitrig
int
do_osfc2_magic(uid_t uid)
{
#ifdef HAVE_OSFC2
    struct es_passwd *epw;
    char *argv[2];

    /* fake */
    argv[0] = (char*)getprogname();
    argv[1] = NULL;
    set_auth_parameters(1, argv);

    epw = getespwuid(uid);
    if(epw == NULL) {
	syslog(LOG_AUTHPRIV|LOG_NOTICE,
	       "getespwuid failed for %d", uid);
	printf("Sorry.\n");
	return 1;
    }
    /* We don't check for auto-retired, foo-retired,
       bar-retired, or any other kind of retired accounts
       here; neither do we check for time-locked accounts, or
       any other kind of serious C2 mumbo-jumbo. We do,
       however, call setluid, since failing to do so is not
       very good (take my word for it). */

    if(!epw->uflg->fg_uid) {
	syslog(LOG_AUTHPRIV|LOG_NOTICE,
	       "attempted login by %s (has no uid)", epw->ufld->fd_name);
	printf("Sorry.\n");
	return 1;
    }
    setluid(epw->ufld->fd_uid);
    if(getluid() != epw->ufld->fd_uid) {
	syslog(LOG_AUTHPRIV|LOG_NOTICE,
	       "failed to set LUID for %s (%d)",
	       epw->ufld->fd_name, epw->ufld->fd_uid);
	printf("Sorry.\n");
	return 1;
    }
#endif /* HAVE_OSFC2 */
    return 0;
}
コード例 #2
0
ファイル: platform.c プロジェクト: yonglehou/Win32-OpenSSH
/*
 * This gets called before switching UIDs, and is called even when sshd is
 * not running as root.
 */
void
platform_setusercontext(struct passwd *pw)
{
#ifdef WITH_SELINUX
    /* Cache selinux status for later use */
    (void)ssh_selinux_enabled();
#endif

#ifdef USE_SOLARIS_PROJECTS
    /* if solaris projects were detected, set the default now */
    if (getuid() == 0 || geteuid() == 0)
        solaris_set_default_project(pw);
#endif

#if defined(HAVE_LOGIN_CAP) && defined (__bsdi__)
    if (getuid() == 0 || geteuid() == 0)
        setpgid(0, 0);
# endif

#if defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
    /*
     * If we have both LOGIN_CAP and PAM, we want to establish creds
     * before calling setusercontext (in session.c:do_setusercontext).
     */
    if (getuid() == 0 || geteuid() == 0) {
        if (options.use_pam) {
            do_pam_setcred(use_privsep);
        }
    }
# endif /* USE_PAM */

#if !defined(HAVE_LOGIN_CAP) && defined(HAVE_GETLUID) && defined(HAVE_SETLUID)
    if (getuid() == 0 || geteuid() == 0) {
        /* Sets login uid for accounting */
        if (getluid() == -1 && setluid(pw->pw_uid) == -1)
            error("setluid: %s", strerror(errno));
    }
#endif
}