Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | #include "includes.h" | - |
18 | | - |
19 | #include <stdarg.h> | - |
20 | #include <unistd.h> | - |
21 | | - |
22 | #include "log.h" | - |
23 | #include "misc.h" | - |
24 | #include "servconf.h" | - |
25 | #include "sshkey.h" | - |
26 | #include "hostfile.h" | - |
27 | #include "auth.h" | - |
28 | #include "auth-pam.h" | - |
29 | #include "platform.h" | - |
30 | | - |
31 | #include "openbsd-compat/openbsd-compat.h" | - |
32 | | - |
33 | extern int use_privsep; | - |
34 | extern ServerOptions options; | - |
35 | | - |
36 | void | - |
37 | platform_pre_listen(void) | - |
38 | { | - |
39 | #ifdef LINUX_OOM_ADJUST | - |
40 | | - |
41 | oom_adjust_setup(); | - |
42 | #endif | - |
43 | } never executed: end of block | 0 |
44 | | - |
45 | void | - |
46 | platform_pre_fork(void) | - |
47 | { | - |
48 | #ifdef USE_SOLARIS_PROCESS_CONTRACTS | - |
49 | solaris_contract_pre_fork(); | - |
50 | #endif | - |
51 | } | - |
52 | | - |
53 | void | - |
54 | platform_pre_restart(void) | - |
55 | { | - |
56 | #ifdef LINUX_OOM_ADJUST | - |
57 | oom_adjust_restore(); | - |
58 | #endif | - |
59 | } never executed: end of block | 0 |
60 | | - |
61 | void | - |
62 | platform_post_fork_parent(pid_t child_pid) | - |
63 | { | - |
64 | #ifdef USE_SOLARIS_PROCESS_CONTRACTS | - |
65 | solaris_contract_post_fork_parent(child_pid); | - |
66 | #endif | - |
67 | } | - |
68 | | - |
69 | void | - |
70 | platform_post_fork_child(void) | - |
71 | { | - |
72 | #ifdef USE_SOLARIS_PROCESS_CONTRACTS | - |
73 | solaris_contract_post_fork_child(); | - |
74 | #endif | - |
75 | #ifdef LINUX_OOM_ADJUST | - |
76 | oom_adjust_restore(); | - |
77 | #endif | - |
78 | } never executed: end of block | 0 |
79 | | - |
80 | | - |
81 | int | - |
82 | platform_privileged_uidswap(void) | - |
83 | { | - |
84 | #ifdef HAVE_CYGWIN | - |
85 | | - |
86 | return 1; | - |
87 | #else | - |
88 | return (getuid() == 0 || geteuid() == 0); never executed: return (getuid() == 0 || geteuid() == 0); TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
89 | #endif | - |
90 | } | - |
91 | | - |
92 | | - |
93 | | - |
94 | | - |
95 | | - |
96 | void | - |
97 | platform_setusercontext(struct passwd *pw) | - |
98 | { | - |
99 | #ifdef WITH_SELINUX | - |
100 | | - |
101 | (void)ssh_selinux_enabled(); | - |
102 | #endif | - |
103 | | - |
104 | #ifdef USE_SOLARIS_PROJECTS | - |
105 | | - |
106 | | - |
107 | | - |
108 | | - |
109 | | - |
110 | if (!options.use_pam && (getuid() == 0 || geteuid() == 0)) | - |
111 | solaris_set_default_project(pw); | - |
112 | #endif | - |
113 | | - |
114 | #if defined(HAVE_LOGIN_CAP) && defined (__bsdi__) | - |
115 | if (getuid() == 0 || geteuid() == 0) | - |
116 | setpgid(0, 0); | - |
117 | # endif | - |
118 | | - |
119 | #if defined(HAVE_LOGIN_CAP) && defined(USE_PAM) | - |
120 | | - |
121 | | - |
122 | | - |
123 | | - |
124 | if (getuid() == 0 || geteuid() == 0) { | - |
125 | if (options.use_pam) { | - |
126 | do_pam_setcred(use_privsep); | - |
127 | } | - |
128 | } | - |
129 | # endif /* USE_PAM */ | - |
130 | | - |
131 | #if !defined(HAVE_LOGIN_CAP) && defined(HAVE_GETLUID) && defined(HAVE_SETLUID) | - |
132 | if (getuid() == 0 || geteuid() == 0) { | - |
133 | | - |
134 | if (getluid() == -1 && setluid(pw->pw_uid) == -1) | - |
135 | error("setluid: %s", strerror(errno)); | - |
136 | } | - |
137 | #endif | - |
138 | } | - |
139 | | - |
140 | | - |
141 | | - |
142 | | - |
143 | | - |
144 | void | - |
145 | platform_setusercontext_post_groups(struct passwd *pw) | - |
146 | { | - |
147 | #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM) | - |
148 | | - |
149 | | - |
150 | | - |
151 | | - |
152 | | - |
153 | if (options.use_pam) { | - |
154 | do_pam_setcred(use_privsep); | - |
155 | } | - |
156 | #endif /* USE_PAM */ | - |
157 | | - |
158 | #if !defined(HAVE_LOGIN_CAP) && (defined(WITH_IRIX_PROJECT) || \ | - |
159 | defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)) | - |
160 | irix_setusercontext(pw); | - |
161 | #endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ | - |
162 | | - |
163 | #ifdef _AIX | - |
164 | aix_usrinfo(pw); | - |
165 | #endif /* _AIX */ | - |
166 | | - |
167 | #ifdef HAVE_SETPCRED | - |
168 | | - |
169 | | - |
170 | | - |
171 | | - |
172 | | - |
173 | { | - |
174 | char **creds = NULL, *chroot_creds[] = | - |
175 | { "REAL_USER=root", NULL }; | - |
176 | | - |
177 | if (options.chroot_directory != NULL && | - |
178 | strcasecmp(options.chroot_directory, "none") != 0) | - |
179 | creds = chroot_creds; | - |
180 | | - |
181 | if (setpcred(pw->pw_name, creds) == -1) | - |
182 | fatal("Failed to set process credentials"); | - |
183 | } | - |
184 | #endif /* HAVE_SETPCRED */ | - |
185 | #ifdef WITH_SELINUX | - |
186 | ssh_selinux_setup_exec_context(pw->pw_name); | - |
187 | #endif | - |
188 | } | - |
189 | | - |
190 | char * | - |
191 | platform_krb5_get_principal_name(const char *pw_name) | - |
192 | { | - |
193 | #ifdef USE_AIX_KRB_NAME | - |
194 | return aix_krb5_get_principal_name(pw_name); | - |
195 | #else | - |
196 | return NULL; never executed: return ((void *)0) ; | 0 |
197 | #endif | - |
198 | } | - |
| | |