Privsep and AIX..

[Darren Tucker]

Ben Lindstrom wrote:
> 
> Would anyone object if we dropped the TTY setting in usrinfo()  move it up
> after the irix_*() call in do_setusercontext() and handle the case when
> someone whines?  Hopefully by than OSF group will have a patch that we can
> tap off of.
> 
> If not can one of you two pass me a patch to do it?

Yep, that works on my 4.2.1 box!

		-Daz.

$ ssh -l dtucker -p 3022 localhost
dtucker at localhost's password: 
$ uname -s 
AIX
$ ps -eaf | grep sshd | grep Priv
    root 12380 19194   0 19:56:55  pts/1  0:01 ./sshd -d -o
UsePrivilegeSeparation -o Port
 dtucker 18768 12380   0 19:57:29  pts/1  0:00 ./sshd -d -o
UsePrivilegeSeparation -o Port
-------------- next part --------------
Index: session.c
===================================================================
RCS file: /cvs/openssh/session.c,v
retrieving revision 1.204
diff -u -r1.204 session.c
--- session.c	23 Jun 2002 21:48:29 -0000	1.204
+++ session.c	25 Jun 2002 09:44:08 -0000
@@ -1152,6 +1152,8 @@
 void
 do_setusercontext(struct passwd *pw)
 {
+	char tty;
+
 #ifdef HAVE_CYGWIN
 	if (is_winnt) {
 #else /* HAVE_CYGWIN */
@@ -1196,6 +1198,9 @@
 # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
 		irix_setusercontext(pw);
 #  endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
+# ifdef _AIX
+		aix_usrinfo(pw, &tty, -1);
+# endif /* _AIX */
 		/* Permanently switch to the desired uid. */
 		permanently_set_uid(pw);
 #endif
@@ -1259,7 +1264,8 @@
 #else /* HAVE_OSF_SIA */
 		do_nologin(pw);
 # ifdef _AIX
-		aix_usrinfo(pw, s->tty, s->ttyfd);
+		if (geteuid() == 0) 
+			aix_usrinfo(pw, s->tty, s->ttyfd);
 # endif /* _AIX */
 		do_setusercontext(pw);
 #endif /* HAVE_OSF_SIA */