1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
--- ./kdm/backend/client.c.orig Sun Mar 24 12:31:09 2002
+++ ./kdm/backend/client.c Thu Apr 18 20:53:44 2002
@@ -52,6 +52,12 @@
#ifdef K5AUTH
# include <krb5/krb5.h>
#endif
+#ifdef CSRG_BASED
+# ifdef HAS_SETUSERCONTEXT
+# include <login_cap.h>
+# define USE_LOGIN_CAP 1
+# endif
+#endif
#ifdef USE_PAM
# include <security/pam_appl.h>
#elif defined(AIXV3) /* USE_PAM */
@@ -71,13 +77,6 @@
# include <kafs.h>
# endif
# endif
-# ifdef CSRG_BASED
-# include <sys/param.h>
-# ifdef HAS_SETUSERCONTEXT
-# include <login_cap.h>
-# define USE_LOGIN_CAP 1
-# endif
-# endif
/* for nologin */
# include <sys/types.h>
# include <unistd.h>
@@ -867,12 +866,11 @@
char *msg;
char **theenv;
extern char **newenv; /* from libs.a, this is set up by setpenv */
-# else
-# ifdef HAS_SETUSERCONTEXT
- extern char **environ;
-# endif
# endif
#endif
+#ifdef HAS_SETUSERCONTEXT
+ extern char **environ;
+#endif
char *failsafeArgv[2];
struct verify_info *verify;
int i, pid;
@@ -1004,10 +1002,11 @@
#ifndef AIXV3
-# if !defined(HAS_SETUSERCONTEXT) || defined(USE_PAM)
+# ifndef HAS_SETUSERCONTEXT
if (!SetGid (name, verify->gid))
exit (1);
-# ifdef USE_PAM
+# endif
+# ifdef USE_PAM
pam_setcred(pamh, 0);
/* pass in environment variables set by libpam and modules it called */
pam_env = pam_getenvlist(pamh);
@@ -1015,7 +1014,8 @@
if (pam_env)
for(; *pam_env; pam_env++)
verify->userEnviron = putEnv(*pam_env, verify->userEnviron);
-# endif
+# endif
+# ifndef HAS_SETUSERCONTEXT
# if defined(BSD) && (BSD >= 199103)
if (setlogin(name) < 0)
{
@@ -1025,7 +1025,8 @@
# endif
if (!SetUid (name, verify->uid))
exit (1);
-# else /* HAS_SETUSERCONTEXT && !USE_PAM */
+# else /* HAS_SETUSERCONTEXT */
+
/*
* Destroy environment unless user has requested its preservation.
* We need to do this before setusercontext() because that may
|
