+Mon Jun 19 13:34:23 EDT 1995 Paul Park (pjpark@mit.edu)
+ * login.c - Change setluid call to check for luid and then set it if
+ it fails, also make this logic conditional under HAVE_SETLUID.
+ * configure.in - For OSF/1 systems where libsecurity is present, set
+ HAVE_SETLUID. We'll need to determine similar tests for other
+ extended security systems that we are to support in the future.
+
+
Thu Jun 15 17:32:20 EDT 1995 Paul Park (pjpark@mit.edu)
* Makefile.in - Change explicit library names to -l<lib> form, and
change target link line to use $(LD) and associated flags.
AC_CHECK_LIB(cfg,main,
LOGINLIBS="-lodm -ls -lcfg"
)))
+dnl
+dnl Make our operating system-specific security checks and definitions for
+dnl login.
+dnl
+case $krb5_cv_host in
+alpha-dec-osf*)
+ AC_CHECK_LIB(security,main,
+ AC_DEFINE(HAVE_SETLUID)
+ LOGINLIBS="$LOGINLIBS -lsecurity"
+ )
+ ;;
+esac
+dnl
AC_SUBST(LOGINLIBS)
dnl
AC_VFORK
syslog(LOG_ERR, "setlogin() failure %d",errno);
#endif
-#ifdef __SCO__
- /* this is necessary when C2 mode is enabled, but not otherwise */
- setluid((uid_t) pwd->pw_uid);
-#endif
+#ifdef HAVE_SETLUID
+ /*
+ * If we're on a system which keeps track of login uids, then
+ * attempt to set the login uid, but don't get too unhappy when/if
+ * it doesn't succeed.
+ */
+ if ((uid_t) getluid() < (uid_t) 0) {
+ setluid((uid_t) pwd->pw_uid);
+ }
+#endif /* HAVE_SETLUID */
/* This call MUST succeed */
#ifdef _IBMR2
setuidx(ID_LOGIN, pwd->pw_uid);
projects / krb5.git / commitdiff