diff options
author | Darren Tucker <dtucker@cvs.openbsd.org> | 2004-08-23 14:26:40 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@cvs.openbsd.org> | 2004-08-23 14:26:40 +0000 |
commit | 17cb1fbe6399cd5ac99f79899ba1dda706b35037 (patch) | |
tree | 8b02411d6e23f8495acdf962816437d88d4bd9fe | |
parent | e1419ce8a95888d0d9c7e6a42d394a1414de81c2 (diff) |
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches
change in Portable; ok markus@
-rw-r--r-- | usr.bin/ssh/lib/Makefile | 4 | ||||
-rw-r--r-- | usr.bin/ssh/ssh-keysign.c | 14 | ||||
-rw-r--r-- | usr.bin/ssh/ssh.c | 9 | ||||
-rw-r--r-- | usr.bin/ssh/sshd/Makefile | 4 |
4 files changed, 17 insertions, 14 deletions
diff --git a/usr.bin/ssh/lib/Makefile b/usr.bin/ssh/lib/Makefile index 0c23741b3db..7df228f2fc8 100644 --- a/usr.bin/ssh/lib/Makefile +++ b/usr.bin/ssh/lib/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.48 2004/06/13 15:03:02 djm Exp $ +# $OpenBSD: Makefile,v 1.49 2004/08/23 14:26:39 dtucker Exp $ .PATH: ${.CURDIR}/.. @@ -8,7 +8,7 @@ SRCS= authfd.c authfile.c bufaux.c buffer.c canohost.c channels.c \ cleanup.c compat.c compress.c crc32.c deattack.c fatal.c \ hostfile.c log.c match.c nchan.c packet.c readpass.c \ rsa.c tildexpand.c ttymodes.c xmalloc.c atomicio.c \ - key.c dispatch.c kex.c mac.c uuencode.c misc.c \ + key.c dispatch.c kex.c mac.c uidswap.c uuencode.c misc.c \ rijndael.c ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c \ kexdhc.c kexgexc.c scard.c msg.c progressmeter.c dns.c \ monitor_fdpass.c diff --git a/usr.bin/ssh/ssh-keysign.c b/usr.bin/ssh/ssh-keysign.c index 00bd046fdf6..204779344bb 100644 --- a/usr.bin/ssh/ssh-keysign.c +++ b/usr.bin/ssh/ssh-keysign.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.17 2004/08/23 14:26:38 dtucker Exp $"); #include <openssl/evp.h> #include <openssl/rand.h> @@ -41,6 +41,7 @@ RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $"); #include "canohost.h" #include "pathnames.h" #include "readconf.h" +#include "uidswap.h" /* XXX readconf.c needs these */ uid_t original_real_uid; @@ -148,8 +149,11 @@ main(int argc, char **argv) key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); - seteuid(getuid()); - setuid(getuid()); + if ((pw = getpwuid(getuid())) == NULL) + fatal("getpwuid failed"); + pw = pwcopy(pw); + + permanently_set_uid(pw); #ifdef DEBUG_SSH_KEYSIGN log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); @@ -167,10 +171,6 @@ main(int argc, char **argv) if (key_fd[0] == -1 && key_fd[1] == -1) fatal("could not open any host key"); - if ((pw = getpwuid(getuid())) == NULL) - fatal("getpwuid failed"); - pw = pwcopy(pw); - SSLeay_add_all_algorithms(); for (i = 0; i < 256; i++) rnd[i] = arc4random(); diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 16feada37e1..7c5625b49a1 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.224 2004/07/28 09:40:29 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.225 2004/08/23 14:26:38 dtucker Exp $"); #include <openssl/evp.h> #include <openssl/err.h> @@ -71,6 +71,7 @@ RCSID("$OpenBSD: ssh.c,v 1.224 2004/07/28 09:40:29 markus Exp $"); #include "match.h" #include "msg.h" #include "monitor_fdpass.h" +#include "uidswap.h" #ifdef SMARTCARD #include "scard.h" @@ -633,8 +634,10 @@ again: * user's home directory if it happens to be on a NFS volume where * root is mapped to nobody. */ - seteuid(original_real_uid); - setuid(original_real_uid); + if (original_effective_uid == 0) { + PRIV_START; + permanently_set_uid(pw); + } /* * Now that we are back to our own permissions, create ~/.ssh diff --git a/usr.bin/ssh/sshd/Makefile b/usr.bin/ssh/sshd/Makefile index bf721834534..cbdca8e39cd 100644 --- a/usr.bin/ssh/sshd/Makefile +++ b/usr.bin/ssh/sshd/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.63 2004/06/13 15:03:02 djm Exp $ +# $OpenBSD: Makefile,v 1.64 2004/08/23 14:26:39 dtucker Exp $ .PATH: ${.CURDIR}/.. @@ -10,7 +10,7 @@ MAN= sshd.8 sshd_config.5 CFLAGS+=-DHAVE_LOGIN_CAP -DBSD_AUTH SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \ - sshpty.c sshlogin.c servconf.c serverloop.c uidswap.c \ + sshpty.c sshlogin.c servconf.c serverloop.c \ auth.c auth1.c auth2.c auth-options.c session.c \ auth-chall.c auth2-chall.c groupaccess.c \ auth-skey.c auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \ |