summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@cvs.openbsd.org>2004-08-23 14:26:40 +0000
committerDarren Tucker <dtucker@cvs.openbsd.org>2004-08-23 14:26:40 +0000
commit17cb1fbe6399cd5ac99f79899ba1dda706b35037 (patch)
tree8b02411d6e23f8495acdf962816437d88d4bd9fe
parente1419ce8a95888d0d9c7e6a42d394a1414de81c2 (diff)
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches
change in Portable; ok markus@
-rw-r--r--usr.bin/ssh/lib/Makefile4
-rw-r--r--usr.bin/ssh/ssh-keysign.c14
-rw-r--r--usr.bin/ssh/ssh.c9
-rw-r--r--usr.bin/ssh/sshd/Makefile4
4 files changed, 17 insertions, 14 deletions
diff --git a/usr.bin/ssh/lib/Makefile b/usr.bin/ssh/lib/Makefile
index 0c23741b3db..7df228f2fc8 100644
--- a/usr.bin/ssh/lib/Makefile
+++ b/usr.bin/ssh/lib/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.48 2004/06/13 15:03:02 djm Exp $
+# $OpenBSD: Makefile,v 1.49 2004/08/23 14:26:39 dtucker Exp $
.PATH: ${.CURDIR}/..
@@ -8,7 +8,7 @@ SRCS= authfd.c authfile.c bufaux.c buffer.c canohost.c channels.c \
cleanup.c compat.c compress.c crc32.c deattack.c fatal.c \
hostfile.c log.c match.c nchan.c packet.c readpass.c \
rsa.c tildexpand.c ttymodes.c xmalloc.c atomicio.c \
- key.c dispatch.c kex.c mac.c uuencode.c misc.c \
+ key.c dispatch.c kex.c mac.c uidswap.c uuencode.c misc.c \
rijndael.c ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c \
kexdhc.c kexgexc.c scard.c msg.c progressmeter.c dns.c \
monitor_fdpass.c
diff --git a/usr.bin/ssh/ssh-keysign.c b/usr.bin/ssh/ssh-keysign.c
index 00bd046fdf6..204779344bb 100644
--- a/usr.bin/ssh/ssh-keysign.c
+++ b/usr.bin/ssh/ssh-keysign.c
@@ -22,7 +22,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.17 2004/08/23 14:26:38 dtucker Exp $");
#include <openssl/evp.h>
#include <openssl/rand.h>
@@ -41,6 +41,7 @@ RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $");
#include "canohost.h"
#include "pathnames.h"
#include "readconf.h"
+#include "uidswap.h"
/* XXX readconf.c needs these */
uid_t original_real_uid;
@@ -148,8 +149,11 @@ main(int argc, char **argv)
key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
- seteuid(getuid());
- setuid(getuid());
+ if ((pw = getpwuid(getuid())) == NULL)
+ fatal("getpwuid failed");
+ pw = pwcopy(pw);
+
+ permanently_set_uid(pw);
#ifdef DEBUG_SSH_KEYSIGN
log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0);
@@ -167,10 +171,6 @@ main(int argc, char **argv)
if (key_fd[0] == -1 && key_fd[1] == -1)
fatal("could not open any host key");
- if ((pw = getpwuid(getuid())) == NULL)
- fatal("getpwuid failed");
- pw = pwcopy(pw);
-
SSLeay_add_all_algorithms();
for (i = 0; i < 256; i++)
rnd[i] = arc4random();
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 16feada37e1..7c5625b49a1 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -40,7 +40,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.224 2004/07/28 09:40:29 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.225 2004/08/23 14:26:38 dtucker Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
@@ -71,6 +71,7 @@ RCSID("$OpenBSD: ssh.c,v 1.224 2004/07/28 09:40:29 markus Exp $");
#include "match.h"
#include "msg.h"
#include "monitor_fdpass.h"
+#include "uidswap.h"
#ifdef SMARTCARD
#include "scard.h"
@@ -633,8 +634,10 @@ again:
* user's home directory if it happens to be on a NFS volume where
* root is mapped to nobody.
*/
- seteuid(original_real_uid);
- setuid(original_real_uid);
+ if (original_effective_uid == 0) {
+ PRIV_START;
+ permanently_set_uid(pw);
+ }
/*
* Now that we are back to our own permissions, create ~/.ssh
diff --git a/usr.bin/ssh/sshd/Makefile b/usr.bin/ssh/sshd/Makefile
index bf721834534..cbdca8e39cd 100644
--- a/usr.bin/ssh/sshd/Makefile
+++ b/usr.bin/ssh/sshd/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.63 2004/06/13 15:03:02 djm Exp $
+# $OpenBSD: Makefile,v 1.64 2004/08/23 14:26:39 dtucker Exp $
.PATH: ${.CURDIR}/..
@@ -10,7 +10,7 @@ MAN= sshd.8 sshd_config.5
CFLAGS+=-DHAVE_LOGIN_CAP -DBSD_AUTH
SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \
- sshpty.c sshlogin.c servconf.c serverloop.c uidswap.c \
+ sshpty.c sshlogin.c servconf.c serverloop.c \
auth.c auth1.c auth2.c auth-options.c session.c \
auth-chall.c auth2-chall.c groupaccess.c \
auth-skey.c auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \