diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-11 16:37:51 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-11 16:37:51 +0000 |
commit | f9c4884c8effe6dd78ab3ed4e42ed69c4a8652d0 (patch) | |
tree | bf92c1c3374176a70d0a2dd9ea23d97e13d5ee57 /sshconnect.h | |
parent | 8bb6f36c8fab33f7ca59b9c56e11d54caf36f965 (diff) |
- markus@cvs.openbsd.org 2002/06/11 04:14:26
[ssh.c sshconnect.c sshconnect.h]
no longer use uidswap.[ch] from the ssh client
run less code with euid==0 if ssh is installed setuid root
just switch the euid, don't switch the complete set of groups
(this is only needed by sshd). ok provos@
Diffstat (limited to 'sshconnect.h')
-rw-r--r-- | sshconnect.h | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/sshconnect.h b/sshconnect.h index aeb2e51a5..48148833f 100644 --- a/sshconnect.h +++ b/sshconnect.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect.h,v 1.15 2002/06/09 13:32:01 markus Exp $ */ | 1 | /* $OpenBSD: sshconnect.h,v 1.16 2002/06/11 04:14:26 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -35,7 +35,7 @@ struct Sensitive { | |||
35 | 35 | ||
36 | int | 36 | int |
37 | ssh_connect(const char *, struct sockaddr_storage *, u_short, int, int, | 37 | ssh_connect(const char *, struct sockaddr_storage *, u_short, int, int, |
38 | int, struct passwd *, const char *); | 38 | int, const char *); |
39 | 39 | ||
40 | void | 40 | void |
41 | ssh_login(Sensitive *, const char *, struct sockaddr *, struct passwd *); | 41 | ssh_login(Sensitive *, const char *, struct sockaddr *, struct passwd *); |
@@ -50,4 +50,20 @@ void ssh_userauth2(const char *, const char *, char *, Sensitive *); | |||
50 | 50 | ||
51 | void ssh_put_password(char *); | 51 | void ssh_put_password(char *); |
52 | 52 | ||
53 | |||
54 | /* | ||
55 | * Macros to raise/lower permissions. | ||
56 | */ | ||
57 | #define PRIV_START do { \ | ||
58 | int save_errno = errno; \ | ||
59 | (void)seteuid(original_effective_uid); \ | ||
60 | errno = save_errno; \ | ||
61 | } while (0) | ||
62 | |||
63 | #define PRIV_END do { \ | ||
64 | int save_errno = errno; \ | ||
65 | (void)seteuid(original_real_uid); \ | ||
66 | errno = save_errno; \ | ||
67 | } while (0) | ||
68 | |||
53 | #endif | 69 | #endif |