diff options
| -rw-r--r-- | readconf.c | 4 | ||||
| -rw-r--r-- | ssh-keysign.c | 10 | ||||
| -rw-r--r-- | ssh.c | 31 | ||||
| -rw-r--r-- | sshconnect.c | 4 |
4 files changed, 13 insertions, 36 deletions
diff --git a/readconf.c b/readconf.c index d9b6e4cf9..4ab312fff 100644 --- a/readconf.c +++ b/readconf.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: readconf.c,v 1.295 2018/07/27 05:13:02 dtucker Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.296 2018/07/27 05:34:42 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -320,7 +320,6 @@ void | |||
| 320 | add_local_forward(Options *options, const struct Forward *newfwd) | 320 | add_local_forward(Options *options, const struct Forward *newfwd) |
| 321 | { | 321 | { |
| 322 | struct Forward *fwd; | 322 | struct Forward *fwd; |
| 323 | extern uid_t original_real_uid; | ||
| 324 | int i; | 323 | int i; |
| 325 | 324 | ||
| 326 | /* Don't add duplicates */ | 325 | /* Don't add duplicates */ |
| @@ -480,7 +479,6 @@ execute_in_shell(const char *cmd) | |||
| 480 | char *shell; | 479 | char *shell; |
| 481 | pid_t pid; | 480 | pid_t pid; |
| 482 | int devnull, status; | 481 | int devnull, status; |
| 483 | extern uid_t original_real_uid; | ||
| 484 | 482 | ||
| 485 | if ((shell = getenv("SHELL")) == NULL) | 483 | if ((shell = getenv("SHELL")) == NULL) |
| 486 | shell = _PATH_BSHELL; | 484 | shell = _PATH_BSHELL; |
diff --git a/ssh-keysign.c b/ssh-keysign.c index 78bb66b08..744ecb4f9 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keysign.c,v 1.54 2018/02/23 15:58:38 markus Exp $ */ | 1 | /* $OpenBSD: ssh-keysign.c,v 1.55 2018/07/27 05:34:42 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -62,11 +62,6 @@ struct ssh *active_state = NULL; /* XXX needed for linking */ | |||
| 62 | 62 | ||
| 63 | extern char *__progname; | 63 | extern char *__progname; |
| 64 | 64 | ||
| 65 | /* XXX readconf.c needs these */ | ||
| 66 | uid_t original_real_uid; | ||
| 67 | |||
| 68 | extern char *__progname; | ||
| 69 | |||
| 70 | static int | 65 | static int |
| 71 | valid_request(struct passwd *pw, char *host, struct sshkey **ret, | 66 | valid_request(struct passwd *pw, char *host, struct sshkey **ret, |
| 72 | u_char *data, size_t datalen) | 67 | u_char *data, size_t datalen) |
| @@ -201,8 +196,7 @@ main(int argc, char **argv) | |||
| 201 | key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY); | 196 | key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY); |
| 202 | key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); | 197 | key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); |
| 203 | 198 | ||
| 204 | original_real_uid = getuid(); /* XXX readconf.c needs this */ | 199 | if ((pw = getpwuid(getuid())) == NULL) |
| 205 | if ((pw = getpwuid(original_real_uid)) == NULL) | ||
| 206 | fatal("getpwuid failed"); | 200 | fatal("getpwuid failed"); |
| 207 | pw = pwcopy(pw); | 201 | pw = pwcopy(pw); |
| 208 | 202 | ||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh.c,v 1.489 2018/07/25 13:10:56 beck Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.490 2018/07/27 05:34:42 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -177,10 +177,6 @@ struct sockaddr_storage hostaddr; | |||
| 177 | /* Private host keys. */ | 177 | /* Private host keys. */ |
| 178 | Sensitive sensitive_data; | 178 | Sensitive sensitive_data; |
| 179 | 179 | ||
| 180 | /* Original real UID. */ | ||
| 181 | uid_t original_real_uid; | ||
| 182 | uid_t original_effective_uid; | ||
| 183 | |||
| 184 | /* command to be executed */ | 180 | /* command to be executed */ |
| 185 | struct sshbuf *command; | 181 | struct sshbuf *command; |
| 186 | 182 | ||
| @@ -223,7 +219,7 @@ tilde_expand_paths(char **paths, u_int num_paths) | |||
| 223 | char *cp; | 219 | char *cp; |
| 224 | 220 | ||
| 225 | for (i = 0; i < num_paths; i++) { | 221 | for (i = 0; i < num_paths; i++) { |
| 226 | cp = tilde_expand_filename(paths[i], original_real_uid); | 222 | cp = tilde_expand_filename(paths[i], getuid()); |
| 227 | free(paths[i]); | 223 | free(paths[i]); |
| 228 | paths[i] = cp; | 224 | paths[i] = cp; |
| 229 | } | 225 | } |
| @@ -620,17 +616,10 @@ main(int ac, char **av) | |||
| 620 | */ | 616 | */ |
| 621 | closefrom(STDERR_FILENO + 1); | 617 | closefrom(STDERR_FILENO + 1); |
| 622 | 618 | ||
| 623 | /* | ||
| 624 | * Save the original real uid. It will be needed later (uid-swapping | ||
| 625 | * may clobber the real uid). | ||
| 626 | */ | ||
| 627 | original_real_uid = getuid(); | ||
| 628 | original_effective_uid = geteuid(); | ||
| 629 | |||
| 630 | /* Get user data. */ | 619 | /* Get user data. */ |
| 631 | pw = getpwuid(original_real_uid); | 620 | pw = getpwuid(getuid()); |
| 632 | if (!pw) { | 621 | if (!pw) { |
| 633 | logit("No user exists for uid %lu", (u_long)original_real_uid); | 622 | logit("No user exists for uid %lu", (u_long)getuid()); |
| 634 | exit(255); | 623 | exit(255); |
| 635 | } | 624 | } |
| 636 | /* Take a copy of the returned structure. */ | 625 | /* Take a copy of the returned structure. */ |
| @@ -773,7 +762,7 @@ main(int ac, char **av) | |||
| 773 | options.gss_deleg_creds = 1; | 762 | options.gss_deleg_creds = 1; |
| 774 | break; | 763 | break; |
| 775 | case 'i': | 764 | case 'i': |
| 776 | p = tilde_expand_filename(optarg, original_real_uid); | 765 | p = tilde_expand_filename(optarg, getuid()); |
| 777 | if (stat(p, &st) < 0) | 766 | if (stat(p, &st) < 0) |
| 778 | fprintf(stderr, "Warning: Identity file %s " | 767 | fprintf(stderr, "Warning: Identity file %s " |
| 779 | "not accessible: %s.\n", p, | 768 | "not accessible: %s.\n", p, |
| @@ -1321,8 +1310,7 @@ main(int ac, char **av) | |||
| 1321 | } | 1310 | } |
| 1322 | 1311 | ||
| 1323 | if (options.control_path != NULL) { | 1312 | if (options.control_path != NULL) { |
| 1324 | cp = tilde_expand_filename(options.control_path, | 1313 | cp = tilde_expand_filename(options.control_path, getuid()); |
| 1325 | original_real_uid); | ||
| 1326 | free(options.control_path); | 1314 | free(options.control_path); |
| 1327 | options.control_path = percent_expand(cp, | 1315 | options.control_path = percent_expand(cp, |
| 1328 | "C", conn_hash_hex, | 1316 | "C", conn_hash_hex, |
| @@ -1450,7 +1438,7 @@ main(int ac, char **av) | |||
| 1450 | unsetenv(SSH_AUTHSOCKET_ENV_NAME); | 1438 | unsetenv(SSH_AUTHSOCKET_ENV_NAME); |
| 1451 | } else { | 1439 | } else { |
| 1452 | p = tilde_expand_filename(options.identity_agent, | 1440 | p = tilde_expand_filename(options.identity_agent, |
| 1453 | original_real_uid); | 1441 | getuid()); |
| 1454 | cp = percent_expand(p, | 1442 | cp = percent_expand(p, |
| 1455 | "d", pw->pw_dir, | 1443 | "d", pw->pw_dir, |
| 1456 | "h", host, | 1444 | "h", host, |
| @@ -2018,8 +2006,7 @@ load_public_identity_files(struct passwd *pw) | |||
| 2018 | options.identity_files[i] = NULL; | 2006 | options.identity_files[i] = NULL; |
| 2019 | continue; | 2007 | continue; |
| 2020 | } | 2008 | } |
| 2021 | cp = tilde_expand_filename(options.identity_files[i], | 2009 | cp = tilde_expand_filename(options.identity_files[i], getuid()); |
| 2022 | original_real_uid); | ||
| 2023 | filename = percent_expand(cp, "d", pw->pw_dir, | 2010 | filename = percent_expand(cp, "d", pw->pw_dir, |
| 2024 | "u", pw->pw_name, "l", thishost, "h", host, | 2011 | "u", pw->pw_name, "l", thishost, "h", host, |
| 2025 | "r", options.user, (char *)NULL); | 2012 | "r", options.user, (char *)NULL); |
| @@ -2070,7 +2057,7 @@ load_public_identity_files(struct passwd *pw) | |||
| 2070 | fatal("%s: too many certificates", __func__); | 2057 | fatal("%s: too many certificates", __func__); |
| 2071 | for (i = 0; i < options.num_certificate_files; i++) { | 2058 | for (i = 0; i < options.num_certificate_files; i++) { |
| 2072 | cp = tilde_expand_filename(options.certificate_files[i], | 2059 | cp = tilde_expand_filename(options.certificate_files[i], |
| 2073 | original_real_uid); | 2060 | getuid()); |
| 2074 | filename = percent_expand(cp, | 2061 | filename = percent_expand(cp, |
| 2075 | "d", pw->pw_dir, | 2062 | "d", pw->pw_dir, |
| 2076 | "h", host, | 2063 | "h", host, |
diff --git a/sshconnect.c b/sshconnect.c index 64250dab1..78813c164 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshconnect.c,v 1.303 2018/07/19 23:03:16 dtucker Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.304 2018/07/27 05:34:42 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -80,8 +80,6 @@ static pid_t proxy_command_pid = 0; | |||
| 80 | /* import */ | 80 | /* import */ |
| 81 | extern Options options; | 81 | extern Options options; |
| 82 | extern char *__progname; | 82 | extern char *__progname; |
| 83 | extern uid_t original_real_uid; | ||
| 84 | extern uid_t original_effective_uid; | ||
| 85 | 83 | ||
| 86 | static int show_other_keys(struct hostkeys *, struct sshkey *); | 84 | static int show_other_keys(struct hostkeys *, struct sshkey *); |
| 87 | static void warn_changed_key(struct sshkey *); | 85 | static void warn_changed_key(struct sshkey *); |