diff options
Diffstat (limited to 'ssh-keysign.c')
| -rw-r--r-- | ssh-keysign.c | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/ssh-keysign.c b/ssh-keysign.c index 9e9ebe2f1..517655790 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c | |||
| @@ -22,7 +22,7 @@ | |||
| 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 23 | */ | 23 | */ |
| 24 | #include "includes.h" | 24 | #include "includes.h" |
| 25 | RCSID("$OpenBSD: ssh-keysign.c,v 1.15 2004/01/19 21:25:15 markus Exp $"); | 25 | RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $"); |
| 26 | 26 | ||
| 27 | #include <openssl/evp.h> | 27 | #include <openssl/evp.h> |
| 28 | #include <openssl/rand.h> | 28 | #include <openssl/rand.h> |
| @@ -41,15 +41,12 @@ RCSID("$OpenBSD: ssh-keysign.c,v 1.15 2004/01/19 21:25:15 markus Exp $"); | |||
| 41 | #include "canohost.h" | 41 | #include "canohost.h" |
| 42 | #include "pathnames.h" | 42 | #include "pathnames.h" |
| 43 | #include "readconf.h" | 43 | #include "readconf.h" |
| 44 | #include "uidswap.h" | ||
| 44 | 45 | ||
| 45 | /* XXX readconf.c needs these */ | 46 | /* XXX readconf.c needs these */ |
| 46 | uid_t original_real_uid; | 47 | uid_t original_real_uid; |
| 47 | 48 | ||
| 48 | #ifdef HAVE___PROGNAME | ||
| 49 | extern char *__progname; | 49 | extern char *__progname; |
| 50 | #else | ||
| 51 | char *__progname; | ||
| 52 | #endif | ||
| 53 | 50 | ||
| 54 | static int | 51 | static int |
| 55 | valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, | 52 | valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, |
| @@ -154,8 +151,11 @@ main(int argc, char **argv) | |||
| 154 | key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); | 151 | key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); |
| 155 | key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); | 152 | key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); |
| 156 | 153 | ||
| 157 | seteuid(getuid()); | 154 | if ((pw = getpwuid(getuid())) == NULL) |
| 158 | setuid(getuid()); | 155 | fatal("getpwuid failed"); |
| 156 | pw = pwcopy(pw); | ||
| 157 | |||
| 158 | permanently_set_uid(pw); | ||
| 159 | 159 | ||
| 160 | init_rng(); | 160 | init_rng(); |
| 161 | seed_rng(); | 161 | seed_rng(); |
| @@ -168,7 +168,7 @@ main(int argc, char **argv) | |||
| 168 | /* verify that ssh-keysign is enabled by the admin */ | 168 | /* verify that ssh-keysign is enabled by the admin */ |
| 169 | original_real_uid = getuid(); /* XXX readconf.c needs this */ | 169 | original_real_uid = getuid(); /* XXX readconf.c needs this */ |
| 170 | initialize_options(&options); | 170 | initialize_options(&options); |
| 171 | (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options); | 171 | (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0); |
| 172 | fill_default_options(&options); | 172 | fill_default_options(&options); |
| 173 | if (options.enable_ssh_keysign != 1) | 173 | if (options.enable_ssh_keysign != 1) |
| 174 | fatal("ssh-keysign not enabled in %s", | 174 | fatal("ssh-keysign not enabled in %s", |
| @@ -177,10 +177,6 @@ main(int argc, char **argv) | |||
| 177 | if (key_fd[0] == -1 && key_fd[1] == -1) | 177 | if (key_fd[0] == -1 && key_fd[1] == -1) |
| 178 | fatal("could not open any host key"); | 178 | fatal("could not open any host key"); |
| 179 | 179 | ||
| 180 | if ((pw = getpwuid(getuid())) == NULL) | ||
| 181 | fatal("getpwuid failed"); | ||
| 182 | pw = pwcopy(pw); | ||
| 183 | |||
| 184 | SSLeay_add_all_algorithms(); | 180 | SSLeay_add_all_algorithms(); |
| 185 | for (i = 0; i < 256; i++) | 181 | for (i = 0; i < 256; i++) |
| 186 | rnd[i] = arc4random(); | 182 | rnd[i] = arc4random(); |