summaryrefslogtreecommitdiff
path: root/ssh.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh.c')
-rw-r--r--ssh.c20
1 files changed, 10 insertions, 10 deletions
diff --git a/ssh.c b/ssh.c
index 7cadc1873..5693c0d39 100644
--- a/ssh.c
+++ b/ssh.c
@@ -40,7 +40,7 @@
40 */ 40 */
41 41
42#include "includes.h" 42#include "includes.h"
43RCSID("$OpenBSD: ssh.c,v 1.176 2002/06/08 05:17:01 markus Exp $"); 43RCSID("$OpenBSD: ssh.c,v 1.177 2002/06/11 04:14:26 markus Exp $");
44 44
45#include <openssl/evp.h> 45#include <openssl/evp.h>
46#include <openssl/err.h> 46#include <openssl/err.h>
@@ -53,7 +53,6 @@ RCSID("$OpenBSD: ssh.c,v 1.176 2002/06/08 05:17:01 markus Exp $");
53#include "xmalloc.h" 53#include "xmalloc.h"
54#include "packet.h" 54#include "packet.h"
55#include "buffer.h" 55#include "buffer.h"
56#include "uidswap.h"
57#include "channels.h" 56#include "channels.h"
58#include "key.h" 57#include "key.h"
59#include "authfd.h" 58#include "authfd.h"
@@ -136,6 +135,7 @@ Sensitive sensitive_data;
136 135
137/* Original real UID. */ 136/* Original real UID. */
138uid_t original_real_uid; 137uid_t original_real_uid;
138uid_t original_effective_uid;
139 139
140/* command to be executed */ 140/* command to be executed */
141Buffer command; 141Buffer command;
@@ -217,7 +217,6 @@ main(int ac, char **av)
217 struct stat st; 217 struct stat st;
218 struct passwd *pw; 218 struct passwd *pw;
219 int dummy; 219 int dummy;
220 uid_t original_effective_uid;
221 extern int optind, optreset; 220 extern int optind, optreset;
222 extern char *optarg; 221 extern char *optarg;
223 222
@@ -256,7 +255,7 @@ main(int ac, char **av)
256 * them when the port has been created (actually, when the connection 255 * them when the port has been created (actually, when the connection
257 * has been made, as we may need to create the port several times). 256 * has been made, as we may need to create the port several times).
258 */ 257 */
259 temporarily_use_uid(pw); 258 PRIV_END;
260 259
261 /* 260 /*
262 * Set our umask to something reasonable, as some files are created 261 * Set our umask to something reasonable, as some files are created
@@ -612,15 +611,12 @@ again:
612 "originating port will not be trusted."); 611 "originating port will not be trusted.");
613 options.rhosts_authentication = 0; 612 options.rhosts_authentication = 0;
614 } 613 }
615 /* Restore our superuser privileges. */
616 restore_uid();
617
618 /* Open a connection to the remote host. */ 614 /* Open a connection to the remote host. */
619 615
620 cerr = ssh_connect(host, &hostaddr, options.port, IPv4or6, 616 cerr = ssh_connect(host, &hostaddr, options.port, IPv4or6,
621 options.connection_attempts, 617 options.connection_attempts,
622 original_effective_uid != 0 || !options.use_privileged_port, 618 original_effective_uid == 0 && options.use_privileged_port,
623 pw, options.proxy_command); 619 options.proxy_command);
624 620
625 /* 621 /*
626 * If we successfully made the connection, load the host private key 622 * If we successfully made the connection, load the host private key
@@ -637,12 +633,15 @@ again:
637 options.hostbased_authentication)) { 633 options.hostbased_authentication)) {
638 sensitive_data.nkeys = 3; 634 sensitive_data.nkeys = 3;
639 sensitive_data.keys = xmalloc(sensitive_data.nkeys*sizeof(Key)); 635 sensitive_data.keys = xmalloc(sensitive_data.nkeys*sizeof(Key));
636
637 PRIV_START;
640 sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, 638 sensitive_data.keys[0] = key_load_private_type(KEY_RSA1,
641 _PATH_HOST_KEY_FILE, "", NULL); 639 _PATH_HOST_KEY_FILE, "", NULL);
642 sensitive_data.keys[1] = key_load_private_type(KEY_DSA, 640 sensitive_data.keys[1] = key_load_private_type(KEY_DSA,
643 _PATH_HOST_DSA_KEY_FILE, "", NULL); 641 _PATH_HOST_DSA_KEY_FILE, "", NULL);
644 sensitive_data.keys[2] = key_load_private_type(KEY_RSA, 642 sensitive_data.keys[2] = key_load_private_type(KEY_RSA,
645 _PATH_HOST_RSA_KEY_FILE, "", NULL); 643 _PATH_HOST_RSA_KEY_FILE, "", NULL);
644 PRIV_END;
646 645
647 if (sensitive_data.keys[0] == NULL && 646 if (sensitive_data.keys[0] == NULL &&
648 sensitive_data.keys[1] == NULL && 647 sensitive_data.keys[1] == NULL &&
@@ -661,7 +660,8 @@ again:
661 * user's home directory if it happens to be on a NFS volume where 660 * user's home directory if it happens to be on a NFS volume where
662 * root is mapped to nobody. 661 * root is mapped to nobody.
663 */ 662 */
664 permanently_set_uid(pw); 663 seteuid(original_real_uid);
664 setuid(original_real_uid);
665 665
666 /* 666 /*
667 * Now that we are back to our own permissions, create ~/.ssh 667 * Now that we are back to our own permissions, create ~/.ssh