diff options
Diffstat (limited to 'ssh.c')
-rw-r--r-- | ssh.c | 20 |
1 files changed, 10 insertions, 10 deletions
@@ -40,7 +40,7 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | RCSID("$OpenBSD: ssh.c,v 1.176 2002/06/08 05:17:01 markus Exp $"); | 43 | RCSID("$OpenBSD: ssh.c,v 1.177 2002/06/11 04:14:26 markus Exp $"); |
44 | 44 | ||
45 | #include <openssl/evp.h> | 45 | #include <openssl/evp.h> |
46 | #include <openssl/err.h> | 46 | #include <openssl/err.h> |
@@ -53,7 +53,6 @@ RCSID("$OpenBSD: ssh.c,v 1.176 2002/06/08 05:17:01 markus Exp $"); | |||
53 | #include "xmalloc.h" | 53 | #include "xmalloc.h" |
54 | #include "packet.h" | 54 | #include "packet.h" |
55 | #include "buffer.h" | 55 | #include "buffer.h" |
56 | #include "uidswap.h" | ||
57 | #include "channels.h" | 56 | #include "channels.h" |
58 | #include "key.h" | 57 | #include "key.h" |
59 | #include "authfd.h" | 58 | #include "authfd.h" |
@@ -136,6 +135,7 @@ Sensitive sensitive_data; | |||
136 | 135 | ||
137 | /* Original real UID. */ | 136 | /* Original real UID. */ |
138 | uid_t original_real_uid; | 137 | uid_t original_real_uid; |
138 | uid_t original_effective_uid; | ||
139 | 139 | ||
140 | /* command to be executed */ | 140 | /* command to be executed */ |
141 | Buffer command; | 141 | Buffer command; |
@@ -217,7 +217,6 @@ main(int ac, char **av) | |||
217 | struct stat st; | 217 | struct stat st; |
218 | struct passwd *pw; | 218 | struct passwd *pw; |
219 | int dummy; | 219 | int dummy; |
220 | uid_t original_effective_uid; | ||
221 | extern int optind, optreset; | 220 | extern int optind, optreset; |
222 | extern char *optarg; | 221 | extern char *optarg; |
223 | 222 | ||
@@ -256,7 +255,7 @@ main(int ac, char **av) | |||
256 | * them when the port has been created (actually, when the connection | 255 | * them when the port has been created (actually, when the connection |
257 | * has been made, as we may need to create the port several times). | 256 | * has been made, as we may need to create the port several times). |
258 | */ | 257 | */ |
259 | temporarily_use_uid(pw); | 258 | PRIV_END; |
260 | 259 | ||
261 | /* | 260 | /* |
262 | * Set our umask to something reasonable, as some files are created | 261 | * Set our umask to something reasonable, as some files are created |
@@ -612,15 +611,12 @@ again: | |||
612 | "originating port will not be trusted."); | 611 | "originating port will not be trusted."); |
613 | options.rhosts_authentication = 0; | 612 | options.rhosts_authentication = 0; |
614 | } | 613 | } |
615 | /* Restore our superuser privileges. */ | ||
616 | restore_uid(); | ||
617 | |||
618 | /* Open a connection to the remote host. */ | 614 | /* Open a connection to the remote host. */ |
619 | 615 | ||
620 | cerr = ssh_connect(host, &hostaddr, options.port, IPv4or6, | 616 | cerr = ssh_connect(host, &hostaddr, options.port, IPv4or6, |
621 | options.connection_attempts, | 617 | options.connection_attempts, |
622 | original_effective_uid != 0 || !options.use_privileged_port, | 618 | original_effective_uid == 0 && options.use_privileged_port, |
623 | pw, options.proxy_command); | 619 | options.proxy_command); |
624 | 620 | ||
625 | /* | 621 | /* |
626 | * If we successfully made the connection, load the host private key | 622 | * If we successfully made the connection, load the host private key |
@@ -637,12 +633,15 @@ again: | |||
637 | options.hostbased_authentication)) { | 633 | options.hostbased_authentication)) { |
638 | sensitive_data.nkeys = 3; | 634 | sensitive_data.nkeys = 3; |
639 | sensitive_data.keys = xmalloc(sensitive_data.nkeys*sizeof(Key)); | 635 | sensitive_data.keys = xmalloc(sensitive_data.nkeys*sizeof(Key)); |
636 | |||
637 | PRIV_START; | ||
640 | sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, | 638 | sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, |
641 | _PATH_HOST_KEY_FILE, "", NULL); | 639 | _PATH_HOST_KEY_FILE, "", NULL); |
642 | sensitive_data.keys[1] = key_load_private_type(KEY_DSA, | 640 | sensitive_data.keys[1] = key_load_private_type(KEY_DSA, |
643 | _PATH_HOST_DSA_KEY_FILE, "", NULL); | 641 | _PATH_HOST_DSA_KEY_FILE, "", NULL); |
644 | sensitive_data.keys[2] = key_load_private_type(KEY_RSA, | 642 | sensitive_data.keys[2] = key_load_private_type(KEY_RSA, |
645 | _PATH_HOST_RSA_KEY_FILE, "", NULL); | 643 | _PATH_HOST_RSA_KEY_FILE, "", NULL); |
644 | PRIV_END; | ||
646 | 645 | ||
647 | if (sensitive_data.keys[0] == NULL && | 646 | if (sensitive_data.keys[0] == NULL && |
648 | sensitive_data.keys[1] == NULL && | 647 | sensitive_data.keys[1] == NULL && |
@@ -661,7 +660,8 @@ again: | |||
661 | * user's home directory if it happens to be on a NFS volume where | 660 | * user's home directory if it happens to be on a NFS volume where |
662 | * root is mapped to nobody. | 661 | * root is mapped to nobody. |
663 | */ | 662 | */ |
664 | permanently_set_uid(pw); | 663 | seteuid(original_real_uid); |
664 | setuid(original_real_uid); | ||
665 | 665 | ||
666 | /* | 666 | /* |
667 | * Now that we are back to our own permissions, create ~/.ssh | 667 | * Now that we are back to our own permissions, create ~/.ssh |