upstream: Now that ssh can't be setuid, remove the
original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@ OpenBSD-Commit-ID: 92561c0cd418d34e6841e20ba09160583e27b68c
This commit is contained in:
parent
73ddb25bae
commit
e655ee04a3
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: readconf.c,v 1.295 2018/07/27 05:13:02 dtucker Exp $ */
|
||||
/* $OpenBSD: readconf.c,v 1.296 2018/07/27 05:34:42 dtucker Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -320,7 +320,6 @@ void
|
|||
add_local_forward(Options *options, const struct Forward *newfwd)
|
||||
{
|
||||
struct Forward *fwd;
|
||||
extern uid_t original_real_uid;
|
||||
int i;
|
||||
|
||||
/* Don't add duplicates */
|
||||
|
@ -480,7 +479,6 @@ execute_in_shell(const char *cmd)
|
|||
char *shell;
|
||||
pid_t pid;
|
||||
int devnull, status;
|
||||
extern uid_t original_real_uid;
|
||||
|
||||
if ((shell = getenv("SHELL")) == NULL)
|
||||
shell = _PATH_BSHELL;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-keysign.c,v 1.54 2018/02/23 15:58:38 markus Exp $ */
|
||||
/* $OpenBSD: ssh-keysign.c,v 1.55 2018/07/27 05:34:42 dtucker Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2002 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -62,11 +62,6 @@ struct ssh *active_state = NULL; /* XXX needed for linking */
|
|||
|
||||
extern char *__progname;
|
||||
|
||||
/* XXX readconf.c needs these */
|
||||
uid_t original_real_uid;
|
||||
|
||||
extern char *__progname;
|
||||
|
||||
static int
|
||||
valid_request(struct passwd *pw, char *host, struct sshkey **ret,
|
||||
u_char *data, size_t datalen)
|
||||
|
@ -201,8 +196,7 @@ main(int argc, char **argv)
|
|||
key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY);
|
||||
key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
|
||||
|
||||
original_real_uid = getuid(); /* XXX readconf.c needs this */
|
||||
if ((pw = getpwuid(original_real_uid)) == NULL)
|
||||
if ((pw = getpwuid(getuid())) == NULL)
|
||||
fatal("getpwuid failed");
|
||||
pw = pwcopy(pw);
|
||||
|
||||
|
|
31
ssh.c
31
ssh.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh.c,v 1.489 2018/07/25 13:10:56 beck Exp $ */
|
||||
/* $OpenBSD: ssh.c,v 1.490 2018/07/27 05:34:42 dtucker Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -177,10 +177,6 @@ struct sockaddr_storage hostaddr;
|
|||
/* Private host keys. */
|
||||
Sensitive sensitive_data;
|
||||
|
||||
/* Original real UID. */
|
||||
uid_t original_real_uid;
|
||||
uid_t original_effective_uid;
|
||||
|
||||
/* command to be executed */
|
||||
struct sshbuf *command;
|
||||
|
||||
|
@ -223,7 +219,7 @@ tilde_expand_paths(char **paths, u_int num_paths)
|
|||
char *cp;
|
||||
|
||||
for (i = 0; i < num_paths; i++) {
|
||||
cp = tilde_expand_filename(paths[i], original_real_uid);
|
||||
cp = tilde_expand_filename(paths[i], getuid());
|
||||
free(paths[i]);
|
||||
paths[i] = cp;
|
||||
}
|
||||
|
@ -620,17 +616,10 @@ main(int ac, char **av)
|
|||
*/
|
||||
closefrom(STDERR_FILENO + 1);
|
||||
|
||||
/*
|
||||
* Save the original real uid. It will be needed later (uid-swapping
|
||||
* may clobber the real uid).
|
||||
*/
|
||||
original_real_uid = getuid();
|
||||
original_effective_uid = geteuid();
|
||||
|
||||
/* Get user data. */
|
||||
pw = getpwuid(original_real_uid);
|
||||
pw = getpwuid(getuid());
|
||||
if (!pw) {
|
||||
logit("No user exists for uid %lu", (u_long)original_real_uid);
|
||||
logit("No user exists for uid %lu", (u_long)getuid());
|
||||
exit(255);
|
||||
}
|
||||
/* Take a copy of the returned structure. */
|
||||
|
@ -773,7 +762,7 @@ main(int ac, char **av)
|
|||
options.gss_deleg_creds = 1;
|
||||
break;
|
||||
case 'i':
|
||||
p = tilde_expand_filename(optarg, original_real_uid);
|
||||
p = tilde_expand_filename(optarg, getuid());
|
||||
if (stat(p, &st) < 0)
|
||||
fprintf(stderr, "Warning: Identity file %s "
|
||||
"not accessible: %s.\n", p,
|
||||
|
@ -1321,8 +1310,7 @@ main(int ac, char **av)
|
|||
}
|
||||
|
||||
if (options.control_path != NULL) {
|
||||
cp = tilde_expand_filename(options.control_path,
|
||||
original_real_uid);
|
||||
cp = tilde_expand_filename(options.control_path, getuid());
|
||||
free(options.control_path);
|
||||
options.control_path = percent_expand(cp,
|
||||
"C", conn_hash_hex,
|
||||
|
@ -1450,7 +1438,7 @@ main(int ac, char **av)
|
|||
unsetenv(SSH_AUTHSOCKET_ENV_NAME);
|
||||
} else {
|
||||
p = tilde_expand_filename(options.identity_agent,
|
||||
original_real_uid);
|
||||
getuid());
|
||||
cp = percent_expand(p,
|
||||
"d", pw->pw_dir,
|
||||
"h", host,
|
||||
|
@ -2018,8 +2006,7 @@ load_public_identity_files(struct passwd *pw)
|
|||
options.identity_files[i] = NULL;
|
||||
continue;
|
||||
}
|
||||
cp = tilde_expand_filename(options.identity_files[i],
|
||||
original_real_uid);
|
||||
cp = tilde_expand_filename(options.identity_files[i], getuid());
|
||||
filename = percent_expand(cp, "d", pw->pw_dir,
|
||||
"u", pw->pw_name, "l", thishost, "h", host,
|
||||
"r", options.user, (char *)NULL);
|
||||
|
@ -2070,7 +2057,7 @@ load_public_identity_files(struct passwd *pw)
|
|||
fatal("%s: too many certificates", __func__);
|
||||
for (i = 0; i < options.num_certificate_files; i++) {
|
||||
cp = tilde_expand_filename(options.certificate_files[i],
|
||||
original_real_uid);
|
||||
getuid());
|
||||
filename = percent_expand(cp,
|
||||
"d", pw->pw_dir,
|
||||
"h", host,
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sshconnect.c,v 1.303 2018/07/19 23:03:16 dtucker Exp $ */
|
||||
/* $OpenBSD: sshconnect.c,v 1.304 2018/07/27 05:34:42 dtucker Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -80,8 +80,6 @@ static pid_t proxy_command_pid = 0;
|
|||
/* import */
|
||||
extern Options options;
|
||||
extern char *__progname;
|
||||
extern uid_t original_real_uid;
|
||||
extern uid_t original_effective_uid;
|
||||
|
||||
static int show_other_keys(struct hostkeys *, struct sshkey *);
|
||||
static void warn_changed_key(struct sshkey *);
|
||||
|
|
Loading…
Reference in New Issue