tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-29 00:34:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2002/06/11 04:14:26

Browse Source 
[ssh.c sshconnect.c sshconnect.h]
     no longer use uidswap.[ch] from the ssh client
     run less code with euid==0 if ssh is installed setuid root
     just switch the euid, don't switch the complete set of groups
     (this is only needed by sshd). ok provos@
This commit is contained in:
Ben Lindstrom 2002-06-11 16:37:51 +00:00
parent 8bb6f36c8f
commit f9c4884c8e
4 changed files with 51 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@ -29,6 +29,12 @@
[channels.c channels.h session.c] [channels.c channels.h session.c]
move creation of agent socket to session.c; no need for uidswapping move creation of agent socket to session.c; no need for uidswapping
in channel.c. in channel.c.
- markus@cvs.openbsd.org 2002/06/11 04:14:26
[ssh.c sshconnect.c sshconnect.h]
no longer use uidswap.[ch] from the ssh client
run less code with euid==0 if ssh is installed setuid root
just switch the euid, don't switch the complete set of groups
(this is only needed by sshd). ok provos@
20020609 20020609
- (bal) OpenBSD CVS Sync - (bal) OpenBSD CVS Sync
@ -894,4 +900,4 @@
- (stevesk) entropy.c: typo in debug message - (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@ - (djm) ssh-keygen -i needs seeded RNG; report from markus@
$Id: ChangeLog,v 1.2207 2002/06/11 15:59:02 mouring Exp $ $Id: ChangeLog,v 1.2208 2002/06/11 16:37:51 mouring Exp $

20
ssh.c
View File

@ -40,7 +40,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: ssh.c,v 1.176 2002/06/08 05:17:01 markus Exp $"); RCSID("$OpenBSD: ssh.c,v 1.177 2002/06/11 04:14:26 markus Exp $");
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/err.h> #include <openssl/err.h>
@ -53,7 +53,6 @@ RCSID("$OpenBSD: ssh.c,v 1.176 2002/06/08 05:17:01 markus Exp $");
#include "xmalloc.h" #include "xmalloc.h"
#include "packet.h" #include "packet.h"
#include "buffer.h" #include "buffer.h"
#include "uidswap.h"
#include "channels.h" #include "channels.h"
#include "key.h" #include "key.h"
#include "authfd.h" #include "authfd.h"
@ -136,6 +135,7 @@ Sensitive sensitive_data;
/* Original real UID. */ /* Original real UID. */
uid_t original_real_uid; uid_t original_real_uid;
uid_t original_effective_uid;
/* command to be executed */ /* command to be executed */
Buffer command; Buffer command;
@ -217,7 +217,6 @@ main(int ac, char **av)
struct stat st; struct stat st;
struct passwd *pw; struct passwd *pw;
int dummy; int dummy;
uid_t original_effective_uid;
extern int optind, optreset; extern int optind, optreset;
extern char *optarg; extern char *optarg;
@ -256,7 +255,7 @@ main(int ac, char **av)
* them when the port has been created (actually, when the connection * them when the port has been created (actually, when the connection
* has been made, as we may need to create the port several times). * has been made, as we may need to create the port several times).
*/ */
temporarily_use_uid(pw); PRIV_END;
/* /*
* Set our umask to something reasonable, as some files are created * Set our umask to something reasonable, as some files are created
@ -612,15 +611,12 @@ again:
"originating port will not be trusted."); "originating port will not be trusted.");
options.rhosts_authentication = 0; options.rhosts_authentication = 0;
} }
/* Restore our superuser privileges. */
restore_uid();
/* Open a connection to the remote host. */ /* Open a connection to the remote host. */
cerr = ssh_connect(host, &hostaddr, options.port, IPv4or6, cerr = ssh_connect(host, &hostaddr, options.port, IPv4or6,
options.connection_attempts, options.connection_attempts,
original_effective_uid != 0 || !options.use_privileged_port, original_effective_uid == 0 && options.use_privileged_port,
pw, options.proxy_command); options.proxy_command);
/* /*
* If we successfully made the connection, load the host private key * If we successfully made the connection, load the host private key
@ -637,12 +633,15 @@ again:
options.hostbased_authentication)) { options.hostbased_authentication)) {
sensitive_data.nkeys = 3; sensitive_data.nkeys = 3;
sensitive_data.keys = xmalloc(sensitive_data.nkeys*sizeof(Key)); sensitive_data.keys = xmalloc(sensitive_data.nkeys*sizeof(Key));
PRIV_START;
sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, sensitive_data.keys[0] = key_load_private_type(KEY_RSA1,
_PATH_HOST_KEY_FILE, "", NULL); _PATH_HOST_KEY_FILE, "", NULL);
sensitive_data.keys[1] = key_load_private_type(KEY_DSA, sensitive_data.keys[1] = key_load_private_type(KEY_DSA,
_PATH_HOST_DSA_KEY_FILE, "", NULL); _PATH_HOST_DSA_KEY_FILE, "", NULL);
sensitive_data.keys[2] = key_load_private_type(KEY_RSA, sensitive_data.keys[2] = key_load_private_type(KEY_RSA,
_PATH_HOST_RSA_KEY_FILE, "", NULL); _PATH_HOST_RSA_KEY_FILE, "", NULL);
PRIV_END;
if (sensitive_data.keys[0] == NULL && if (sensitive_data.keys[0] == NULL &&
sensitive_data.keys[1] == NULL && sensitive_data.keys[1] == NULL &&
@ -661,7 +660,8 @@ again:
* user's home directory if it happens to be on a NFS volume where * user's home directory if it happens to be on a NFS volume where
* root is mapped to nobody. * root is mapped to nobody.
*/ */
permanently_set_uid(pw); seteuid(original_real_uid);
setuid(original_real_uid);
/* /*
* Now that we are back to our own permissions, create ~/.ssh * Now that we are back to our own permissions, create ~/.ssh

47
sshconnect.c
View File

@ -13,7 +13,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: sshconnect.c,v 1.123 2002/06/09 22:17:21 itojun Exp $"); RCSID("$OpenBSD: sshconnect.c,v 1.124 2002/06/11 04:14:26 markus Exp $");
#include <openssl/bn.h> #include <openssl/bn.h>
@ -36,8 +36,11 @@ RCSID("$OpenBSD: sshconnect.c,v 1.123 2002/06/09 22:17:21 itojun Exp $");
char *client_version_string = NULL; char *client_version_string = NULL;
char *server_version_string = NULL; char *server_version_string = NULL;
/* import */
extern Options options; extern Options options;
extern char *__progname; extern char *__progname;
extern uid_t original_real_uid;
extern uid_t original_effective_uid;
#ifndef INET6_ADDRSTRLEN /* for non IPv6 machines */ #ifndef INET6_ADDRSTRLEN /* for non IPv6 machines */
#define INET6_ADDRSTRLEN 46 #define INET6_ADDRSTRLEN 46
@ -58,8 +61,7 @@ sockaddr_ntop(struct sockaddr *sa, socklen_t salen)
* Connect to the given ssh server using a proxy command. * Connect to the given ssh server using a proxy command.
*/ */
static int static int
ssh_proxy_connect(const char *host, u_short port, struct passwd *pw, ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
const char *proxy_command)
{ {
Buffer command; Buffer command;
const char *cp; const char *cp;
@ -109,7 +111,8 @@ ssh_proxy_connect(const char *host, u_short port, struct passwd *pw,
char *argv[10]; char *argv[10];
/* Child. Permanently give up superuser privileges. */ /* Child. Permanently give up superuser privileges. */
permanently_set_uid(pw); seteuid(original_real_uid);
setuid(original_real_uid);
/* Redirect stdin and stdout. */ /* Redirect stdin and stdout. */
close(pin[1]); close(pin[1]);
@ -159,7 +162,7 @@ ssh_proxy_connect(const char *host, u_short port, struct passwd *pw,
* Creates a (possibly privileged) socket for use as the ssh connection. * Creates a (possibly privileged) socket for use as the ssh connection.
*/ */
static int static int
ssh_create_socket(struct passwd *pw, int privileged, int family) ssh_create_socket(int privileged, int family)
{ {
int sock, gaierr; int sock, gaierr;
struct addrinfo hints, *res; struct addrinfo hints, *res;
@ -170,22 +173,18 @@ ssh_create_socket(struct passwd *pw, int privileged, int family)
*/ */
if (privileged) { if (privileged) {
int p = IPPORT_RESERVED - 1; int p = IPPORT_RESERVED - 1;
PRIV_START;
sock = rresvport_af(&p, family); sock = rresvport_af(&p, family);
PRIV_END;
if (sock < 0) if (sock < 0)
error("rresvport: af=%d %.100s", family, strerror(errno)); error("rresvport: af=%d %.100s", family, strerror(errno));
else else
debug("Allocated local port %d.", p); debug("Allocated local port %d.", p);
return sock; return sock;
} }
/*
* Just create an ordinary socket on arbitrary port. We use
* the user's uid to create the socket.
*/
temporarily_use_uid(pw);
sock = socket(family, SOCK_STREAM, 0); sock = socket(family, SOCK_STREAM, 0);
if (sock < 0) if (sock < 0)
error("socket: %.100s", strerror(errno)); error("socket: %.100s", strerror(errno));
restore_uid();
/* Bind the socket to an alternative local IP address */ /* Bind the socket to an alternative local IP address */
if (options.bind_address == NULL) if (options.bind_address == NULL)
@ -215,9 +214,9 @@ ssh_create_socket(struct passwd *pw, int privileged, int family)
/* /*
* Opens a TCP/IP connection to the remote server on the given host. * Opens a TCP/IP connection to the remote server on the given host.
* The address of the remote host will be returned in hostaddr. * The address of the remote host will be returned in hostaddr.
* If port is 0, the default port will be used. If anonymous is zero, * If port is 0, the default port will be used. If needpriv is true,
* a privileged port will be allocated to make the connection. * a privileged port will be allocated to make the connection.
* This requires super-user privileges if anonymous is false. * This requires super-user privileges if needpriv is true.
* Connection_attempts specifies the maximum number of tries (one per * Connection_attempts specifies the maximum number of tries (one per
* second). If proxy_command is non-NULL, it specifies the command (with %h * second). If proxy_command is non-NULL, it specifies the command (with %h
* and %p substituted for host and port, respectively) to use to contact * and %p substituted for host and port, respectively) to use to contact
@ -232,7 +231,7 @@ ssh_create_socket(struct passwd *pw, int privileged, int family)
int int
ssh_connect(const char *host, struct sockaddr_storage * hostaddr, ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
u_short port, int family, int connection_attempts, u_short port, int family, int connection_attempts,
int anonymous, struct passwd *pw, const char *proxy_command) int needpriv, const char *proxy_command)
{ {
int gaierr; int gaierr;
int on = 1; int on = 1;
@ -248,8 +247,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
*/ */
int full_failure = 1; int full_failure = 1;
debug("ssh_connect: getuid %u geteuid %u anon %d", debug("ssh_connect: needpriv %d", needpriv);
(u_int) getuid(), (u_int) geteuid(), anonymous);
/* Get default port if port has not been set. */ /* Get default port if port has not been set. */
if (port == 0) { if (port == 0) {
@ -261,7 +259,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
} }
/* If a proxy command is given, connect using it. */ /* If a proxy command is given, connect using it. */
if (proxy_command != NULL) if (proxy_command != NULL)
return ssh_proxy_connect(host, port, pw, proxy_command); return ssh_proxy_connect(host, port, proxy_command);
/* No proxy command. */ /* No proxy command. */
@ -297,26 +295,14 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
host, ntop, strport); host, ntop, strport);
/* Create a socket for connecting. */ /* Create a socket for connecting. */
sock = ssh_create_socket(pw, sock = ssh_create_socket(needpriv, ai->ai_family);
#ifdef HAVE_CYGWIN
!anonymous,
#else
!anonymous && geteuid() == 0,
#endif
ai->ai_family);
if (sock < 0) if (sock < 0)
/* Any error is already output */ /* Any error is already output */
continue; continue;
/* Connect to the host. We use the user's uid in the
* hope that it will help with tcp_wrappers showing
* the remote uid as root.
*/
temporarily_use_uid(pw);
if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) { if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) {
/* Successful connection. */ /* Successful connection. */
memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen); memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
restore_uid();
break; break;
} else { } else {
if (errno == ECONNREFUSED) if (errno == ECONNREFUSED)
@ -324,7 +310,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
log("ssh: connect to address %s port %s: %s", log("ssh: connect to address %s port %s: %s",
sockaddr_ntop(ai->ai_addr, ai->ai_addrlen), sockaddr_ntop(ai->ai_addr, ai->ai_addrlen),
strport, strerror(errno)); strport, strerror(errno));
restore_uid();
/* /*
* Close the failed socket; there appear to * Close the failed socket; there appear to
* be some problems when reusing a socket for * be some problems when reusing a socket for

20
sshconnect.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect.h,v 1.15 2002/06/09 13:32:01 markus Exp $ */ /* $OpenBSD: sshconnect.h,v 1.16 2002/06/11 04:14:26 markus Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -35,7 +35,7 @@ struct Sensitive {
int int
ssh_connect(const char *, struct sockaddr_storage *, u_short, int, int, ssh_connect(const char *, struct sockaddr_storage *, u_short, int, int,
int, struct passwd *, const char *); int, const char *);
void void
ssh_login(Sensitive *, const char *, struct sockaddr *, struct passwd *); ssh_login(Sensitive *, const char *, struct sockaddr *, struct passwd *);
@ -50,4 +50,20 @@ void ssh_userauth2(const char *, const char *, char *, Sensitive *);
void ssh_put_password(char *); void ssh_put_password(char *);
/*
* Macros to raise/lower permissions.
*/
#define PRIV_START do { \
int save_errno = errno; \
(void)seteuid(original_effective_uid); \
errno = save_errno; \
} while (0)
#define PRIV_END do { \
int save_errno = errno; \
(void)seteuid(original_real_uid); \
errno = save_errno; \
} while (0)
#endif #endif