summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2002-06-11 16:37:51 +0000
committerBen Lindstrom <mouring@eviladmin.org>2002-06-11 16:37:51 +0000
commitf9c4884c8effe6dd78ab3ed4e42ed69c4a8652d0 (patch)
treebf92c1c3374176a70d0a2dd9ea23d97e13d5ee57
parent8bb6f36c8fab33f7ca59b9c56e11d54caf36f965 (diff)
- markus@cvs.openbsd.org 2002/06/11 04:14:26
[ssh.c sshconnect.c sshconnect.h] no longer use uidswap.[ch] from the ssh client run less code with euid==0 if ssh is installed setuid root just switch the euid, don't switch the complete set of groups (this is only needed by sshd). ok provos@
-rw-r--r--ChangeLog8
-rw-r--r--ssh.c20
-rw-r--r--sshconnect.c47
-rw-r--r--sshconnect.h20
4 files changed, 51 insertions, 44 deletions
diff --git a/ChangeLog b/ChangeLog
index 99448aa9..9e0b5159 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -29,6 +29,12 @@
[channels.c channels.h session.c]
move creation of agent socket to session.c; no need for uidswapping
in channel.c.
+ - markus@cvs.openbsd.org 2002/06/11 04:14:26
+ [ssh.c sshconnect.c sshconnect.h]
+ no longer use uidswap.[ch] from the ssh client
+ run less code with euid==0 if ssh is installed setuid root
+ just switch the euid, don't switch the complete set of groups
+ (this is only needed by sshd). ok provos@
20020609
- (bal) OpenBSD CVS Sync
@@ -894,4 +900,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2207 2002/06/11 15:59:02 mouring Exp $
+$Id: ChangeLog,v 1.2208 2002/06/11 16:37:51 mouring Exp $
diff --git a/ssh.c b/ssh.c
index 7cadc187..5693c0d3 100644
--- a/ssh.c
+++ b/ssh.c
@@ -40,7 +40,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.176 2002/06/08 05:17:01 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.177 2002/06/11 04:14:26 markus Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
@@ -53,7 +53,6 @@ RCSID("$OpenBSD: ssh.c,v 1.176 2002/06/08 05:17:01 markus Exp $");
#include "xmalloc.h"
#include "packet.h"
#include "buffer.h"
-#include "uidswap.h"
#include "channels.h"
#include "key.h"
#include "authfd.h"
@@ -136,6 +135,7 @@ Sensitive sensitive_data;
/* Original real UID. */
uid_t original_real_uid;
+uid_t original_effective_uid;
/* command to be executed */
Buffer command;
@@ -217,7 +217,6 @@ main(int ac, char **av)
struct stat st;
struct passwd *pw;
int dummy;
- uid_t original_effective_uid;
extern int optind, optreset;
extern char *optarg;
@@ -256,7 +255,7 @@ main(int ac, char **av)
* them when the port has been created (actually, when the connection
* has been made, as we may need to create the port several times).
*/
- temporarily_use_uid(pw);
+ PRIV_END;
/*
* Set our umask to something reasonable, as some files are created
@@ -612,15 +611,12 @@ again:
"originating port will not be trusted.");
options.rhosts_authentication = 0;
}
- /* Restore our superuser privileges. */
- restore_uid();
-
/* Open a connection to the remote host. */
cerr = ssh_connect(host, &hostaddr, options.port, IPv4or6,
options.connection_attempts,
- original_effective_uid != 0 || !options.use_privileged_port,
- pw, options.proxy_command);
+ original_effective_uid == 0 && options.use_privileged_port,
+ options.proxy_command);
/*
* If we successfully made the connection, load the host private key
@@ -637,12 +633,15 @@ again:
options.hostbased_authentication)) {
sensitive_data.nkeys = 3;
sensitive_data.keys = xmalloc(sensitive_data.nkeys*sizeof(Key));
+
+ PRIV_START;
sensitive_data.keys[0] = key_load_private_type(KEY_RSA1,
_PATH_HOST_KEY_FILE, "", NULL);
sensitive_data.keys[1] = key_load_private_type(KEY_DSA,
_PATH_HOST_DSA_KEY_FILE, "", NULL);
sensitive_data.keys[2] = key_load_private_type(KEY_RSA,
_PATH_HOST_RSA_KEY_FILE, "", NULL);
+ PRIV_END;
if (sensitive_data.keys[0] == NULL &&
sensitive_data.keys[1] == NULL &&
@@ -661,7 +660,8 @@ again:
* user's home directory if it happens to be on a NFS volume where
* root is mapped to nobody.
*/
- permanently_set_uid(pw);
+ seteuid(original_real_uid);
+ setuid(original_real_uid);
/*
* Now that we are back to our own permissions, create ~/.ssh
diff --git a/sshconnect.c b/sshconnect.c
index 651e3fcf..3a93a4fb 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.123 2002/06/09 22:17:21 itojun Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.124 2002/06/11 04:14:26 markus Exp $");
#include <openssl/bn.h>
@@ -36,8 +36,11 @@ RCSID("$OpenBSD: sshconnect.c,v 1.123 2002/06/09 22:17:21 itojun Exp $");
char *client_version_string = NULL;
char *server_version_string = NULL;
+/* import */
extern Options options;
extern char *__progname;
+extern uid_t original_real_uid;
+extern uid_t original_effective_uid;
#ifndef INET6_ADDRSTRLEN /* for non IPv6 machines */
#define INET6_ADDRSTRLEN 46
@@ -58,8 +61,7 @@ sockaddr_ntop(struct sockaddr *sa, socklen_t salen)
* Connect to the given ssh server using a proxy command.
*/
static int
-ssh_proxy_connect(const char *host, u_short port, struct passwd *pw,
- const char *proxy_command)
+ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
{
Buffer command;
const char *cp;
@@ -109,7 +111,8 @@ ssh_proxy_connect(const char *host, u_short port, struct passwd *pw,
char *argv[10];
/* Child. Permanently give up superuser privileges. */
- permanently_set_uid(pw);
+ seteuid(original_real_uid);
+ setuid(original_real_uid);
/* Redirect stdin and stdout. */
close(pin[1]);
@@ -159,7 +162,7 @@ ssh_proxy_connect(const char *host, u_short port, struct passwd *pw,
* Creates a (possibly privileged) socket for use as the ssh connection.
*/
static int
-ssh_create_socket(struct passwd *pw, int privileged, int family)
+ssh_create_socket(int privileged, int family)
{
int sock, gaierr;
struct addrinfo hints, *res;
@@ -170,22 +173,18 @@ ssh_create_socket(struct passwd *pw, int privileged, int family)
*/
if (privileged) {
int p = IPPORT_RESERVED - 1;
+ PRIV_START;
sock = rresvport_af(&p, family);
+ PRIV_END;
if (sock < 0)
error("rresvport: af=%d %.100s", family, strerror(errno));
else
debug("Allocated local port %d.", p);
return sock;
}
- /*
- * Just create an ordinary socket on arbitrary port. We use
- * the user's uid to create the socket.
- */
- temporarily_use_uid(pw);
sock = socket(family, SOCK_STREAM, 0);
if (sock < 0)
error("socket: %.100s", strerror(errno));
- restore_uid();
/* Bind the socket to an alternative local IP address */
if (options.bind_address == NULL)
@@ -215,9 +214,9 @@ ssh_create_socket(struct passwd *pw, int privileged, int family)
/*
* Opens a TCP/IP connection to the remote server on the given host.
* The address of the remote host will be returned in hostaddr.
- * If port is 0, the default port will be used. If anonymous is zero,
+ * If port is 0, the default port will be used. If needpriv is true,
* a privileged port will be allocated to make the connection.
- * This requires super-user privileges if anonymous is false.
+ * This requires super-user privileges if needpriv is true.
* Connection_attempts specifies the maximum number of tries (one per
* second). If proxy_command is non-NULL, it specifies the command (with %h
* and %p substituted for host and port, respectively) to use to contact
@@ -232,7 +231,7 @@ ssh_create_socket(struct passwd *pw, int privileged, int family)
int
ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
u_short port, int family, int connection_attempts,
- int anonymous, struct passwd *pw, const char *proxy_command)
+ int needpriv, const char *proxy_command)
{
int gaierr;
int on = 1;
@@ -248,8 +247,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
*/
int full_failure = 1;
- debug("ssh_connect: getuid %u geteuid %u anon %d",
- (u_int) getuid(), (u_int) geteuid(), anonymous);
+ debug("ssh_connect: needpriv %d", needpriv);
/* Get default port if port has not been set. */
if (port == 0) {
@@ -261,7 +259,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
}
/* If a proxy command is given, connect using it. */
if (proxy_command != NULL)
- return ssh_proxy_connect(host, port, pw, proxy_command);
+ return ssh_proxy_connect(host, port, proxy_command);
/* No proxy command. */
@@ -297,26 +295,14 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
host, ntop, strport);
/* Create a socket for connecting. */
- sock = ssh_create_socket(pw,
-#ifdef HAVE_CYGWIN
- !anonymous,
-#else
- !anonymous && geteuid() == 0,
-#endif
- ai->ai_family);
+ sock = ssh_create_socket(needpriv, ai->ai_family);
if (sock < 0)
/* Any error is already output */
continue;
- /* Connect to the host. We use the user's uid in the
- * hope that it will help with tcp_wrappers showing
- * the remote uid as root.
- */
- temporarily_use_uid(pw);
if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) {
/* Successful connection. */
memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
- restore_uid();
break;
} else {
if (errno == ECONNREFUSED)
@@ -324,7 +310,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
log("ssh: connect to address %s port %s: %s",
sockaddr_ntop(ai->ai_addr, ai->ai_addrlen),
strport, strerror(errno));
- restore_uid();
/*
* Close the failed socket; there appear to
* be some problems when reusing a socket for
diff --git a/sshconnect.h b/sshconnect.h
index aeb2e51a..48148833 100644
--- a/sshconnect.h
+++ b/sshconnect.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.h,v 1.15 2002/06/09 13:32:01 markus Exp $ */
+/* $OpenBSD: sshconnect.h,v 1.16 2002/06/11 04:14:26 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -35,7 +35,7 @@ struct Sensitive {
int
ssh_connect(const char *, struct sockaddr_storage *, u_short, int, int,
- int, struct passwd *, const char *);
+ int, const char *);
void
ssh_login(Sensitive *, const char *, struct sockaddr *, struct passwd *);
@@ -50,4 +50,20 @@ void ssh_userauth2(const char *, const char *, char *, Sensitive *);
void ssh_put_password(char *);
+
+/*
+ * Macros to raise/lower permissions.
+ */
+#define PRIV_START do { \
+ int save_errno = errno; \
+ (void)seteuid(original_effective_uid); \
+ errno = save_errno; \
+} while (0)
+
+#define PRIV_END do { \
+ int save_errno = errno; \
+ (void)seteuid(original_real_uid); \
+ errno = save_errno; \
+} while (0)
+
#endif