diff options
| author |   dtucker <dtucker@openbsd.org> | 2018-07-27 05:34:42 +0000 |
|---|---|---|
| committer | dtucker <dtucker@openbsd.org> | 2018-07-27 05:34:42 +0000 |
| commit | a01615b1c0d711640678bbb6a5ea68c7b416cc4a (patch) | |
| tree | 2b242d713f9a55824ca56c7613cd07a023b4a07d /usr.bin/ssh/ssh.c | |
| parent | remove errant Ed added in previous; (diff) | |
| download | wireguard-openbsd-a01615b1c0d711640678bbb6a5ea68c7b416cc4a.tar.xz wireguard-openbsd-a01615b1c0d711640678bbb6a5ea68c7b416cc4a.zip | |
Now that ssh can't be setuid, remove the original_real_uid and
original_effective_uid globals and replace with calls to plain getuid().
ok djm@
Diffstat (limited to 'usr.bin/ssh/ssh.c')
| -rw-r--r-- | usr.bin/ssh/ssh.c | 31 |
1 files changed, 9 insertions, 22 deletions
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 96a68b44375..2f0bf28b7e0 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.489 2018/07/25 13:10:56 beck Exp $ */ +/* $OpenBSD: ssh.c,v 1.490 2018/07/27 05:34:42 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -161,10 +161,6 @@ struct sockaddr_storage hostaddr; /* Private host keys. */ Sensitive sensitive_data; -/* Original real UID. */ -uid_t original_real_uid; -uid_t original_effective_uid; - /* command to be executed */ struct sshbuf *command; @@ -207,7 +203,7 @@ tilde_expand_paths(char **paths, u_int num_paths) char *cp; for (i = 0; i < num_paths; i++) { - cp = tilde_expand_filename(paths[i], original_real_uid); + cp = tilde_expand_filename(paths[i], getuid()); free(paths[i]); paths[i] = cp; } @@ -591,22 +587,15 @@ main(int ac, char **av) */ closefrom(STDERR_FILENO + 1); - /* - * Save the original real uid. It will be needed later (uid-swapping - * may clobber the real uid). - */ - original_real_uid = getuid(); - original_effective_uid = geteuid(); - if (getuid() != geteuid()) fatal("ssh setuid not supported."); if (getgid() != getegid()) fatal("ssh setgid not supported."); /* Get user data. */ - pw = getpwuid(original_real_uid); + pw = getpwuid(getuid()); if (!pw) { - logit("No user exists for uid %lu", (u_long)original_real_uid); + logit("No user exists for uid %lu", (u_long)getuid()); exit(255); } /* Take a copy of the returned structure. */ @@ -749,7 +738,7 @@ main(int ac, char **av) options.gss_deleg_creds = 1; break; case 'i': - p = tilde_expand_filename(optarg, original_real_uid); + p = tilde_expand_filename(optarg, getuid()); if (stat(p, &st) < 0) fprintf(stderr, "Warning: Identity file %s " "not accessible: %s.\n", p, @@ -1295,8 +1284,7 @@ main(int ac, char **av) } if (options.control_path != NULL) { - cp = tilde_expand_filename(options.control_path, - original_real_uid); + cp = tilde_expand_filename(options.control_path, getuid()); free(options.control_path); options.control_path = percent_expand(cp, "C", conn_hash_hex, @@ -1418,7 +1406,7 @@ main(int ac, char **av) unsetenv(SSH_AUTHSOCKET_ENV_NAME); } else { p = tilde_expand_filename(options.identity_agent, - original_real_uid); + getuid()); cp = percent_expand(p, "d", pw->pw_dir, "h", host, @@ -1986,8 +1974,7 @@ load_public_identity_files(struct passwd *pw) options.identity_files[i] = NULL; continue; } - cp = tilde_expand_filename(options.identity_files[i], - original_real_uid); + cp = tilde_expand_filename(options.identity_files[i], getuid()); filename = percent_expand(cp, "d", pw->pw_dir, "u", pw->pw_name, "l", thishost, "h", host, "r", options.user, (char *)NULL); @@ -2038,7 +2025,7 @@ load_public_identity_files(struct passwd *pw) fatal("%s: too many certificates", __func__); for (i = 0; i < options.num_certificate_files; i++) { cp = tilde_expand_filename(options.certificate_files[i], - original_real_uid); + getuid()); filename = percent_expand(cp, "d", pw->pw_dir, "h", host, |