RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2002/06/11 04:14:26 

[ssh.c sshconnect.c sshconnect.h]
     no longer use uidswap.[ch] from the ssh client
     run less code with euid==0 if ssh is installed setuid root
     just switch the euid, don't switch the complete set of groups
     (this is only needed by sshd). ok provos@
This commit is contained in:
Ben Lindstrom 2002-06-11 16:37:51 +00:00
parent 8bb6f36c8f
commit f9c4884c8e
4 changed files with 51 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@ -29,6 +29,12 @@
[channels.c channels.h session.c]
move creation of agent socket to session.c; no need for uidswapping
in channel.c.
- markus@cvs.openbsd.org 2002/06/11 04:14:26
[ssh.c sshconnect.c sshconnect.h]
no longer use uidswap.[ch] from the ssh client
run less code with euid==0 if ssh is installed setuid root
just switch the euid, don't switch the complete set of groups
(this is only needed by sshd). ok provos@
20020609
- (bal) OpenBSD CVS Sync
@ -894,4 +900,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
$Id: ChangeLog,v 1.2207 2002/06/11 15:59:02 mouring Exp $
$Id: ChangeLog,v 1.2208 2002/06/11 16:37:51 mouring Exp $

20
ssh.c
View File

@ -40,7 +40,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh.c,v 1.176 2002/06/08 05:17:01 markus Exp $");
RCSID("$OpenBSD: ssh.c,v 1.177 2002/06/11 04:14:26 markus Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
@ -53,7 +53,6 @@ RCSID("$OpenBSD: ssh.c,v 1.176 2002/06/08 05:17:01 markus Exp $");
#include "xmalloc.h"
#include "packet.h"
#include "buffer.h"
#include "uidswap.h"
#include "channels.h"
#include "key.h"
#include "authfd.h"
@ -136,6 +135,7 @@ Sensitive sensitive_data;
/* Original real UID. */
uid_t original_real_uid;
uid_t original_effective_uid;
/* command to be executed */
Buffer command;
@ -217,7 +217,6 @@ main(int ac, char **av)
struct stat st;
struct passwd *pw;
int dummy;
uid_t original_effective_uid;
extern int optind, optreset;
extern char *optarg;
@ -256,7 +255,7 @@ main(int ac, char **av)
* them when the port has been created (actually, when the connection
* has been made, as we may need to create the port several times).
*/
temporarily_use_uid(pw);
PRIV_END;
/*
* Set our umask to something reasonable, as some files are created
@ -612,15 +611,12 @@ again:
"originating port will not be trusted.");
options.rhosts_authentication = 0;
}
/* Restore our superuser privileges. */
restore_uid();
/* Open a connection to the remote host. */
cerr = ssh_connect(host, &hostaddr, options.port, IPv4or6,
options.connection_attempts,
original_effective_uid != 0 || !options.use_privileged_port,
pw, options.proxy_command);
original_effective_uid == 0 && options.use_privileged_port,
options.proxy_command);
/*
* If we successfully made the connection, load the host private key
@ -637,12 +633,15 @@ again:
options.hostbased_authentication)) {
sensitive_data.nkeys = 3;
sensitive_data.keys = xmalloc(sensitive_data.nkeys*sizeof(Key));
PRIV_START;
sensitive_data.keys[0] = key_load_private_type(KEY_RSA1,
_PATH_HOST_KEY_FILE, "", NULL);
sensitive_data.keys[1] = key_load_private_type(KEY_DSA,
_PATH_HOST_DSA_KEY_FILE, "", NULL);
sensitive_data.keys[2] = key_load_private_type(KEY_RSA,
_PATH_HOST_RSA_KEY_FILE, "", NULL);
PRIV_END;
if (sensitive_data.keys[0] == NULL &&
sensitive_data.keys[1] == NULL &&
@ -661,7 +660,8 @@ again:
* user's home directory if it happens to be on a NFS volume where
* root is mapped to nobody.
*/
permanently_set_uid(pw);
seteuid(original_real_uid);
setuid(original_real_uid);
/*
* Now that we are back to our own permissions, create ~/.ssh

47
sshconnect.c
View File

@ -13,7 +13,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshconnect.c,v 1.123 2002/06/09 22:17:21 itojun Exp $");
RCSID("$OpenBSD: sshconnect.c,v 1.124 2002/06/11 04:14:26 markus Exp $");
#include <openssl/bn.h>
@ -36,8 +36,11 @@ RCSID("$OpenBSD: sshconnect.c,v 1.123 2002/06/09 22:17:21 itojun Exp $");
char *client_version_string = NULL;
char *server_version_string = NULL;
/* import */
extern Options options;
extern char *__progname;
extern uid_t original_real_uid;
extern uid_t original_effective_uid;
#ifndef INET6_ADDRSTRLEN /* for non IPv6 machines */
#define INET6_ADDRSTRLEN 46
@ -58,8 +61,7 @@ sockaddr_ntop(struct sockaddr *sa, socklen_t salen)
* Connect to the given ssh server using a proxy command.
*/
static int
ssh_proxy_connect(const char *host, u_short port, struct passwd *pw,
const char *proxy_command)
ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
{
Buffer command;
const char *cp;
@ -109,7 +111,8 @@ ssh_proxy_connect(const char *host, u_short port, struct passwd *pw,
char *argv[10];
/* Child. Permanently give up superuser privileges. */
permanently_set_uid(pw);
seteuid(original_real_uid);
setuid(original_real_uid);
/* Redirect stdin and stdout. */
close(pin[1]);
@ -159,7 +162,7 @@ ssh_proxy_connect(const char *host, u_short port, struct passwd *pw,
* Creates a (possibly privileged) socket for use as the ssh connection.
*/
static int
ssh_create_socket(struct passwd *pw, int privileged, int family)
ssh_create_socket(int privileged, int family)
{
int sock, gaierr;
struct addrinfo hints, *res;
@ -170,22 +173,18 @@ ssh_create_socket(struct passwd *pw, int privileged, int family)
*/
if (privileged) {
int p = IPPORT_RESERVED - 1;
PRIV_START;
sock = rresvport_af(&p, family);
PRIV_END;
if (sock < 0)
error("rresvport: af=%d %.100s", family, strerror(errno));
else
debug("Allocated local port %d.", p);
return sock;
}
/*
* Just create an ordinary socket on arbitrary port. We use
* the user's uid to create the socket.
*/
temporarily_use_uid(pw);
sock = socket(family, SOCK_STREAM, 0);
if (sock < 0)
error("socket: %.100s", strerror(errno));
restore_uid();
/* Bind the socket to an alternative local IP address */
if (options.bind_address == NULL)
@ -215,9 +214,9 @@ ssh_create_socket(struct passwd *pw, int privileged, int family)
/*
* Opens a TCP/IP connection to the remote server on the given host.
* The address of the remote host will be returned in hostaddr.
* If port is 0, the default port will be used. If anonymous is zero,
* If port is 0, the default port will be used. If needpriv is true,
* a privileged port will be allocated to make the connection.
* This requires super-user privileges if anonymous is false.
* This requires super-user privileges if needpriv is true.
* Connection_attempts specifies the maximum number of tries (one per
* second). If proxy_command is non-NULL, it specifies the command (with %h
* and %p substituted for host and port, respectively) to use to contact
@ -232,7 +231,7 @@ ssh_create_socket(struct passwd *pw, int privileged, int family)
int
ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
u_short port, int family, int connection_attempts,
int anonymous, struct passwd *pw, const char *proxy_command)
int needpriv, const char *proxy_command)
{
int gaierr;
int on = 1;
@ -248,8 +247,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
*/
int full_failure = 1;
debug("ssh_connect: getuid %u geteuid %u anon %d",
(u_int) getuid(), (u_int) geteuid(), anonymous);
debug("ssh_connect: needpriv %d", needpriv);
/* Get default port if port has not been set. */
if (port == 0) {
@ -261,7 +259,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
}
/* If a proxy command is given, connect using it. */
if (proxy_command != NULL)
return ssh_proxy_connect(host, port, pw, proxy_command);
return ssh_proxy_connect(host, port, proxy_command);
/* No proxy command. */
@ -297,26 +295,14 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
host, ntop, strport);
/* Create a socket for connecting. */
sock = ssh_create_socket(pw,
#ifdef HAVE_CYGWIN
!anonymous,
#else
!anonymous && geteuid() == 0,
#endif
ai->ai_family);
sock = ssh_create_socket(needpriv, ai->ai_family);
if (sock < 0)
/* Any error is already output */
continue;
/* Connect to the host. We use the user's uid in the
* hope that it will help with tcp_wrappers showing
* the remote uid as root.
*/
temporarily_use_uid(pw);
if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) {
/* Successful connection. */
memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
restore_uid();
break;
} else {
if (errno == ECONNREFUSED)
@ -324,7 +310,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
log("ssh: connect to address %s port %s: %s",
sockaddr_ntop(ai->ai_addr, ai->ai_addrlen),
strport, strerror(errno));
restore_uid();
/*
* Close the failed socket; there appear to
* be some problems when reusing a socket for

20
sshconnect.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect.h,v 1.15 2002/06/09 13:32:01 markus Exp $ */
/* $OpenBSD: sshconnect.h,v 1.16 2002/06/11 04:14:26 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -35,7 +35,7 @@ struct Sensitive {
int
ssh_connect(const char *, struct sockaddr_storage *, u_short, int, int,
int, struct passwd *, const char *);
int, const char *);
void
ssh_login(Sensitive *, const char *, struct sockaddr *, struct passwd *);
@ -50,4 +50,20 @@ void ssh_userauth2(const char *, const char *, char *, Sensitive *);
void ssh_put_password(char *);
/*
* Macros to raise/lower permissions.
*/
#define PRIV_START do { \
int save_errno = errno; \
(void)seteuid(original_effective_uid); \
errno = save_errno; \
} while (0)
#define PRIV_END do { \
int save_errno = errno; \
(void)seteuid(original_real_uid); \
errno = save_errno; \
} while (0)
#endif