upstream: Now that ssh can't be setuid, remove the
original_real_uid and original_effective_uid globals and replace with calls
to plain getuid(). ok djm@
OpenBSD-Commit-ID: 92561c0cd418d34e6841e20ba09160583e27b68c
diff --git a/readconf.c b/readconf.c
index d9b6e4c..4ab312f 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.295 2018/07/27 05:13:02 dtucker Exp $ */
+/* $OpenBSD: readconf.c,v 1.296 2018/07/27 05:34:42 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -320,7 +320,6 @@
add_local_forward(Options *options, const struct Forward *newfwd)
{
struct Forward *fwd;
- extern uid_t original_real_uid;
int i;
/* Don't add duplicates */
@@ -480,7 +479,6 @@
char *shell;
pid_t pid;
int devnull, status;
- extern uid_t original_real_uid;
if ((shell = getenv("SHELL")) == NULL)
shell = _PATH_BSHELL;
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 78bb66b..744ecb4 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.54 2018/02/23 15:58:38 markus Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.55 2018/07/27 05:34:42 dtucker Exp $ */
/*
* Copyright (c) 2002 Markus Friedl. All rights reserved.
*
@@ -62,11 +62,6 @@
extern char *__progname;
-/* XXX readconf.c needs these */
-uid_t original_real_uid;
-
-extern char *__progname;
-
static int
valid_request(struct passwd *pw, char *host, struct sshkey **ret,
u_char *data, size_t datalen)
@@ -201,8 +196,7 @@
key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY);
key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
- original_real_uid = getuid(); /* XXX readconf.c needs this */
- if ((pw = getpwuid(original_real_uid)) == NULL)
+ if ((pw = getpwuid(getuid())) == NULL)
fatal("getpwuid failed");
pw = pwcopy(pw);
diff --git a/ssh.c b/ssh.c
index c08693d..ce62884 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.489 2018/07/25 13:10:56 beck Exp $ */
+/* $OpenBSD: ssh.c,v 1.490 2018/07/27 05:34:42 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -177,10 +177,6 @@
/* Private host keys. */
Sensitive sensitive_data;
-/* Original real UID. */
-uid_t original_real_uid;
-uid_t original_effective_uid;
-
/* command to be executed */
struct sshbuf *command;
@@ -223,7 +219,7 @@
char *cp;
for (i = 0; i < num_paths; i++) {
- cp = tilde_expand_filename(paths[i], original_real_uid);
+ cp = tilde_expand_filename(paths[i], getuid());
free(paths[i]);
paths[i] = cp;
}
@@ -620,17 +616,10 @@
*/
closefrom(STDERR_FILENO + 1);
- /*
- * Save the original real uid. It will be needed later (uid-swapping
- * may clobber the real uid).
- */
- original_real_uid = getuid();
- original_effective_uid = geteuid();
-
/* Get user data. */
- pw = getpwuid(original_real_uid);
+ pw = getpwuid(getuid());
if (!pw) {
- logit("No user exists for uid %lu", (u_long)original_real_uid);
+ logit("No user exists for uid %lu", (u_long)getuid());
exit(255);
}
/* Take a copy of the returned structure. */
@@ -773,7 +762,7 @@
options.gss_deleg_creds = 1;
break;
case 'i':
- p = tilde_expand_filename(optarg, original_real_uid);
+ p = tilde_expand_filename(optarg, getuid());
if (stat(p, &st) < 0)
fprintf(stderr, "Warning: Identity file %s "
"not accessible: %s.\n", p,
@@ -1321,8 +1310,7 @@
}
if (options.control_path != NULL) {
- cp = tilde_expand_filename(options.control_path,
- original_real_uid);
+ cp = tilde_expand_filename(options.control_path, getuid());
free(options.control_path);
options.control_path = percent_expand(cp,
"C", conn_hash_hex,
@@ -1450,7 +1438,7 @@
unsetenv(SSH_AUTHSOCKET_ENV_NAME);
} else {
p = tilde_expand_filename(options.identity_agent,
- original_real_uid);
+ getuid());
cp = percent_expand(p,
"d", pw->pw_dir,
"h", host,
@@ -2018,8 +2006,7 @@
options.identity_files[i] = NULL;
continue;
}
- cp = tilde_expand_filename(options.identity_files[i],
- original_real_uid);
+ cp = tilde_expand_filename(options.identity_files[i], getuid());
filename = percent_expand(cp, "d", pw->pw_dir,
"u", pw->pw_name, "l", thishost, "h", host,
"r", options.user, (char *)NULL);
@@ -2070,7 +2057,7 @@
fatal("%s: too many certificates", __func__);
for (i = 0; i < options.num_certificate_files; i++) {
cp = tilde_expand_filename(options.certificate_files[i],
- original_real_uid);
+ getuid());
filename = percent_expand(cp,
"d", pw->pw_dir,
"h", host,
diff --git a/sshconnect.c b/sshconnect.c
index 64250da..78813c1 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.303 2018/07/19 23:03:16 dtucker Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.304 2018/07/27 05:34:42 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -80,8 +80,6 @@
/* import */
extern Options options;
extern char *__progname;
-extern uid_t original_real_uid;
-extern uid_t original_effective_uid;
static int show_other_keys(struct hostkeys *, struct sshkey *);
static void warn_changed_key(struct sshkey *);