version 1.486, 2018/07/16 22:25:01 |
version 1.487, 2018/07/18 11:34:04 |
|
|
#include "sshpty.h" |
#include "sshpty.h" |
#include "match.h" |
#include "match.h" |
#include "msg.h" |
#include "msg.h" |
#include "uidswap.h" |
|
#include "version.h" |
#include "version.h" |
#include "ssherr.h" |
#include "ssherr.h" |
#include "myproposal.h" |
#include "myproposal.h" |
|
|
original_real_uid = getuid(); |
original_real_uid = getuid(); |
original_effective_uid = geteuid(); |
original_effective_uid = geteuid(); |
|
|
/* |
if (getuid() != geteuid()) |
* Use uid-swapping to give up root privileges for the duration of |
fatal("ssh setuid not supported."); |
* option processing. We will re-instantiate the rights when we are |
if (getgid() != getegid()) |
* ready to create the privileged port, and will permanently drop |
fatal("ssh setgid not supported."); |
* them when the port has been created (actually, when the connection |
|
* has been made, as we may need to create the port several times). |
|
*/ |
|
PRIV_END; |
|
|
|
/* If we are installed setuid root be careful to not drop core. */ |
|
if (original_real_uid != original_effective_uid) { |
|
struct rlimit rlim; |
|
rlim.rlim_cur = rlim.rlim_max = 0; |
|
if (setrlimit(RLIMIT_CORE, &rlim) < 0) |
|
fatal("setrlimit failed: %.100s", strerror(errno)); |
|
} |
|
/* Get user data. */ |
/* Get user data. */ |
pw = getpwuid(original_real_uid); |
pw = getpwuid(original_real_uid); |
if (!pw) { |
if (!pw) { |
|
|
L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9); |
L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9); |
} |
} |
} |
} |
/* |
|
* Get rid of any extra privileges that we may have. We will no |
|
* longer need them. Also, extra privileges could make it very hard |
|
* to read identity files and other non-world-readable files from the |
|
* user's home directory if it happens to be on a NFS volume where |
|
* root is mapped to nobody. |
|
*/ |
|
if (original_effective_uid == 0) { |
|
PRIV_START; |
|
permanently_set_uid(pw); |
|
} |
|
|
|
/* |
/* Create ~/.ssh * directory if it doesn't already exist. */ |
* Now that we are back to our own permissions, create ~/.ssh |
|
* directory if it doesn't already exist. |
|
*/ |
|
if (config == NULL) { |
if (config == NULL) { |
r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, |
r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, |
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); |
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); |