version 1.489, 2018/07/25 13:10:56 |
version 1.490, 2018/07/27 05:34:42 |
|
|
/* Private host keys. */ |
/* Private host keys. */ |
Sensitive sensitive_data; |
Sensitive sensitive_data; |
|
|
/* Original real UID. */ |
|
uid_t original_real_uid; |
|
uid_t original_effective_uid; |
|
|
|
/* command to be executed */ |
/* command to be executed */ |
struct sshbuf *command; |
struct sshbuf *command; |
|
|
|
|
char *cp; |
char *cp; |
|
|
for (i = 0; i < num_paths; i++) { |
for (i = 0; i < num_paths; i++) { |
cp = tilde_expand_filename(paths[i], original_real_uid); |
cp = tilde_expand_filename(paths[i], getuid()); |
free(paths[i]); |
free(paths[i]); |
paths[i] = cp; |
paths[i] = cp; |
} |
} |
|
|
*/ |
*/ |
closefrom(STDERR_FILENO + 1); |
closefrom(STDERR_FILENO + 1); |
|
|
/* |
|
* Save the original real uid. It will be needed later (uid-swapping |
|
* may clobber the real uid). |
|
*/ |
|
original_real_uid = getuid(); |
|
original_effective_uid = geteuid(); |
|
|
|
if (getuid() != geteuid()) |
if (getuid() != geteuid()) |
fatal("ssh setuid not supported."); |
fatal("ssh setuid not supported."); |
if (getgid() != getegid()) |
if (getgid() != getegid()) |
fatal("ssh setgid not supported."); |
fatal("ssh setgid not supported."); |
|
|
/* Get user data. */ |
/* Get user data. */ |
pw = getpwuid(original_real_uid); |
pw = getpwuid(getuid()); |
if (!pw) { |
if (!pw) { |
logit("No user exists for uid %lu", (u_long)original_real_uid); |
logit("No user exists for uid %lu", (u_long)getuid()); |
exit(255); |
exit(255); |
} |
} |
/* Take a copy of the returned structure. */ |
/* Take a copy of the returned structure. */ |
|
|
options.gss_deleg_creds = 1; |
options.gss_deleg_creds = 1; |
break; |
break; |
case 'i': |
case 'i': |
p = tilde_expand_filename(optarg, original_real_uid); |
p = tilde_expand_filename(optarg, getuid()); |
if (stat(p, &st) < 0) |
if (stat(p, &st) < 0) |
fprintf(stderr, "Warning: Identity file %s " |
fprintf(stderr, "Warning: Identity file %s " |
"not accessible: %s.\n", p, |
"not accessible: %s.\n", p, |
|
|
} |
} |
|
|
if (options.control_path != NULL) { |
if (options.control_path != NULL) { |
cp = tilde_expand_filename(options.control_path, |
cp = tilde_expand_filename(options.control_path, getuid()); |
original_real_uid); |
|
free(options.control_path); |
free(options.control_path); |
options.control_path = percent_expand(cp, |
options.control_path = percent_expand(cp, |
"C", conn_hash_hex, |
"C", conn_hash_hex, |
|
|
unsetenv(SSH_AUTHSOCKET_ENV_NAME); |
unsetenv(SSH_AUTHSOCKET_ENV_NAME); |
} else { |
} else { |
p = tilde_expand_filename(options.identity_agent, |
p = tilde_expand_filename(options.identity_agent, |
original_real_uid); |
getuid()); |
cp = percent_expand(p, |
cp = percent_expand(p, |
"d", pw->pw_dir, |
"d", pw->pw_dir, |
"h", host, |
"h", host, |
|
|
options.identity_files[i] = NULL; |
options.identity_files[i] = NULL; |
continue; |
continue; |
} |
} |
cp = tilde_expand_filename(options.identity_files[i], |
cp = tilde_expand_filename(options.identity_files[i], getuid()); |
original_real_uid); |
|
filename = percent_expand(cp, "d", pw->pw_dir, |
filename = percent_expand(cp, "d", pw->pw_dir, |
"u", pw->pw_name, "l", thishost, "h", host, |
"u", pw->pw_name, "l", thishost, "h", host, |
"r", options.user, (char *)NULL); |
"r", options.user, (char *)NULL); |
|
|
fatal("%s: too many certificates", __func__); |
fatal("%s: too many certificates", __func__); |
for (i = 0; i < options.num_certificate_files; i++) { |
for (i = 0; i < options.num_certificate_files; i++) { |
cp = tilde_expand_filename(options.certificate_files[i], |
cp = tilde_expand_filename(options.certificate_files[i], |
original_real_uid); |
getuid()); |
filename = percent_expand(cp, |
filename = percent_expand(cp, |
"d", pw->pw_dir, |
"d", pw->pw_dir, |
"h", host, |
"h", host, |