search for: original_real_uid

...if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) return 0; *** readconf.c.orig Mon Feb 04 20:26:35 2002 --- readconf.c Thu May 30 16:55:00 2002 *************** *** 200,206 **** u_short host_port) { Forward *fwd; ! #ifndef HAVE_CYGWIN extern uid_t original_real_uid; if (port < IPPORT_RESERVED && original_real_uid != 0) fatal("Privileged ports can only be forwarded by root."); --- 200,206 ---- u_short host_port) { Forward *fwd; ! #if !defined(HAVE_CYGWIN) && !defined(_UWIN) extern uid_t original_real_uid; if...

...6 +48,7 @@ #include "authfile.h" #include "pathnames.h" #include "misc.h" +#include "readconf.h" /* argv0 */ extern char *__progname; @@ -68,6 +69,11 @@ /* we keep a cache of one passphrases */ static char *pass = NULL; + +Options options; + +uid_t original_real_uid; + static void clear_pass(void) { @@ -311,12 +317,30 @@ AuthenticationConnection *ac = NULL; char *sc_reader_id = NULL; int i, ch, deleting = 0, ret = 0; + char buf[256]; + struct passwd *pw; __progname = ssh_get_progname(argv[0]); init_rng(); seed_rng(); SSLeay_add_all_algorit...

...ot; +#include "tildexpand.h" #ifdef SMARTCARD #include "scard.h" @@ -78,6 +81,13 @@ char hostname[MAXHOSTNAMELEN]; +/* + * General data structure for command line options and options configurable + * in configuration files. See readconf.h. + */ +Options options; +uid_t original_real_uid; + static void ask_filename(struct passwd *pw, const char *prompt) { @@ -103,7 +113,28 @@ break; } - snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name); + + if(options.num_identity_files > 0) { + char *file=NULL; + char *p=strrchr(name,'/&...

...n 1.75 diff -u -p -r1.75 readconf.c --- readconf.c 21 Jun 2002 00:41:52 -0000 1.75 +++ readconf.c 4 Jul 2002 09:13:31 -0000 @@ -199,7 +199,7 @@ add_local_forward(Options *options, u_sh u_short host_port) { Forward *fwd; -#ifndef HAVE_CYGWIN +#ifndef NO_IPPORT_RESERVED_CONCEPT extern uid_t original_real_uid; if (port < IPPORT_RESERVED && original_real_uid != 0) fatal("Privileged ports can only be forwarded by root."); Index: serverloop.c =================================================================== RCS file: /cvs/openssh_cvs/serverloop.c,v retrieving revision 1.102 diff...

...-new/ssh.c Tue Nov 14 07:59:56 2000 @@ -620,7 +620,7 @@ */ ok = ssh_connect(host, &hostaddr, options.port, - options.connection_attempts, + options.connection_attempts, options.retry_delay, !options.rhosts_authentication && !options.rhosts_rsa_authentication, original_real_uid, diff -u --recursive openssh-2.3.0p1/ssh.h openssh-2.3.0p1-new/ssh.h --- openssh-2.3.0p1/ssh.h Sat Oct 14 01:23:12 2000 +++ openssh-2.3.0p1-new/ssh.h Tue Nov 14 07:51:15 2000 @@ -321,11 +321,12 @@ * privileges if anonymous is false. Connection_attempts specifies the * maximum number of tries, o...

...:54 2000 +++ openssh-2.1.0p3-new/ssh.c Mon Jun 5 19:12:59 2000 @@ -578,6 +578,7 @@ ok = ssh_connect(host, &hostaddr, options.port, options.connection_attempts, + options.connection_timeout, !options.rhosts_authentication && !options.rhosts_rsa_authentication, original_real_uid, diff -Naur openssh-2.1.0p3/ssh.h openssh-2.1.0p3-new/ssh.h --- openssh-2.1.0p3/ssh.h Wed May 17 05:34:24 2000 +++ openssh-2.1.0p3-new/ssh.h Mon Jun 5 19:13:55 2000 @@ -323,13 +323,14 @@ * is 0, the default port will be used. If anonymous is zero, a privileged * port will be allocated to make...

...ized_keys_file2(struct passwd *); diff -ur openssh-3.0.2p1/ssh.c openssh-3.0.2p1I/ssh.c --- openssh-3.0.2p1/ssh.c Sun Nov 11 16:52:04 2001 +++ openssh-3.0.2p1I/ssh.c Sun Jan 27 12:05:14 2002 @@ -1212,9 +1212,13 @@ key_free(public); } #endif /* SMARTCARD */ + struct passwd *pw; + pw=getpwuid(original_real_uid); + if (!pw) fatal("Unknown user id: %d", original_real_uid); for (; i < options.num_identity_files; i++) { filename = tilde_expand_filename(options.identity_files[i], original_real_uid); + filename = expand_filename(filename,pw); public = key_load_public(filename, NULL...

...ized_keys_file2(struct passwd *); diff -ur openssh-3.0.2p1/ssh.c openssh-3.0.2p1I/ssh.c --- openssh-3.0.2p1/ssh.c Sun Nov 11 16:52:04 2001 +++ openssh-3.0.2p1I/ssh.c Sun Jan 27 12:05:14 2002 @@ -1212,9 +1212,13 @@ key_free(public); } #endif /* SMARTCARD */ + struct passwd *pw; + pw=getpwuid(original_real_uid); + if (!pw) fatal("Unknown user id: %d", original_real_uid); for (; i < options.num_identity_files; i++) { filename = tilde_expand_filename(options.identity_files[i], original_real_uid); + filename = expand_filename(filename,pw); public = key_load_public(filename, NULL...

...t pid %d;\n", pid); + printf("echo Agent pid %ld;\n", (long)pid); exit(0); } if (setenv(SSH_AUTHSOCKET_ENV_NAME, socket_name, 1) == -1 || Index: sshconnect.c @@ -748,7 +748,7 @@ /* Get local user name. Use it as server user if no user name was given. */ pw = getpwuid(original_real_uid); if (!pw) - fatal("User id %u not found from user database.", original_real_uid); + fatal("User id %lu not found from user database.", (long)original_real_uid); local_user = xstrdup(pw->pw_name); server_user = options.user ? options.user : local_user; Index: sshd.c...

Hello, I've noticed that ssh always opens /etc/passwd on my Linux box before parsing command line options, and so the file is opened even if the user is afterward presented with the usage and the program ends. So, this snippet in OpenSSH-4.2p1, ssh.c: 219 /* Get user data. */ pw = getpwuid(original_real_uid); if (!pw) { logit("You don't exist, go away!"); exit(1); } /* Take a copy of the returned structure. */ pw = pwcopy(pw); should probably be moved after options scanning, for example at ssh: 515, after: /* Check that we got a host name. */ if (!host) usage();...

...ould seem it should be fatal elsewhere, too). Please CC me in replies; I'm not a subscriber. --- openssh-4.4p1/ssh.c 2006-09-01 22:32:40.000000000 -0700 +++ openssh-4.4p1-fix/ssh.c 2007-10-17 10:23:07.000000000 -0700 @@ -1252,6 +1252,7 @@ #endif /* SMARTCARD */ if ((pw = getpwuid(original_real_uid)) == NULL) fatal("load_public_identity_files: getpwuid failed"); + pw = pwcopy(pw); if (gethostname(thishost, sizeof(thishost)) == -1) fatal("load_public_identity_files: gethostname: %s", strerror(errno)); -- T...

...-167,6 +167,9 @@ main(int argc, char **argv) key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); + if (fcntl(key_fd[0], F_SETFD, FD_CLOEXEC) != 0 || + fcntl(key_fd[1], F_SETFD, FD_CLOEXEC) != 0) + fatal("fcntl failed"); original_real_uid = getuid(); /* XXX readconf.c needs this */ if ((pw = getpwuid(original_real_uid)) == NULL)

...-167,6 +167,9 @@ main(int argc, char **argv) key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); + if (fcntl(key_fd[0], F_SETFD, FD_CLOEXEC) != 0 || + fcntl(key_fd[1], F_SETFD, FD_CLOEXEC) != 0) + fatal("fcntl failed"); original_real_uid = getuid(); /* XXX readconf.c needs this */ if ((pw = getpwuid(original_real_uid)) == NULL)

...) + { + return(0); + } + + #endif /* __QNX__ && !__QNXNTO__ */ diff -cr openssh-2.2.0p1.orig/ssh.c openssh-2.2.0p1.qnx/ssh.c *** openssh-2.2.0p1.orig/ssh.c Tue Aug 29 02:33:51 2000 --- openssh-2.2.0p1.qnx/ssh.c Tue Sep 12 10:30:53 2000 *************** *** 215,220 **** --- 215,221 ---- original_real_uid = getuid(); original_effective_uid = geteuid(); + #if !defined(__QNX__) || defined(__QNXNTO__) /* If we are installed setuid root be careful to not drop core. */ if (original_real_uid != original_effective_uid) { struct rlimit rlim; *************** *** 222,227 **** --- 223,229 ----...

...- void add_file(AuthenticationConnection *ac, const char *filename) { diff -ur openssh-1.2pre16/ssh.c openssh-1.2pre16.patched/ssh.c --- openssh-1.2pre16/ssh.c Thu Dec 9 22:29:24 1999 +++ openssh-1.2pre16.patched/ssh.c Thu Dec 9 23:03:19 1999 @@ -81,6 +81,9 @@ /* Original real UID. */ uid_t original_real_uid; +/* Flag indicating whether we should try to use ssh-askpass or not */ +int use_askpass = 0; + /* Prints a help message to the user. This function never returns. */ void @@ -430,10 +433,20 @@ /* Do not allocate a tty if stdin is not a tty. */ if (!isatty(fileno(stdin))) { + FILE *dum...

...); + #endif /* SOCKS */ + /* Initialize option structure to indicate that no values have been set. */ initialize_options(&options); *** sshconnect.c.DIST Tue Jan 11 09:54:21 2000 --- sshconnect.c Wed Jan 19 11:03:46 2000 *************** *** 142,172 **** int ssh_create_socket(uid_t original_real_uid, int privileged) { ! int sock; ! /* ! * If we are running as root and want to connect to a privileged ! * port, bind our own socket to a privileged port. ! */ ! if (privileged) { ! int p = IPPORT_RESERVED - 1; ! sock = rresvport(&p); ! if (sock < 0) ! fatal("rr...

...nd string. */ + command_string = buffer_ptr(&command); + + debug("Executing %s command: %.500s", type, command_string); + + /* Fork and execute the proxy command. */ + if ((pid = fork()) == 0) { + char *argv[10]; + + /* Child. Permanently give up superuser privileges. */ + seteuid(original_real_uid); + setuid(original_real_uid); + + argv[0] = _PATH_BSHELL; + argv[1] = "-c"; + argv[2] = command_string; + argv[3] = NULL; + + execv(argv[0], argv); + perror(argv[0]); + exit(1); + } + /* Parent. */ + if (pid < 0) + fatal("fork failed: %.100s", strerror(errno)); + el...

...debug("Allocated local port %d.", p); } else { /* * Just create an ordinary socket on arbitrary port. We use * the user's uid to create the socket. */ temporarily_use_uid(original_real_uid); sock = socket(family, SOCK_STREAM, 0); if (sock < 0) error("socket: %.100s", strerror(errno)); restore_uid(); } It would make more sense to me that "useprivilegedport=yes" would result in the u...

Hello, The ssh client checks for privileged ports when a local forward is about to be set. This is done in readconf.c's function "add_local_forward": ??? if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0) ??? ??? fatal("Privileged ports can only be forwarded by root."); The constant IPPORT_RESERVED is system wide and fixed at make time. This test is not compatible with local and dynamic strategies such as authbind. I would like a non-privileged user (uid!=0) to be able to forward lo...

...Assignee: unassigned-bugs at mindrot.org Reporter: bugmenot at mailinator.com I had this reported by a user today and wasn't able to debug it at all, until I searched for the error message in the OpenSSH sources and found in ssh.c: /* Get user data. */ pw = getpwuid(original_real_uid); if (!pw) { logit("You don't exist, go away!"); exit(255); } >From the user and support perspective, this message ("go away", implying that there is a "here" and a "there", which is where the server kin...