Ports: Remove dropbear patch that removed calls to seteuid()
This is no longer necessary now that seteuid() / setegid() is implemented.
This commit is contained in:
parent
748ac5e01b
commit
e34299a136
Notes:
sideshowbarker
2024-07-19 05:32:43 +09:00
Author: https://github.com/nico Commit: https://github.com/SerenityOS/serenity/commit/e34299a1362 Pull-request: https://github.com/SerenityOS/serenity/pull/2588
1 changed files with 0 additions and 96 deletions
|
@ -1,96 +0,0 @@
|
||||||
Dropbear temporarily drops privilliges to make sure the user has access
|
|
||||||
to do various actions (e.g access its authorized_keys file).
|
|
||||||
Serenity doesn't implement seteuid/setegid, so we can't drop privilliges and
|
|
||||||
regain them this way (at least, not that I know it's possible).
|
|
||||||
--- a/svr-authpubkey.c.orig
|
|
||||||
+++ b/svr-authpubkey.c
|
|
||||||
@@ -347,25 +347,8 @@
|
|
||||||
snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
|
|
||||||
ses.authstate.pw_dir);
|
|
||||||
|
|
||||||
-#if DROPBEAR_SVR_MULTIUSER
|
|
||||||
- /* open the file as the authenticating user. */
|
|
||||||
- origuid = getuid();
|
|
||||||
- origgid = getgid();
|
|
||||||
- if ((setegid(ses.authstate.pw_gid)) < 0 ||
|
|
||||||
- (seteuid(ses.authstate.pw_uid)) < 0) {
|
|
||||||
- dropbear_exit("Failed to set euid");
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
authfile = fopen(filename, "r");
|
|
||||||
|
|
||||||
-#if DROPBEAR_SVR_MULTIUSER
|
|
||||||
- if ((seteuid(origuid)) < 0 ||
|
|
||||||
- (setegid(origgid)) < 0) {
|
|
||||||
- dropbear_exit("Failed to revert euid");
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
if (authfile == NULL) {
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
--- a/svr-agentfwd.c.orig
|
|
||||||
+++ b/svr-agentfwd.c
|
|
||||||
@@ -151,17 +151,6 @@
|
|
||||||
|
|
||||||
if (chansess->agentfile != NULL && chansess->agentdir != NULL) {
|
|
||||||
|
|
||||||
-#if DROPBEAR_SVR_MULTIUSER
|
|
||||||
- /* Remove the dir as the user. That way they can't cause problems except
|
|
||||||
- * for themselves */
|
|
||||||
- uid = getuid();
|
|
||||||
- gid = getgid();
|
|
||||||
- if ((setegid(ses.authstate.pw_gid)) < 0 ||
|
|
||||||
- (seteuid(ses.authstate.pw_uid)) < 0) {
|
|
||||||
- dropbear_exit("Failed to set euid");
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
/* 2 for "/" and "\0" */
|
|
||||||
len = strlen(chansess->agentdir) + strlen(chansess->agentfile) + 2;
|
|
||||||
|
|
||||||
@@ -172,13 +161,6 @@
|
|
||||||
|
|
||||||
rmdir(chansess->agentdir);
|
|
||||||
|
|
||||||
-#if DROPBEAR_SVR_MULTIUSER
|
|
||||||
- if ((seteuid(uid)) < 0 ||
|
|
||||||
- (setegid(gid)) < 0) {
|
|
||||||
- dropbear_exit("Failed to revert euid");
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
m_free(chansess->agentfile);
|
|
||||||
m_free(chansess->agentdir);
|
|
||||||
}
|
|
||||||
@@ -220,16 +202,6 @@
|
|
||||||
gid_t gid;
|
|
||||||
int ret = DROPBEAR_FAILURE;
|
|
||||||
|
|
||||||
-#if DROPBEAR_SVR_MULTIUSER
|
|
||||||
- /* drop to user privs to make the dir/file */
|
|
||||||
- uid = getuid();
|
|
||||||
- gid = getgid();
|
|
||||||
- if ((setegid(ses.authstate.pw_gid)) < 0 ||
|
|
||||||
- (seteuid(ses.authstate.pw_uid)) < 0) {
|
|
||||||
- dropbear_exit("Failed to set euid");
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
memset((void*)&addr, 0x0, sizeof(addr));
|
|
||||||
addr.sun_family = AF_UNIX;
|
|
||||||
|
|
||||||
@@ -268,12 +240,6 @@
|
|
||||||
|
|
||||||
|
|
||||||
out:
|
|
||||||
-#if DROPBEAR_SVR_MULTIUSER
|
|
||||||
- if ((seteuid(uid)) < 0 ||
|
|
||||||
- (setegid(gid)) < 0) {
|
|
||||||
- dropbear_exit("Failed to revert euid");
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
Loading…
Add table
Reference in a new issue