Mercurial > dropbear
comparison svr-chansession.c @ 219:654bc8327787
merge of 9522146cb07d4576f161fc4567c2c2fbd6f61fbb
and b11630c15bc4d0649dba51c3572cac6f44e0ab0e
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 08 Jul 2005 13:28:03 +0000 |
| parents | 1a52846ec11f |
| children | c5d3ef11155f |
comparison
equal
deleted
inserted
replaced
| 218:3ee0c2f85e1e | 219:654bc8327787 |
|---|---|
| 303 struct ChanSess *chansess; | 303 struct ChanSess *chansess; |
| 304 | 304 |
| 305 TRACE(("enter chansessionrequest")) | 305 TRACE(("enter chansessionrequest")) |
| 306 | 306 |
| 307 type = buf_getstring(ses.payload, &typelen); | 307 type = buf_getstring(ses.payload, &typelen); |
| 308 wantreply = buf_getbyte(ses.payload); | 308 wantreply = buf_getbool(ses.payload); |
| 309 | 309 |
| 310 if (typelen > MAX_NAME_LEN) { | 310 if (typelen > MAX_NAME_LEN) { |
| 311 TRACE(("leave chansessionrequest: type too long")) /* XXX send error?*/ | 311 TRACE(("leave chansessionrequest: type too long")) /* XXX send error?*/ |
| 312 goto out; | 312 goto out; |
| 313 } | 313 } |
| 835 /* overwrite the prng state */ | 835 /* overwrite the prng state */ |
| 836 seedrandom(); | 836 seedrandom(); |
| 837 | 837 |
| 838 /* close file descriptors except stdin/stdout/stderr | 838 /* close file descriptors except stdin/stdout/stderr |
| 839 * Need to be sure FDs are closed here to avoid reading files as root */ | 839 * Need to be sure FDs are closed here to avoid reading files as root */ |
| 840 for (i = 3; i < (unsigned int)ses.maxfd; i++) { | 840 for (i = 3; i <= (unsigned int)ses.maxfd; i++) { |
| 841 if (m_close(i) == DROPBEAR_FAILURE) { | 841 if (m_close(i) == DROPBEAR_FAILURE) { |
| 842 dropbear_exit("Error closing file desc"); | 842 dropbear_exit("Error closing file desc"); |
| 843 } | 843 } |
| 844 } | 844 } |
| 845 | 845 |
| 860 /* We can only change uid/gid as root ... */ | 860 /* We can only change uid/gid as root ... */ |
| 861 if (getuid() == 0) { | 861 if (getuid() == 0) { |
| 862 | 862 |
| 863 if ((setgid(ses.authstate.pw->pw_gid) < 0) || | 863 if ((setgid(ses.authstate.pw->pw_gid) < 0) || |
| 864 (initgroups(ses.authstate.pw->pw_name, | 864 (initgroups(ses.authstate.pw->pw_name, |
| 865 ses.authstate.pw->pw_gid) < 0) || | 865 ses.authstate.pw->pw_gid) < 0)) { |
| 866 (setuid(ses.authstate.pw->pw_uid) < 0)) { | 866 dropbear_exit("error changing user group"); |
| 867 } | |
| 868 if (setuid(ses.authstate.pw->pw_uid) < 0) { | |
| 867 dropbear_exit("error changing user"); | 869 dropbear_exit("error changing user"); |
| 868 } | 870 } |
| 869 } else { | 871 } else { |
| 870 /* ... but if the daemon is the same uid as the requested uid, we don't | 872 /* ... but if the daemon is the same uid as the requested uid, we don't |
| 871 * need to */ | 873 * need to */ |