- djm@cvs.openbsd.org 2006/03/25 01:13:23

[openssh.git] / ssh-keysign.c

diff --git a/ssh-keysign.c b/ssh-keysign.c
index 1b1149aad3eb54af98cb819a5f7fbf29e2895cbc..a96babfa5f6228f70c3dc0a0e6131e6894ff0e97 100644 (file)
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -22,7 +22,10 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.17 2004/08/23 14:26:38 dtucker Exp $");
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
 
 #include <openssl/evp.h>
 #include <openssl/rand.h>
@@ -148,10 +151,18 @@ main(int argc, char **argv)
        u_int slen, dlen;
        u_int32_t rnd[256];
 
+       /* Ensure that stdin and stdout are connected */
+       if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2)
+               exit(1);
+       /* Leave /dev/null fd iff it is attached to stderr */
+       if (fd > 2)
+               close(fd);
+
        key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
        key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
 
-       if ((pw = getpwuid(getuid())) == NULL)
+       original_real_uid = getuid();   /* XXX readconf.c needs this */
+       if ((pw = getpwuid(original_real_uid)) == NULL)
                fatal("getpwuid failed");
        pw = pwcopy(pw);
 
@@ -166,7 +177,6 @@ main(int argc, char **argv)
 #endif
 
        /* verify that ssh-keysign is enabled by the admin */
-       original_real_uid = getuid();   /* XXX readconf.c needs this */
        initialize_options(&options);
        (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0);
        fill_default_options(&options);