Check seteuid return values in all cases

openssh.spec

@@ -115,7 +115,8 @@ Patch201: openssh-7.1p2-audit-race-condition.patch
 # make it build reusing the openssh sources
 Patch300: pam_ssh_agent_auth-0.9.3-build.patch
 # check return value of seteuid()
-Patch301: pam_ssh_agent_auth-0.9.2-seteuid.patch
+# https://sourceforge.net/p/pamsshagentauth/bugs/23/
+Patch301: pam_ssh_agent_auth-0.10.3-seteuid.patch
 # explicitly make pam callbacks visible
 Patch302: pam_ssh_agent_auth-0.9.2-visibility.patch
 # update to current version of agent structure
@@ -403,7 +404,7 @@ The module is most useful for su and sudo service stacks.
 %if %{pam_ssh_agent}
 pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
 %patch300 -p2 -b .psaa-build
-%patch301 -p1 -b .psaa-seteuid
+%patch301 -p2 -b .psaa-seteuid
 %patch302 -p2 -b .psaa-visibility
 %patch306 -p2 -b .psaa-compat
 %patch305 -p2 -b .psaa-agent

pam_ssh_agent_auth-0.10.3-seteuid.patch

@@ -0,0 +1,37 @@
+diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-seteuid openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c
+--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-seteuid	2017-02-07 15:41:53.172334151 +0100
++++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c	2017-02-07 15:41:53.174334149 +0100
+@@ -238,17 +238,26 @@ ssh_get_authentication_socket_for_uid(ui
+ 	}
+ 
+ 	errno = 0; 
+-	seteuid(uid); /* To ensure a race condition is not used to circumvent the stat
+-	             above, we will temporarily drop UID to the caller */
+-	if (connect(sock, (struct sockaddr *)&sunaddr, sizeof sunaddr) < 0) {
++	/* To ensure a race condition is not used to circumvent the stat
++	   above, we will temporarily drop UID to the caller */
++	if (seteuid(uid) == -1) {
+ 		close(sock);
+-        if(errno == EACCES)
+-		fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid);
++		error("seteuid(%lu) failed with error: %s",
++		    (unsigned long) uid, strerror(errno));
+ 		return -1;
+ 	}
++	if (connect(sock, (struct sockaddr *)&sunaddr, sizeof sunaddr) < 0) {
++		close(sock);
++		sock = -1;
++		if(errno == EACCES)
++			fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid);
++	}
+ 
+-	seteuid(0); /* we now continue the regularly scheduled programming */
+-
++	/* we now continue the regularly scheduled programming */
++	if (0 != seteuid(0)) {
++		fatal("setuid(0) failed with error: %s", strerror(errno));
++		return -1;
++	}
+ 	return sock;
+ }
+ 

pam_ssh_agent_auth-0.9.2-seteuid.patch

@@ -1,27 +0,0 @@
-diff -up pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c.seteuid pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c
---- pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c.seteuid	2010-09-08 08:54:29.000000000 +0200
-+++ pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c	2010-11-22 08:38:05.000000000 +0100
-@@ -131,13 +131,18 @@ ssh_get_authentication_socket_for_uid(ui
- 	}
- 
- 	errno = 0; 
--	seteuid(uid); /* To ensure a race condition is not used to circumvent the stat
--	             above, we will temporarily drop UID to the caller */
-+	/* To ensure a race condition is not used to circumvent the stat
-+	   above, we will temporarily drop UID to the caller */
-+	if (seteuid(uid) == -1) {
-+		close(sock);
-+		error("seteuid(%lu) failed", (unsigned long) uid);
-+		return -1;
-+	}
- 	if (connect(sock, (struct sockaddr *)&sunaddr, sizeof sunaddr) < 0) {
- 		close(sock);
--        if(errno == EACCES)
--		fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid);
--		return -1;
-+		sock = -1;
-+		if(errno == EACCES)
-+			fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid);
- 	}
- 
- 	seteuid(0); /* we now continue the regularly scheduled programming */