tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- (bal) Allow sshd to switch user context without password for Cygwin. 

Patch by Corinna Vinschen <vinschen@redhat.com>
This commit is contained in:
Ben Lindstrom 2001-07-18 16:19:48 +00:00
parent 0dd676a26b
commit cff94beb65
2 changed files with 38 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -20,6 +20,8 @@
keep track of both maxfd and the size of the malloc'ed fdsets. keep track of both maxfd and the size of the malloc'ed fdsets.
update maxfd if maxfd gets closed. update maxfd if maxfd gets closed.
- (bal) Cleaned up trailing spaces in ChangeLog. - (bal) Cleaned up trailing spaces in ChangeLog.
- (bal) Allow sshd to switch user context without password for Cygwin.
Patch by Corinna Vinschen <vinschen@redhat.com>
20010715 20010715
- (bal) Set "BROKEN_GETADDRINFO" for darwin platform. Reported by - (bal) Set "BROKEN_GETADDRINFO" for darwin platform. Reported by
@ -6059,4 +6061,4 @@
- Wrote replacements for strlcpy and mkdtemp - Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1 - Released 1.0pre1
$Id: ChangeLog,v 1.1410 2001/07/18 16:05:50 mouring Exp $ $Id: ChangeLog,v 1.1411 2001/07/18 16:19:48 mouring Exp $

47
openbsd-compat/bsd-cygwin_util.c
View File

@ -15,16 +15,20 @@
#include "includes.h" #include "includes.h"
RCSID("$Id: bsd-cygwin_util.c,v 1.4 2001/04/13 14:28:42 djm Exp $"); RCSID("$Id: bsd-cygwin_util.c,v 1.5 2001/07/18 16:19:49 mouring Exp $");
#ifdef HAVE_CYGWIN #ifdef HAVE_CYGWIN
#include <fcntl.h> #include <fcntl.h>
#include <stdlib.h> #include <stdlib.h>
#include <sys/utsname.h>
#include <sys/vfs.h> #include <sys/vfs.h>
#include <windows.h> #include <windows.h>
#define is_winnt (GetVersion() < 0x80000000) #define is_winnt (GetVersion() < 0x80000000)
#define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
#define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea"))
#if defined(open) && open == binary_open #if defined(open) && open == binary_open
# undef open # undef open
#endif #endif
@ -61,12 +65,34 @@ int check_nt_auth(int pwd_authenticated, uid_t uid)
* context on NT systems is the password authentication. So * context on NT systems is the password authentication. So
* we deny all requsts for changing the user context if another * we deny all requsts for changing the user context if another
* authentication method is used. * authentication method is used.
* This may change in future when a special openssh *
* subauthentication package is available. * This doesn't apply to Cygwin versions >= 1.3.2 anymore which
* uses the undocumented NtCreateToken() call to create a user
* token if the process has the appropriate privileges and if
* CYGWIN ntsec setting is on.
*/ */
if (is_winnt && !pwd_authenticated && geteuid() != uid) static int has_create_token = -1;
return 0;
if (is_winnt) {
if (has_create_token < 0) {
struct utsname uts;
int major_high = 0, major_low = 0, minor = 0;
char *cygwin = getenv("CYGWIN");
has_create_token = 0;
if (ntsec_on(cygwin) && !uname(&uts)) {
sscanf(uts.release, "%d.%d.%d",
&major_high, &major_low, &minor);
if (major_high > 1 ||
(major_high == 1 && (major_low > 3 ||
(major_low == 3 && minor >= 2))))
has_create_token = 1;
}
}
if (has_create_token < 1 &&
!pwd_authenticated && geteuid() != uid)
return 0;
}
return 1; return 1;
} }
@ -82,12 +108,9 @@ int check_ntsec(const char *filename)
return 0; return 0;
/* Evaluate current CYGWIN settings. */ /* Evaluate current CYGWIN settings. */
if ((cygwin = getenv("CYGWIN")) != NULL) { cygwin = getenv("CYGWIN");
if (strstr(cygwin, "ntea") && !strstr(cygwin, "nontea")) allow_ntea = ntea_on(cygwin);
allow_ntea = 1; allow_ntsec = ntsec_on(cygwin);
if (strstr(cygwin, "ntsec") && !strstr(cygwin, "nontsec"))
allow_ntsec = 1;
}
/* /*
* `ntea' is an emulation of POSIX attributes. It doesn't support * `ntea' is an emulation of POSIX attributes. It doesn't support