- (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>

author: Damien Miller <djm@mindrot.org> 2000-09-05 16:13:06 +1100
committer: Damien Miller <djm@mindrot.org> 2000-09-05 16:13:06 +1100
commit: bac2d8aa5e642a70045e713853b13d020b9c5d57 (patch)
tree: 98ddc81efce2273b3dfaff03b51242c988d30abf /auth1.c
parent: 676092fad0b6edca8f1fe731d7c3a000465a9bef (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/auth1.c b/auth1.c
index b043e8a95..3720a7d28 100644
--- a/auth1.c
+++ b/auth1.c
@@ -23,6 +23,11 @@ RCSID("$OpenBSD: auth1.c,v 1.3 2000/08/20 18:42:40 millert Exp $");
 # include <siad.h>
 #endif
+#ifdef HAVE_CYGWIN
+#include <windows.h>
+#define is_winnt       (GetVersion() < 0x80000000)
+#endif
 /* import */
 extern ServerOptions options;
 extern char *forced_command;
@@ -371,6 +376,23 @@ do_authloop(struct passwd * pw)
                        break;
                }
+#ifdef HAVE_CYGWIN
+                /*
+                 * The only authentication which is able to change the user
+                 * context on NT systems is the password authentication. So
+                 * we deny all requsts for changing the user context if another
+                 * authentication method is used.
+                 * This may change in future when a special openssh
+                 * subauthentication package is available.
+                 */
+                if (is_winnt && type != SSH_CMSG_AUTH_PASSWORD &&
+                    authenticated && geteuid() != pw->pw_uid) {
+                        packet_disconnect("Authentication rejected for uid %d.",
+                                          (int) pw->pw_uid);
+                        authenticated = 0;
+                }
+#endif
                /*
                 * Check if the user is logging in as root and root logins
                 * are disallowed.
@@ -491,12 +513,15 @@ do_authentication()
        start_pam(pw);
 #endif
+#ifndef HAVE_CYGWIN
        /*
         * If we are not running as root, the user must have the same uid as
         * the server.
+         * Rule not valid on Windows systems.
         */
        if (getuid() != 0 && pw->pw_uid != getuid())
                packet_disconnect("Cannot change user when server not running as root.");
+#endif
        debug("Attempting authentication for %.100s.", pw->pw_name);
author	Damien Miller <djm@mindrot.org>	2000-09-05 16:13:06 +1100
committer	Damien Miller <djm@mindrot.org>	2000-09-05 16:13:06 +1100
commit	bac2d8aa5e642a70045e713853b13d020b9c5d57 (patch)
tree	98ddc81efce2273b3dfaff03b51242c988d30abf /auth1.c
parent	676092fad0b6edca8f1fe731d7c3a000465a9bef (diff)

diff --git a/auth1.c b/auth1.c index b043e8a95..3720a7d28 100644 --- a/auth1.c +++ b/auth1.c
@@ -23,6 +23,11 @@ RCSID("$OpenBSD: auth1.c,v 1.3 2000/08/20 18:42:40 millert Exp $");
23	# include <siad.h>	23	# include <siad.h>
24	#endif	24	#endif
25		25
		26	#ifdef HAVE_CYGWIN
		27	#include <windows.h>
		28	#define is_winnt (GetVersion() < 0x80000000)
		29	#endif
		30
26	/* import */	31	/* import */
27	extern ServerOptions options;	32	extern ServerOptions options;
28	extern char *forced_command;	33	extern char *forced_command;
@@ -371,6 +376,23 @@ do_authloop(struct passwd * pw)
371	break;	376	break;
372	}	377	}
373		378
		379	#ifdef HAVE_CYGWIN
		380	/*
		381	* The only authentication which is able to change the user
		382	* context on NT systems is the password authentication. So
		383	* we deny all requsts for changing the user context if another
		384	* authentication method is used.
		385	* This may change in future when a special openssh
		386	* subauthentication package is available.
		387	*/
		388	if (is_winnt && type != SSH_CMSG_AUTH_PASSWORD &&
		389	authenticated && geteuid() != pw->pw_uid) {
		390	packet_disconnect("Authentication rejected for uid %d.",
		391	(int) pw->pw_uid);
		392	authenticated = 0;
		393	}
		394	#endif
		395
374	/*	396	/*
375	* Check if the user is logging in as root and root logins	397	* Check if the user is logging in as root and root logins
376	* are disallowed.	398	* are disallowed.
@@ -491,12 +513,15 @@ do_authentication()
491	start_pam(pw);	513	start_pam(pw);
492	#endif	514	#endif
493		515
		516	#ifndef HAVE_CYGWIN
494	/*	517	/*
495	* If we are not running as root, the user must have the same uid as	518	* If we are not running as root, the user must have the same uid as
496	* the server.	519	* the server.
		520	* Rule not valid on Windows systems.
497	*/	521	*/
498	if (getuid() != 0 && pw->pw_uid != getuid())	522	if (getuid() != 0 && pw->pw_uid != getuid())
499	packet_disconnect("Cannot change user when server not running as root.");	523	packet_disconnect("Cannot change user when server not running as root.");
		524	#endif
500		525
501	debug("Attempting authentication for %.100s.", pw->pw_name);	526	debug("Attempting authentication for %.100s.", pw->pw_name);
502		527