diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | auth1.c | 4 | ||||
-rw-r--r-- | auth2.c | 8 | ||||
-rw-r--r-- | openbsd-compat/bsd-cygwin_util.c | 8 | ||||
-rw-r--r-- | openbsd-compat/bsd-cygwin_util.h | 4 |
5 files changed, 18 insertions, 12 deletions
@@ -1,3 +1,7 @@ | |||
1 | 20011229 | ||
2 | - (djm) Apply Cygwin pointer deref fix from Corinna Vinschen | ||
3 | <vinschen@redhat.com> Could be abused to guess valid usernames | ||
4 | |||
1 | 20011228 | 5 | 20011228 |
2 | - (djm) Remove recommendation to use GNU make, we should support most | 6 | - (djm) Remove recommendation to use GNU make, we should support most |
3 | make programs. | 7 | make programs. |
@@ -7108,4 +7112,4 @@ | |||
7108 | - Wrote replacements for strlcpy and mkdtemp | 7112 | - Wrote replacements for strlcpy and mkdtemp |
7109 | - Released 1.0pre1 | 7113 | - Released 1.0pre1 |
7110 | 7114 | ||
7111 | $Id: ChangeLog,v 1.1709 2001/12/27 22:57:33 djm Exp $ | 7115 | $Id: ChangeLog,v 1.1710 2001/12/29 03:08:28 djm Exp $ |
@@ -313,9 +313,9 @@ do_authloop(Authctxt *authctxt) | |||
313 | 313 | ||
314 | #ifdef HAVE_CYGWIN | 314 | #ifdef HAVE_CYGWIN |
315 | if (authenticated && | 315 | if (authenticated && |
316 | !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) { | 316 | !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) { |
317 | packet_disconnect("Authentication rejected for uid %d.", | 317 | packet_disconnect("Authentication rejected for uid %d.", |
318 | (int)pw->pw_uid); | 318 | pw == NULL ? -1 : pw->pw_uid); |
319 | authenticated = 0; | 319 | authenticated = 0; |
320 | } | 320 | } |
321 | #else | 321 | #else |
@@ -335,7 +335,7 @@ userauth_none(Authctxt *authctxt) | |||
335 | return(0); | 335 | return(0); |
336 | 336 | ||
337 | #ifdef HAVE_CYGWIN | 337 | #ifdef HAVE_CYGWIN |
338 | if (check_nt_auth(1, authctxt->pw->pw_uid) == 0) | 338 | if (check_nt_auth(1, authctxt->pw) == 0) |
339 | return(0); | 339 | return(0); |
340 | #endif | 340 | #endif |
341 | #ifdef USE_PAM | 341 | #ifdef USE_PAM |
@@ -361,7 +361,7 @@ userauth_passwd(Authctxt *authctxt) | |||
361 | packet_done(); | 361 | packet_done(); |
362 | if (authctxt->valid && | 362 | if (authctxt->valid && |
363 | #ifdef HAVE_CYGWIN | 363 | #ifdef HAVE_CYGWIN |
364 | check_nt_auth(1, authctxt->pw->pw_uid) && | 364 | check_nt_auth(1, authctxt->pw) && |
365 | #endif | 365 | #endif |
366 | #ifdef USE_PAM | 366 | #ifdef USE_PAM |
367 | auth_pam_password(authctxt->pw, password) == 1) | 367 | auth_pam_password(authctxt->pw, password) == 1) |
@@ -398,7 +398,7 @@ userauth_kbdint(Authctxt *authctxt) | |||
398 | xfree(devs); | 398 | xfree(devs); |
399 | xfree(lang); | 399 | xfree(lang); |
400 | #ifdef HAVE_CYGWIN | 400 | #ifdef HAVE_CYGWIN |
401 | if (check_nt_auth(0, authctxt->pw->pw_uid) == 0) | 401 | if (check_nt_auth(0, authctxt->pw) == 0) |
402 | return(0); | 402 | return(0); |
403 | #endif | 403 | #endif |
404 | return authenticated; | 404 | return authenticated; |
@@ -504,7 +504,7 @@ userauth_pubkey(Authctxt *authctxt) | |||
504 | xfree(pkalg); | 504 | xfree(pkalg); |
505 | xfree(pkblob); | 505 | xfree(pkblob); |
506 | #ifdef HAVE_CYGWIN | 506 | #ifdef HAVE_CYGWIN |
507 | if (check_nt_auth(0, authctxt->pw->pw_uid) == 0) | 507 | if (check_nt_auth(0, authctxt->pw) == 0) |
508 | return(0); | 508 | return(0); |
509 | #endif | 509 | #endif |
510 | return authenticated; | 510 | return authenticated; |
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index 6d6aafa4f..b12725773 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c | |||
@@ -15,7 +15,7 @@ | |||
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | 17 | ||
18 | RCSID("$Id: bsd-cygwin_util.c,v 1.6 2001/11/27 01:19:44 tim Exp $"); | 18 | RCSID("$Id: bsd-cygwin_util.c,v 1.7 2001/12/29 03:08:30 djm Exp $"); |
19 | 19 | ||
20 | #ifdef HAVE_CYGWIN | 20 | #ifdef HAVE_CYGWIN |
21 | 21 | ||
@@ -58,7 +58,7 @@ int binary_pipe(int fd[2]) | |||
58 | return ret; | 58 | return ret; |
59 | } | 59 | } |
60 | 60 | ||
61 | int check_nt_auth(int pwd_authenticated, uid_t uid) | 61 | int check_nt_auth(int pwd_authenticated, struct passwd *pw) |
62 | { | 62 | { |
63 | /* | 63 | /* |
64 | * The only authentication which is able to change the user | 64 | * The only authentication which is able to change the user |
@@ -73,6 +73,8 @@ int check_nt_auth(int pwd_authenticated, uid_t uid) | |||
73 | */ | 73 | */ |
74 | static int has_create_token = -1; | 74 | static int has_create_token = -1; |
75 | 75 | ||
76 | if (pw == NULL) | ||
77 | return 0; | ||
76 | if (is_winnt) { | 78 | if (is_winnt) { |
77 | if (has_create_token < 0) { | 79 | if (has_create_token < 0) { |
78 | struct utsname uts; | 80 | struct utsname uts; |
@@ -90,7 +92,7 @@ int check_nt_auth(int pwd_authenticated, uid_t uid) | |||
90 | } | 92 | } |
91 | } | 93 | } |
92 | if (has_create_token < 1 && | 94 | if (has_create_token < 1 && |
93 | !pwd_authenticated && geteuid() != uid) | 95 | !pwd_authenticated && geteuid() != pw->pw_uid) |
94 | return 0; | 96 | return 0; |
95 | } | 97 | } |
96 | return 1; | 98 | return 1; |
diff --git a/openbsd-compat/bsd-cygwin_util.h b/openbsd-compat/bsd-cygwin_util.h index 24063d311..c3d90518f 100644 --- a/openbsd-compat/bsd-cygwin_util.h +++ b/openbsd-compat/bsd-cygwin_util.h | |||
@@ -13,7 +13,7 @@ | |||
13 | * binary mode on Windows systems. | 13 | * binary mode on Windows systems. |
14 | */ | 14 | */ |
15 | 15 | ||
16 | /* $Id: bsd-cygwin_util.h,v 1.5 2001/11/27 01:19:44 tim Exp $ */ | 16 | /* $Id: bsd-cygwin_util.h,v 1.6 2001/12/29 03:08:30 djm Exp $ */ |
17 | 17 | ||
18 | #ifndef _BSD_CYGWIN_UTIL_H | 18 | #ifndef _BSD_CYGWIN_UTIL_H |
19 | #define _BSD_CYGWIN_UTIL_H | 19 | #define _BSD_CYGWIN_UTIL_H |
@@ -24,7 +24,7 @@ | |||
24 | 24 | ||
25 | int binary_open(const char *filename, int flags, ...); | 25 | int binary_open(const char *filename, int flags, ...); |
26 | int binary_pipe(int fd[2]); | 26 | int binary_pipe(int fd[2]); |
27 | int check_nt_auth(int pwd_authenticated, uid_t uid); | 27 | int check_nt_auth(int pwd_authenticated, struct passwd *pw); |
28 | int check_ntsec(const char *filename); | 28 | int check_ntsec(const char *filename); |
29 | void register_9x_service(void); | 29 | void register_9x_service(void); |
30 | 30 | ||