diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | openbsd-compat/bsd-cygwin_util.c | 12 |
2 files changed, 14 insertions, 3 deletions
@@ -1,6 +1,9 @@ | |||
1 | 20040418 | 1 | 20040418 |
2 | - (dtucker) [auth-pam.c] Log username and source host for failed PAM | 2 | - (dtucker) [auth-pam.c] Log username and source host for failed PAM |
3 | authentication attempts. With & ok djm@ | 3 | authentication attempts. With & ok djm@ |
4 | - (djm) [openbsd-compat/bsd-cygwin_util.c] Recent versions of Cygwin allow | ||
5 | change of user context without a password, so relax auth method | ||
6 | restrictions; from vinschen AT redhat.com; ok dtucker@ | ||
4 | 7 | ||
5 | 20040416 | 8 | 20040416 |
6 | - (dtucker) [regress/sftp-cmds.sh] Skip quoting test on Cygwin, since | 9 | - (dtucker) [regress/sftp-cmds.sh] Skip quoting test on Cygwin, since |
@@ -979,4 +982,4 @@ | |||
979 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 982 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
980 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 983 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
981 | 984 | ||
982 | $Id: ChangeLog,v 1.3315 2004/04/18 01:00:26 dtucker Exp $ | 985 | $Id: ChangeLog,v 1.3316 2004/04/18 11:15:43 djm Exp $ |
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index a87cf3c97..92cdba6e0 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c | |||
@@ -29,7 +29,7 @@ | |||
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | 31 | ||
32 | RCSID("$Id: bsd-cygwin_util.c,v 1.11 2003/08/07 06:23:43 dtucker Exp $"); | 32 | RCSID("$Id: bsd-cygwin_util.c,v 1.12 2004/04/18 11:15:45 djm Exp $"); |
33 | 33 | ||
34 | #ifdef HAVE_CYGWIN | 34 | #ifdef HAVE_CYGWIN |
35 | 35 | ||
@@ -77,6 +77,7 @@ binary_pipe(int fd[2]) | |||
77 | 77 | ||
78 | #define HAS_CREATE_TOKEN 1 | 78 | #define HAS_CREATE_TOKEN 1 |
79 | #define HAS_NTSEC_BY_DEFAULT 2 | 79 | #define HAS_NTSEC_BY_DEFAULT 2 |
80 | #define HAS_CREATE_TOKEN_WO_NTSEC 3 | ||
80 | 81 | ||
81 | static int | 82 | static int |
82 | has_capability(int what) | 83 | has_capability(int what) |
@@ -84,6 +85,7 @@ has_capability(int what) | |||
84 | static int inited; | 85 | static int inited; |
85 | static int has_create_token; | 86 | static int has_create_token; |
86 | static int has_ntsec_by_default; | 87 | static int has_ntsec_by_default; |
88 | static int has_create_token_wo_ntsec; | ||
87 | 89 | ||
88 | /* | 90 | /* |
89 | * has_capability() basically calls uname() and checks if | 91 | * has_capability() basically calls uname() and checks if |
@@ -113,6 +115,9 @@ has_capability(int what) | |||
113 | has_create_token = 1; | 115 | has_create_token = 1; |
114 | if (api_major_version > 0 || api_minor_version >= 56) | 116 | if (api_major_version > 0 || api_minor_version >= 56) |
115 | has_ntsec_by_default = 1; | 117 | has_ntsec_by_default = 1; |
118 | if (major_high > 1 || | ||
119 | (major_high == 1 && major_low >= 5)) | ||
120 | has_create_token_wo_ntsec = 1; | ||
116 | inited = 1; | 121 | inited = 1; |
117 | } | 122 | } |
118 | } | 123 | } |
@@ -121,6 +126,8 @@ has_capability(int what) | |||
121 | return (has_create_token); | 126 | return (has_create_token); |
122 | case HAS_NTSEC_BY_DEFAULT: | 127 | case HAS_NTSEC_BY_DEFAULT: |
123 | return (has_ntsec_by_default); | 128 | return (has_ntsec_by_default); |
129 | case HAS_CREATE_TOKEN_WO_NTSEC: | ||
130 | return (has_create_token_wo_ntsec); | ||
124 | } | 131 | } |
125 | return (0); | 132 | return (0); |
126 | } | 133 | } |
@@ -151,7 +158,8 @@ check_nt_auth(int pwd_authenticated, struct passwd *pw) | |||
151 | if (has_capability(HAS_CREATE_TOKEN) && | 158 | if (has_capability(HAS_CREATE_TOKEN) && |
152 | (ntsec_on(cygwin) || | 159 | (ntsec_on(cygwin) || |
153 | (has_capability(HAS_NTSEC_BY_DEFAULT) && | 160 | (has_capability(HAS_NTSEC_BY_DEFAULT) && |
154 | !ntsec_off(cygwin)))) | 161 | !ntsec_off(cygwin)) || |
162 | has_capability(HAS_CREATE_TOKEN_WO_NTSEC))) | ||
155 | has_create_token = 1; | 163 | has_create_token = 1; |
156 | } | 164 | } |
157 | if (has_create_token < 1 && | 165 | if (has_create_token < 1 && |