summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CREDITS1
-rw-r--r--ChangeLog2
-rw-r--r--Makefile.in37
-rw-r--r--acconfig.h6
-rw-r--r--auth-passwd.c27
-rw-r--r--auth1.c25
-rw-r--r--authfile.c8
-rw-r--r--bsd-daemon.c7
-rw-r--r--bsd-mktemp.c5
-rw-r--r--channels.c2
-rw-r--r--configure.in14
-rw-r--r--cygwin_util.c35
-rw-r--r--defines.h4
-rw-r--r--includes.h12
-rw-r--r--loginrec.c4
-rw-r--r--pty.c16
-rw-r--r--readconf.c2
-rw-r--r--scp.c9
-rw-r--r--session.c49
-rw-r--r--ssh.c16
-rw-r--r--sshconnect.c4
-rw-r--r--sshd.c2
22 files changed, 259 insertions, 28 deletions
diff --git a/CREDITS b/CREDITS
index 148a38a49..b2ea280dc 100644
--- a/CREDITS
+++ b/CREDITS
@@ -21,6 +21,7 @@ Chris Saia <csaia@wtower.com> - SuSE packaging
21Chris, the Young One <cky@pobox.com> - Password auth fixes 21Chris, the Young One <cky@pobox.com> - Password auth fixes
22Christos Zoulas <christos@zoulas.com> - Autoconf fixes 22Christos Zoulas <christos@zoulas.com> - Autoconf fixes
23Chun-Chung Chen <cjj@u.washington.edu> - RPM fixes 23Chun-Chung Chen <cjj@u.washington.edu> - RPM fixes
24Corinna Vinschen <vinschen@cygnus.com> - Cygwin support
24Dan Brosemer <odin@linuxfreak.com> - Autoconf support, build fixes 25Dan Brosemer <odin@linuxfreak.com> - Autoconf support, build fixes
25Darren Hall <dhall@virage.org> - AIX patches 26Darren Hall <dhall@virage.org> - AIX patches
26David Agraz <dagraz@jahoopa.com> - Build fixes 27David Agraz <dagraz@jahoopa.com> - Build fixes
diff --git a/ChangeLog b/ChangeLog
index 9aa9423c8..6b112b6c7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -38,6 +38,8 @@
38 [session.c] 38 [session.c]
39 set SSH_ORIGINAL_COMMAND; from Leakin@dfw.nostrum.com, bet@rahul.net 39 set SSH_ORIGINAL_COMMAND; from Leakin@dfw.nostrum.com, bet@rahul.net
40 - (djm) Cleanup after import. Fix sftp-server compilation, Makefile 40 - (djm) Cleanup after import. Fix sftp-server compilation, Makefile
41 - (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>
42
4120000903 4320000903
42 - (djm) Fix Redhat init script 44 - (djm) Fix Redhat init script
43 45
diff --git a/Makefile.in b/Makefile.in
index 7eb84ce63..f8a0ee291 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -29,12 +29,13 @@ INSTALL=@INSTALL@
29PERL=@PERL@ 29PERL=@PERL@
30ENT=@ENT@ 30ENT=@ENT@
31LDFLAGS=-L. @LDFLAGS@ 31LDFLAGS=-L. @LDFLAGS@
32EXEEXT=@EXEEXT@
32 33
33INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ 34INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
34 35
35TARGETS=ssh sshd ssh-add ssh-keygen ssh-agent scp sftp-server $(EXTRA_TARGETS) 36TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) $(EXTRA_TARGETS)
36 37
37LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dispatch.o dsa.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o entropy.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o util.o uuencode.o xmalloc.o 38LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o dsa.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o entropy.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o util.o uuencode.o xmalloc.o
38 39
39LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strsep.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o 40LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strsep.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o
40 41
@@ -68,25 +69,25 @@ libssh.a: $(LIBSSH_OBJS)
68 $(AR) rv $@ $(LIBSSH_OBJS) 69 $(AR) rv $@ $(LIBSSH_OBJS)
69 $(RANLIB) $@ 70 $(RANLIB) $@
70 71
71ssh: libopenbsd-compat.a libssh.a $(SSHOBJS) 72ssh$(EXEEXT): libopenbsd-compat.a libssh.a $(SSHOBJS)
72 $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 73 $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
73 74
74sshd: libssh.a libopenbsd-compat.a $(SSHDOBJS) 75sshd$(EXEEXT): libssh.a libopenbsd-compat.a $(SSHDOBJS)
75 $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 76 $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
76 77
77scp: libopenbsd-compat.a libssh.a scp.o 78scp$(EXEEXT): libopenbsd-compat.a libssh.a scp.o
78 $(LD) -o $@ scp.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 79 $(LD) -o $@ scp.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
79 80
80ssh-add: libopenbsd-compat.a libssh.a ssh-add.o log-client.o 81ssh-add$(EXEEXT): libopenbsd-compat.a libssh.a ssh-add.o log-client.o
81 $(LD) -o $@ ssh-add.o log-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 82 $(LD) -o $@ ssh-add.o log-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
82 83
83ssh-agent: libopenbsd-compat.a libssh.a ssh-agent.o log-client.o 84ssh-agent$(EXEEXT): libopenbsd-compat.a libssh.a ssh-agent.o log-client.o
84 $(LD) -o $@ ssh-agent.o log-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 85 $(LD) -o $@ ssh-agent.o log-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
85 86
86ssh-keygen: libopenbsd-compat.a libssh.a ssh-keygen.o log-client.o 87ssh-keygen$(EXEEXT): libopenbsd-compat.a libssh.a ssh-keygen.o log-client.o
87 $(LD) -o $@ ssh-keygen.o log-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 88 $(LD) -o $@ ssh-keygen.o log-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
88 89
89sftp-server: libopenbsd-compat.a libssh.a sftp-server.o log-server.o 90sftp-server$(EXEEXT): libopenbsd-compat.a libssh.a sftp-server.o log-server.o
90 $(LD) -o $@ sftp-server.o log-server.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 91 $(LD) -o $@ sftp-server.o log-server.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
91 92
92# test driver for the loginrec code - not built by default 93# test driver for the loginrec code - not built by default
@@ -142,7 +143,7 @@ install-files:
142 $(INSTALL) -m 644 sshd.[08].out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 143 $(INSTALL) -m 644 sshd.[08].out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
143 $(INSTALL) -m 644 sftp-server.[08].out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 144 $(INSTALL) -m 644 sftp-server.[08].out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
144 -rm -f $(DESTDIR)$(bindir)/slogin 145 -rm -f $(DESTDIR)$(bindir)/slogin
145 ln -s ssh $(DESTDIR)$(bindir)/slogin 146 ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
146 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 147 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
147 ln -s ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 148 ln -s ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
148 if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config -a ! -f $(DESTDIR)$(sysconfdir)/sshd_config ]; then \ 149 if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config -a ! -f $(DESTDIR)$(sysconfdir)/sshd_config ]; then \
@@ -155,7 +156,7 @@ install-files:
155 $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \ 156 $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \
156 fi 157 fi
157 158
158host-key: ssh-keygen 159host-key: ssh-keygen$(EXEEXT)
159 if [ -z "$(DESTDIR)" ] ; then \ 160 if [ -z "$(DESTDIR)" ] ; then \
160 if [ -f "$(DESTDIR)$(sysconfdir)/ssh_host_key" ] ; then \ 161 if [ -f "$(DESTDIR)$(sysconfdir)/ssh_host_key" ] ; then \
161 echo "$(DESTDIR)$(sysconfdir)/ssh_host_key already exists, skipping." ; \ 162 echo "$(DESTDIR)$(sysconfdir)/ssh_host_key already exists, skipping." ; \
@@ -169,7 +170,7 @@ host-key: ssh-keygen
169 fi ; \ 170 fi ; \
170 fi ; 171 fi ;
171 172
172host-key-force: ssh-keygen 173host-key-force: ssh-keygen$(EXEEXT)
173 ./ssh-keygen -b 1024 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N "" 174 ./ssh-keygen -b 1024 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N ""
174 ./ssh-keygen -d -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N "" 175 ./ssh-keygen -d -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N ""
175 176
@@ -186,12 +187,12 @@ uninstallall: uninstall
186 -rmdir $(DESTDIR)$(libexecdir) 187 -rmdir $(DESTDIR)$(libexecdir)
187 188
188uninstall: 189uninstall:
189 -rm -f $(DESTDIR)$(bindir)/ssh 190 -rm -f $(DESTDIR)$(bindir)/ssh$(EXEEXT)
190 -rm -f $(DESTDIR)$(bindir)/scp 191 -rm -f $(DESTDIR)$(bindir)/scp$(EXEEXT)
191 -rm -f $(DESTDIR)$(bindir)/ssh-add 192 -rm -f $(DESTDIR)$(bindir)/ssh-add$(EXEEXT)
192 -rm -f $(DESTDIR)$(bindir)/ssh-agent 193 -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT)
193 -rm -f $(DESTDIR)$(bindir)/ssh-keygen 194 -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
194 -rm -f $(DESTDIR)$(sbindir)/sshd 195 -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
195 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 196 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
196 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 197 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
197 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 198 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
diff --git a/acconfig.h b/acconfig.h
index c16ec2bf6..d855d887a 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -43,6 +43,9 @@
43/* Define if your snprintf is busted */ 43/* Define if your snprintf is busted */
44#undef BROKEN_SNPRINTF 44#undef BROKEN_SNPRINTF
45 45
46/* Define if you are on Cygwin */
47#undef HAVE_CYGWIN
48
46/* Define if you are on NeXT */ 49/* Define if you are on NeXT */
47#undef HAVE_NEXT 50#undef HAVE_NEXT
48 51
@@ -243,6 +246,9 @@
243/* getaddrinfo is broken (if present) */ 246/* getaddrinfo is broken (if present) */
244#undef BROKEN_GETADDRINFO 247#undef BROKEN_GETADDRINFO
245 248
249/* vhangup is broken (if present) */
250#undef BROKEN_VHANGUP
251
246/* Workaround more Linux IPv6 quirks */ 252/* Workaround more Linux IPv6 quirks */
247#undef DONT_TRY_OTHER_AF 253#undef DONT_TRY_OTHER_AF
248 254
diff --git a/auth-passwd.c b/auth-passwd.c
index 93756e9e6..850e25834 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -37,6 +37,13 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.16 2000/06/20 01:39:38 markus Exp $");
37# include "md5crypt.h" 37# include "md5crypt.h"
38#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */ 38#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
39 39
40#ifdef HAVE_CYGWIN
41#undef ERROR
42#include <windows.h>
43#include <sys/cygwin.h>
44#define is_winnt (GetVersion() < 0x80000000)
45#endif
46
40/* 47/*
41 * Tries to authenticate the user using password. Returns true if 48 * Tries to authenticate the user using password. Returns true if
42 * authentication succeeds. 49 * authentication succeeds.
@@ -63,11 +70,31 @@ auth_password(struct passwd * pw, const char *password)
63 /* deny if no user. */ 70 /* deny if no user. */
64 if (pw == NULL) 71 if (pw == NULL)
65 return 0; 72 return 0;
73#ifndef HAVE_CYGWIN
66 if (pw->pw_uid == 0 && options.permit_root_login == 2) 74 if (pw->pw_uid == 0 && options.permit_root_login == 2)
67 return 0; 75 return 0;
76#endif
77#ifdef HAVE_CYGWIN
78 /*
79 * Empty password is only possible on NT if the user has _really_
80 * an empty password and authentication is done, though.
81 */
82 if (!is_winnt)
83#endif
68 if (*password == '\0' && options.permit_empty_passwd == 0) 84 if (*password == '\0' && options.permit_empty_passwd == 0)
69 return 0; 85 return 0;
70 86
87#ifdef HAVE_CYGWIN
88 if (is_winnt) {
89 HANDLE hToken = cygwin_logon_user(pw, password);
90
91 if (hToken == INVALID_HANDLE_VALUE)
92 return 0;
93 cygwin_set_impersonation_token(hToken);
94 return 1;
95 }
96#endif
97
71#ifdef SKEY 98#ifdef SKEY
72 if (options.skey_authentication == 1) { 99 if (options.skey_authentication == 1) {
73 int ret = auth_skey_password(pw, password); 100 int ret = auth_skey_password(pw, password);
diff --git a/auth1.c b/auth1.c
index b043e8a95..3720a7d28 100644
--- a/auth1.c
+++ b/auth1.c
@@ -23,6 +23,11 @@ RCSID("$OpenBSD: auth1.c,v 1.3 2000/08/20 18:42:40 millert Exp $");
23# include <siad.h> 23# include <siad.h>
24#endif 24#endif
25 25
26#ifdef HAVE_CYGWIN
27#include <windows.h>
28#define is_winnt (GetVersion() < 0x80000000)
29#endif
30
26/* import */ 31/* import */
27extern ServerOptions options; 32extern ServerOptions options;
28extern char *forced_command; 33extern char *forced_command;
@@ -371,6 +376,23 @@ do_authloop(struct passwd * pw)
371 break; 376 break;
372 } 377 }
373 378
379#ifdef HAVE_CYGWIN
380 /*
381 * The only authentication which is able to change the user
382 * context on NT systems is the password authentication. So
383 * we deny all requsts for changing the user context if another
384 * authentication method is used.
385 * This may change in future when a special openssh
386 * subauthentication package is available.
387 */
388 if (is_winnt && type != SSH_CMSG_AUTH_PASSWORD &&
389 authenticated && geteuid() != pw->pw_uid) {
390 packet_disconnect("Authentication rejected for uid %d.",
391 (int) pw->pw_uid);
392 authenticated = 0;
393 }
394#endif
395
374 /* 396 /*
375 * Check if the user is logging in as root and root logins 397 * Check if the user is logging in as root and root logins
376 * are disallowed. 398 * are disallowed.
@@ -491,12 +513,15 @@ do_authentication()
491 start_pam(pw); 513 start_pam(pw);
492#endif 514#endif
493 515
516#ifndef HAVE_CYGWIN
494 /* 517 /*
495 * If we are not running as root, the user must have the same uid as 518 * If we are not running as root, the user must have the same uid as
496 * the server. 519 * the server.
520 * Rule not valid on Windows systems.
497 */ 521 */
498 if (getuid() != 0 && pw->pw_uid != getuid()) 522 if (getuid() != 0 && pw->pw_uid != getuid())
499 packet_disconnect("Cannot change user when server not running as root."); 523 packet_disconnect("Cannot change user when server not running as root.");
524#endif
500 525
501 debug("Attempting authentication for %.100s.", pw->pw_name); 526 debug("Attempting authentication for %.100s.", pw->pw_name);
502 527
diff --git a/authfile.c b/authfile.c
index 71c4a5d84..4368cb941 100644
--- a/authfile.c
+++ b/authfile.c
@@ -457,7 +457,12 @@ load_private_key(const char *filename, const char *passphrase, Key *key,
457 if (fd < 0) 457 if (fd < 0)
458 return 0; 458 return 0;
459 459
460 /* check owner and modes */ 460#ifndef HAVE_CYGWIN
461 /*
462 * check owner and modes.
463 * This won't work on Windows under all circumstances so we drop
464 * that check for now.
465 */
461 if (fstat(fd, &st) < 0 || 466 if (fstat(fd, &st) < 0 ||
462 (st.st_uid != 0 && st.st_uid != getuid()) || 467 (st.st_uid != 0 && st.st_uid != getuid()) ||
463 (st.st_mode & 077) != 0) { 468 (st.st_mode & 077) != 0) {
@@ -470,6 +475,7 @@ load_private_key(const char *filename, const char *passphrase, Key *key,
470 error("It is recommended that your private key files are NOT accessible by others."); 475 error("It is recommended that your private key files are NOT accessible by others.");
471 return 0; 476 return 0;
472 } 477 }
478#endif
473 switch (key->type) { 479 switch (key->type) {
474 case KEY_RSA: 480 case KEY_RSA:
475 if (key->rsa->e != NULL) { 481 if (key->rsa->e != NULL) {
diff --git a/bsd-daemon.c b/bsd-daemon.c
index de829958c..f704a9048 100644
--- a/bsd-daemon.c
+++ b/bsd-daemon.c
@@ -51,6 +51,13 @@ daemon(nochdir, noclose)
51 case 0: 51 case 0:
52 break; 52 break;
53 default: 53 default:
54#ifdef HAVE_CYGWIN
55 /*
56 * This sleep avoids a race condition which kills the
57 * child process if parent is started by a NT/W2K service.
58 */
59 sleep(1);
60#endif
54 _exit(0); 61 _exit(0);
55 } 62 }
56 63
diff --git a/bsd-mktemp.c b/bsd-mktemp.c
index e8ffd0219..9ed1bc80f 100644
--- a/bsd-mktemp.c
+++ b/bsd-mktemp.c
@@ -42,6 +42,11 @@
42static char rcsid[] = "$OpenBSD: mktemp.c,v 1.13 1998/06/30 23:03:13 deraadt Exp $"; 42static char rcsid[] = "$OpenBSD: mktemp.c,v 1.13 1998/06/30 23:03:13 deraadt Exp $";
43#endif /* LIBC_SCCS and not lint */ 43#endif /* LIBC_SCCS and not lint */
44 44
45#ifdef HAVE_CYGWIN
46#define open binary_open
47extern int binary_open();
48#endif
49
45static int _gettemp(char *, int *, int, int); 50static int _gettemp(char *, int *, int, int);
46 51
47int 52int
diff --git a/channels.c b/channels.c
index c77f6b96a..4ac48a77a 100644
--- a/channels.c
+++ b/channels.c
@@ -1567,6 +1567,7 @@ channel_input_port_forward_request(int is_root, int gateway_ports)
1567 hostname = packet_get_string(NULL); 1567 hostname = packet_get_string(NULL);
1568 host_port = packet_get_int(); 1568 host_port = packet_get_int();
1569 1569
1570#ifndef HAVE_CYGWIN
1570 /* 1571 /*
1571 * Check that an unprivileged user is not trying to forward a 1572 * Check that an unprivileged user is not trying to forward a
1572 * privileged port. 1573 * privileged port.
@@ -1574,6 +1575,7 @@ channel_input_port_forward_request(int is_root, int gateway_ports)
1574 if (port < IPPORT_RESERVED && !is_root) 1575 if (port < IPPORT_RESERVED && !is_root)
1575 packet_disconnect("Requested forwarding of port %d but user is not root.", 1576 packet_disconnect("Requested forwarding of port %d but user is not root.",
1576 port); 1577 port);
1578#endif
1577 /* 1579 /*
1578 * Initiate forwarding, 1580 * Initiate forwarding,
1579 */ 1581 */
diff --git a/configure.in b/configure.in
index b1dd1d067..9fb78f1ff 100644
--- a/configure.in
+++ b/configure.in
@@ -54,6 +54,18 @@ case "$host" in
54 MANTYPE='$(CATMAN)' 54 MANTYPE='$(CATMAN)'
55 mansubdir=cat 55 mansubdir=cat
56 ;; 56 ;;
57*-*-cygwin*)
58 LIBS="$LIBS /usr/lib/textmode.o"
59 AC_DEFINE(HAVE_CYGWIN)
60 AC_DEFINE(DISABLE_PAM)
61 AC_DEFINE(DISABLE_SHADOW)
62 AC_DEFINE(IPV4_DEFAULT)
63 AC_DEFINE(IP_TOS_IS_BROKEN)
64 AC_DEFINE(BROKEN_VHANGUP)
65 no_pam=1
66 no_libsocket=1
67 no_libnsl=1
68 ;;
57*-*-hpux10*) 69*-*-hpux10*)
58 if test -z "$GCC"; then 70 if test -z "$GCC"; then
59 CFLAGS="$CFLAGS -Ae" 71 CFLAGS="$CFLAGS -Ae"
@@ -1400,6 +1412,8 @@ if test ! -z "$blibpath" ; then
1400 AC_MSG_WARN([Please check and edit -blibpath in LDFLAGS in Makefile]) 1412 AC_MSG_WARN([Please check and edit -blibpath in LDFLAGS in Makefile])
1401fi 1413fi
1402 1414
1415AC_EXEEXT
1416
1403AC_OUTPUT(Makefile ssh_prng_cmds) 1417AC_OUTPUT(Makefile ssh_prng_cmds)
1404 1418
1405# Print summary of options 1419# Print summary of options
diff --git a/cygwin_util.c b/cygwin_util.c
new file mode 100644
index 000000000..13bd66347
--- /dev/null
+++ b/cygwin_util.c
@@ -0,0 +1,35 @@
1/*
2 *
3 * cygwin_util.c
4 *
5 * Author: Corinna Vinschen <vinschen@cygnus.com>
6 *
7 * Copyright (c) 2000 Corinna Vinschen <vinschen@cygnus.com>, Duisburg, Germany
8 * All rights reserved
9 *
10 * Created: Sat Sep 02 12:17:00 2000 cv
11 *
12 * This file contains functions for forcing opened file descriptors to
13 * binary mode on Windows systems.
14 */
15
16#include "config.h"
17
18#ifdef HAVE_CYGWIN
19#include <fcntl.h>
20#include <io.h>
21
22int binary_open(const char *filename, int flags, mode_t mode)
23{
24 return open(filename, flags | O_BINARY, mode);
25}
26
27int binary_pipe(int fd[2])
28{
29 int ret = pipe(fd);
30 if (!ret) {
31 setmode (fd[0], O_BINARY);
32 setmode (fd[1], O_BINARY);
33 }
34}
35#endif
diff --git a/defines.h b/defines.h
index 6bbb5166b..69b8baf27 100644
--- a/defines.h
+++ b/defines.h
@@ -322,6 +322,10 @@ typedef int mode_t;
322# define atexit(a) on_exit(a) 322# define atexit(a) on_exit(a)
323#endif /* !defined(HAVE_ATEXIT) && defined(HAVE_ON_EXIT) */ 323#endif /* !defined(HAVE_ATEXIT) && defined(HAVE_ON_EXIT) */
324 324
325#if defined(HAVE_VHANGUP) && !defined(BROKEN_VHANGUP)
326# define USE_VHANGUP
327#endif /* defined(HAVE_VHANGUP) && !defined(BROKEN_VHANGUP) */
328
325/** 329/**
326 ** login recorder definitions 330 ** login recorder definitions
327 **/ 331 **/
diff --git a/includes.h b/includes.h
index 5102c97ad..27569e18f 100644
--- a/includes.h
+++ b/includes.h
@@ -29,7 +29,9 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
29#include <sys/wait.h> 29#include <sys/wait.h>
30#include <sys/resource.h> 30#include <sys/resource.h>
31 31
32#ifndef HAVE_CYGWIN
32#include <netinet/tcp.h> 33#include <netinet/tcp.h>
34#endif
33#include <arpa/inet.h> 35#include <arpa/inet.h>
34#include <netdb.h> 36#include <netdb.h>
35 37
@@ -46,6 +48,9 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
46#include <grp.h> 48#include <grp.h>
47#include <time.h> 49#include <time.h>
48#include <dirent.h> 50#include <dirent.h>
51#ifdef HAVE_CYGWIN
52#include <getopt.h>
53#endif
49 54
50#ifdef HAVE_BSTRING_H 55#ifdef HAVE_BSTRING_H
51# include <bstring.h> 56# include <bstring.h>
@@ -110,4 +115,11 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
110 */ 115 */
111/* #define USE_PIPES 1 */ 116/* #define USE_PIPES 1 */
112 117
118#ifdef HAVE_CYGWIN
119#define open binary_open
120#define pipe binary_pipe
121extern int binary_open();
122extern int binary_pipe();
123#endif
124
113#endif /* INCLUDES_H */ 125#endif /* INCLUDES_H */
diff --git a/loginrec.c b/loginrec.c
index 61bceb180..0e1f344b9 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -161,7 +161,7 @@
161#include "xmalloc.h" 161#include "xmalloc.h"
162#include "loginrec.h" 162#include "loginrec.h"
163 163
164RCSID("$Id: loginrec.c,v 1.22 2000/08/29 03:30:37 djm Exp $"); 164RCSID("$Id: loginrec.c,v 1.23 2000/09/05 05:13:07 djm Exp $");
165 165
166/** 166/**
167 ** prototypes for helper functions in this file 167 ** prototypes for helper functions in this file
@@ -401,10 +401,12 @@ login_set_addr(struct logininfo *li, const struct sockaddr *sa,
401int 401int
402login_write (struct logininfo *li) 402login_write (struct logininfo *li)
403{ 403{
404#ifndef HAVE_CYGWIN
404 if ((int)geteuid() != 0) { 405 if ((int)geteuid() != 0) {
405 log("Attempt to write login records by non-root user (aborting)"); 406 log("Attempt to write login records by non-root user (aborting)");
406 return 1; 407 return 1;
407 } 408 }
409#endif
408 410
409 /* set the timestamp */ 411 /* set the timestamp */
410 login_set_current_time(li); 412 login_set_current_time(li);
diff --git a/pty.c b/pty.c
index f5bb86124..d610a4543 100644
--- a/pty.c
+++ b/pty.c
@@ -118,6 +118,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
118 close(*ptyfd); 118 close(*ptyfd);
119 return 0; 119 return 0;
120 } 120 }
121#ifndef HAVE_CYGWIN
121 /* Push the appropriate streams modules, as described in Solaris pts(7). */ 122 /* Push the appropriate streams modules, as described in Solaris pts(7). */
122 if (ioctl(*ttyfd, I_PUSH, "ptem") < 0) 123 if (ioctl(*ttyfd, I_PUSH, "ptem") < 0)
123 error("ioctl I_PUSH ptem: %.100s", strerror(errno)); 124 error("ioctl I_PUSH ptem: %.100s", strerror(errno));
@@ -127,6 +128,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
127 if (ioctl(*ttyfd, I_PUSH, "ttcompat") < 0) 128 if (ioctl(*ttyfd, I_PUSH, "ttcompat") < 0)
128 error("ioctl I_PUSH ttcompat: %.100s", strerror(errno)); 129 error("ioctl I_PUSH ttcompat: %.100s", strerror(errno));
129#endif 130#endif
131#endif
130 return 1; 132 return 1;
131#else /* HAVE_DEV_PTMX */ 133#else /* HAVE_DEV_PTMX */
132#ifdef HAVE_DEV_PTS_AND_PTC 134#ifdef HAVE_DEV_PTS_AND_PTC
@@ -208,9 +210,9 @@ void
208pty_make_controlling_tty(int *ttyfd, const char *ttyname) 210pty_make_controlling_tty(int *ttyfd, const char *ttyname)
209{ 211{
210 int fd; 212 int fd;
211#ifdef HAVE_VHANGUP 213#ifdef USE_VHANGUP
212 void *old; 214 void *old;
213#endif /* HAVE_VHANGUP */ 215#endif /* USE_VHANGUP */
214 216
215 /* First disconnect from the old controlling tty. */ 217 /* First disconnect from the old controlling tty. */
216#ifdef TIOCNOTTY 218#ifdef TIOCNOTTY
@@ -242,21 +244,21 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname)
242 */ 244 */
243 ioctl(*ttyfd, TIOCSCTTY, NULL); 245 ioctl(*ttyfd, TIOCSCTTY, NULL);
244#endif /* TIOCSCTTY */ 246#endif /* TIOCSCTTY */
245#ifdef HAVE_VHANGUP 247#ifdef USE_VHANGUP
246 old = signal(SIGHUP, SIG_IGN); 248 old = signal(SIGHUP, SIG_IGN);
247 vhangup(); 249 vhangup();
248 signal(SIGHUP, old); 250 signal(SIGHUP, old);
249#endif /* HAVE_VHANGUP */ 251#endif /* USE_VHANGUP */
250 fd = open(ttyname, O_RDWR); 252 fd = open(ttyname, O_RDWR);
251 if (fd < 0) { 253 if (fd < 0) {
252 error("%.100s: %.100s", ttyname, strerror(errno)); 254 error("%.100s: %.100s", ttyname, strerror(errno));
253 } else { 255 } else {
254#ifdef HAVE_VHANGUP 256#ifdef USE_VHANGUP
255 close(*ttyfd); 257 close(*ttyfd);
256 *ttyfd = fd; 258 *ttyfd = fd;
257#else /* HAVE_VHANGUP */ 259#else /* USE_VHANGUP */
258 close(fd); 260 close(fd);
259#endif /* HAVE_VHANGUP */ 261#endif /* USE_VHANGUP */
260 } 262 }
261 /* Verify that we now have a controlling tty. */ 263 /* Verify that we now have a controlling tty. */
262 fd = open("/dev/tty", O_WRONLY); 264 fd = open("/dev/tty", O_WRONLY);
diff --git a/readconf.c b/readconf.c
index f31b1c4e6..c9e0f5944 100644
--- a/readconf.c
+++ b/readconf.c
@@ -174,9 +174,11 @@ add_local_forward(Options *options, u_short port, const char *host,
174 u_short host_port) 174 u_short host_port)
175{ 175{
176 Forward *fwd; 176 Forward *fwd;
177#ifndef HAVE_CYGWIN
177 extern uid_t original_real_uid; 178 extern uid_t original_real_uid;
178 if (port < IPPORT_RESERVED && original_real_uid != 0) 179 if (port < IPPORT_RESERVED && original_real_uid != 0)
179 fatal("Privileged ports can only be forwarded by root.\n"); 180 fatal("Privileged ports can only be forwarded by root.\n");
181#endif
180 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) 182 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
181 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); 183 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
182 fwd = &options->local_forwards[options->num_local_forwards++]; 184 fwd = &options->local_forwards[options->num_local_forwards++];
diff --git a/scp.c b/scp.c
index 33bd0a5ff..23ecc41ca 100644
--- a/scp.c
+++ b/scp.c
@@ -1117,8 +1117,17 @@ foregroundproc()
1117 if (pgrp == -1) 1117 if (pgrp == -1)
1118 pgrp = getpgrp(); 1118 pgrp = getpgrp();
1119 1119
1120#ifdef HAVE_CYGWIN
1121 /*
1122 * Cygwin only supports tcgetpgrp() for getting the controlling tty
1123 * currently.
1124 */
1125 return ((ctty_pgrp = tcgetpgrp(STDOUT_FILENO)) != -1 &&
1126 ctty_pgrp == pgrp);
1127#else
1120 return ((ioctl(STDOUT_FILENO, TIOCGPGRP, &ctty_pgrp) != -1 && 1128 return ((ioctl(STDOUT_FILENO, TIOCGPGRP, &ctty_pgrp) != -1 &&
1121 ctty_pgrp == pgrp)); 1129 ctty_pgrp == pgrp));
1130#endif
1122} 1131}
1123 1132
1124void 1133void
diff --git a/session.c b/session.c
index d5faf4cf3..a537efdd4 100644
--- a/session.c
+++ b/session.c
@@ -41,6 +41,12 @@ RCSID("$OpenBSD: session.c,v 1.35 2000/09/04 19:07:21 markus Exp $");
41# include <siad.h> 41# include <siad.h>
42#endif 42#endif
43 43
44#ifdef HAVE_CYGWIN
45#include <windows.h>
46#include <sys/cygwin.h>
47#define is_winnt (GetVersion() < 0x80000000)
48#endif
49
44/* AIX limits */ 50/* AIX limits */
45#if defined(HAVE_GETUSERATTR) && !defined(S_UFSIZE_HARD) && defined(S_UFSIZE) 51#if defined(HAVE_GETUSERATTR) && !defined(S_UFSIZE_HARD) && defined(S_UFSIZE)
46# define S_UFSIZE_HARD S_UFSIZE "_hard" 52# define S_UFSIZE_HARD S_UFSIZE "_hard"
@@ -503,6 +509,10 @@ do_exec_no_pty(Session *s, const char *command, struct passwd * pw)
503 do_child(command, pw, NULL, s->display, s->auth_proto, s->auth_data, NULL); 509 do_child(command, pw, NULL, s->display, s->auth_proto, s->auth_data, NULL);
504 /* NOTREACHED */ 510 /* NOTREACHED */
505 } 511 }
512#ifdef HAVE_CYGWIN
513 if (is_winnt)
514 cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
515#endif
506 if (pid < 0) 516 if (pid < 0)
507 packet_disconnect("fork failed: %.100s", strerror(errno)); 517 packet_disconnect("fork failed: %.100s", strerror(errno));
508 s->pid = pid; 518 s->pid = pid;
@@ -594,6 +604,10 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw)
594 s->auth_data, s->tty); 604 s->auth_data, s->tty);
595 /* NOTREACHED */ 605 /* NOTREACHED */
596 } 606 }
607#ifdef HAVE_CYGWIN
608 if (is_winnt)
609 cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
610#endif
597 if (pid < 0) 611 if (pid < 0)
598 packet_disconnect("fork failed: %.100s", strerror(errno)); 612 packet_disconnect("fork failed: %.100s", strerror(errno));
599 s->pid = pid; 613 s->pid = pid;
@@ -973,7 +987,11 @@ do_child(const char *command, struct passwd * pw, const char *term,
973 exit(1); 987 exit(1);
974 } 988 }
975#else /* HAVE_OSF_SIA */ 989#else /* HAVE_OSF_SIA */
990#ifdef HAVE_CYGWIN
991 if (is_winnt) {
992#else
976 if (getuid() == 0 || geteuid() == 0) { 993 if (getuid() == 0 || geteuid() == 0) {
994#endif
977# ifdef HAVE_GETUSERATTR 995# ifdef HAVE_GETUSERATTR
978 set_limits_from_userattr(pw->pw_name); 996 set_limits_from_userattr(pw->pw_name);
979# endif /* HAVE_GETUSERATTR */ 997# endif /* HAVE_GETUSERATTR */
@@ -1018,6 +1036,9 @@ do_child(const char *command, struct passwd * pw, const char *term,
1018 } 1036 }
1019#endif /* HAVE_OSF_SIA */ 1037#endif /* HAVE_OSF_SIA */
1020 1038
1039#ifdef HAVE_CYGWIN
1040 if (is_winnt)
1041#endif
1021 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) 1042 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
1022 fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); 1043 fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
1023 } 1044 }
@@ -1047,6 +1068,22 @@ do_child(const char *command, struct passwd * pw, const char *term,
1047 env = xmalloc(envsize * sizeof(char *)); 1068 env = xmalloc(envsize * sizeof(char *));
1048 env[0] = NULL; 1069 env[0] = NULL;
1049 1070
1071#ifdef HAVE_CYGWIN
1072 /*
1073 * The Windows environment contains some setting which are
1074 * important for a running system. They must not be dropped.
1075 */
1076 {
1077 char **ep;
1078 for (ep = environ; *ep; ++ep) {
1079 char *esp = strchr(*ep, '=');
1080 *esp = '\0';
1081 child_set_env(&env, &envsize, *ep, esp + 1);
1082 *esp = '=';
1083 }
1084 }
1085#endif
1086
1050 if (!options.use_login) { 1087 if (!options.use_login) {
1051 /* Set basic environment. */ 1088 /* Set basic environment. */
1052 child_set_env(&env, &envsize, "USER", pw->pw_name); 1089 child_set_env(&env, &envsize, "USER", pw->pw_name);
@@ -1056,8 +1093,16 @@ do_child(const char *command, struct passwd * pw, const char *term,
1056 (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH); 1093 (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH);
1057 child_set_env(&env, &envsize, "PATH", getenv("PATH")); 1094 child_set_env(&env, &envsize, "PATH", getenv("PATH"));
1058#else 1095#else
1096#ifndef HAVE_CYGWIN
1097 /*
1098 * There's no standard path on Windows. The path contains
1099 * important components pointing to the system directories,
1100 * needed for loading shared libraries. So the path better
1101 * remains intact here.
1102 */
1059 child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); 1103 child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
1060#endif 1104#endif
1105#endif
1061 1106
1062 snprintf(buf, sizeof buf, "%.200s/%.50s", 1107 snprintf(buf, sizeof buf, "%.200s/%.50s",
1063 _PATH_MAILDIR, pw->pw_name); 1108 _PATH_MAILDIR, pw->pw_name);
@@ -1234,11 +1279,13 @@ do_child(const char *command, struct passwd * pw, const char *term,
1234 "Running %.100s add %.100s %.100s %.100s\n", 1279 "Running %.100s add %.100s %.100s %.100s\n",
1235 options.xauth_location, display, 1280 options.xauth_location, display,
1236 auth_proto, auth_data); 1281 auth_proto, auth_data);
1282#ifndef HAVE_CYGWIN
1237 if (screen != NULL) 1283 if (screen != NULL)
1238 fprintf(stderr, 1284 fprintf(stderr,
1239 "Adding %.*s/unix%s %s %s\n", 1285 "Adding %.*s/unix%s %s %s\n",
1240 (int)(screen-display), display, 1286 (int)(screen-display), display,
1241 screen, auth_proto, auth_data); 1287 screen, auth_proto, auth_data);
1288#endif
1242 } 1289 }
1243 snprintf(cmd, sizeof cmd, "%s -q -", 1290 snprintf(cmd, sizeof cmd, "%s -q -",
1244 options.xauth_location); 1291 options.xauth_location);
@@ -1246,10 +1293,12 @@ do_child(const char *command, struct passwd * pw, const char *term,
1246 if (f) { 1293 if (f) {
1247 fprintf(f, "add %s %s %s\n", display, 1294 fprintf(f, "add %s %s %s\n", display,
1248 auth_proto, auth_data); 1295 auth_proto, auth_data);
1296#ifndef HAVE_CYGWIN
1249 if (screen != NULL) 1297 if (screen != NULL)
1250 fprintf(f, "add %.*s/unix%s %s %s\n", 1298 fprintf(f, "add %.*s/unix%s %s %s\n",
1251 (int)(screen-display), display, 1299 (int)(screen-display), display,
1252 screen, auth_proto, auth_data); 1300 screen, auth_proto, auth_data);
1301#endif
1253 pclose(f); 1302 pclose(f);
1254 } else { 1303 } else {
1255 fprintf(stderr, "Could not run %s\n", 1304 fprintf(stderr, "Could not run %s\n",
diff --git a/ssh.c b/ssh.c
index 71d8f96fe..c117ad5ed 100644
--- a/ssh.c
+++ b/ssh.c
@@ -215,6 +215,7 @@ main(int ac, char **av)
215 original_real_uid = getuid(); 215 original_real_uid = getuid();
216 original_effective_uid = geteuid(); 216 original_effective_uid = geteuid();
217 217
218#ifndef HAVE_CYGWIN
218 /* If we are installed setuid root be careful to not drop core. */ 219 /* If we are installed setuid root be careful to not drop core. */
219 if (original_real_uid != original_effective_uid) { 220 if (original_real_uid != original_effective_uid) {
220 struct rlimit rlim; 221 struct rlimit rlim;
@@ -222,6 +223,7 @@ main(int ac, char **av)
222 if (setrlimit(RLIMIT_CORE, &rlim) < 0) 223 if (setrlimit(RLIMIT_CORE, &rlim) < 0)
223 fatal("setrlimit failed: %.100s", strerror(errno)); 224 fatal("setrlimit failed: %.100s", strerror(errno));
224 } 225 }
226#endif
225 /* 227 /*
226 * Use uid-swapping to give up root privileges for the duration of 228 * Use uid-swapping to give up root privileges for the duration of
227 * option processing. We will re-instantiate the rights when we are 229 * option processing. We will re-instantiate the rights when we are
@@ -253,8 +255,17 @@ main(int ac, char **av)
253 cp = strrchr(av0, '/') + 1; 255 cp = strrchr(av0, '/') + 1;
254 else 256 else
255 cp = av0; 257 cp = av0;
258#ifdef HAVE_CYGWIN
259 if (strcasecmp(cp, "rsh") && strcasecmp(cp, "ssh") &&
260 strcasecmp(cp, "rlogin") && strcasecmp(cp, "slogin") &&
261 strcasecmp(cp, "remsh") &&
262 strcasecmp(cp, "rsh.exe") && strcasecmp(cp, "ssh.exe") &&
263 strcasecmp(cp, "rlogin.exe") && strcasecmp(cp, "slogin.exe") &&
264 strcasecmp(cp, "remsh.exe"))
265#else
256 if (strcmp(cp, "rsh") && strcmp(cp, "ssh") && strcmp(cp, "rlogin") && 266 if (strcmp(cp, "rsh") && strcmp(cp, "ssh") && strcmp(cp, "rlogin") &&
257 strcmp(cp, "slogin") && strcmp(cp, "remsh")) 267 strcmp(cp, "slogin") && strcmp(cp, "remsh"))
268#endif
258 host = cp; 269 host = cp;
259 270
260 for (optind = 1; optind < ac; optind++) { 271 for (optind = 1; optind < ac; optind++) {
@@ -551,7 +562,12 @@ main(int ac, char **av)
551 } 562 }
552 } 563 }
553 /* Disable rhosts authentication if not running as root. */ 564 /* Disable rhosts authentication if not running as root. */
565#ifdef HAVE_CYGWIN
566 /* Ignore uid if running under Windows */
567 if (!options.use_privileged_port) {
568#else
554 if (original_effective_uid != 0 || !options.use_privileged_port) { 569 if (original_effective_uid != 0 || !options.use_privileged_port) {
570#endif
555 options.rhosts_authentication = 0; 571 options.rhosts_authentication = 0;
556 options.rhosts_rsa_authentication = 0; 572 options.rhosts_rsa_authentication = 0;
557 } 573 }
diff --git a/sshconnect.c b/sshconnect.c
index 21eff6c6b..7c47ebe94 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -243,7 +243,11 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
243 243
244 /* Create a socket for connecting. */ 244 /* Create a socket for connecting. */
245 sock = ssh_create_socket(original_real_uid, 245 sock = ssh_create_socket(original_real_uid,
246#ifdef HAVE_CYGWIN
247 !anonymous && port < IPPORT_RESERVED,
248#else
246 !anonymous && geteuid() == 0 && port < IPPORT_RESERVED, 249 !anonymous && geteuid() == 0 && port < IPPORT_RESERVED,
250#endif
247 ai->ai_family); 251 ai->ai_family);
248 if (sock < 0) 252 if (sock < 0)
249 continue; 253 continue;
diff --git a/sshd.c b/sshd.c
index e3903c783..f01df902a 100644
--- a/sshd.c
+++ b/sshd.c
@@ -765,7 +765,7 @@ main(int ac, char **av)
765 * fail if there already is a daemon, and this will 765 * fail if there already is a daemon, and this will
766 * overwrite any old pid in the file. 766 * overwrite any old pid in the file.
767 */ 767 */
768 f = fopen(options.pid_file, "w"); 768 f = fopen(options.pid_file, "wb");
769 if (f) { 769 if (f) {
770 fprintf(f, "%u\n", (unsigned int) getpid()); 770 fprintf(f, "%u\n", (unsigned int) getpid());
771 fclose(f); 771 fclose(f);