5 files changed, 84 insertions, 24 deletions
diff --git a/ChangeLog b/ChangeLog
index 507469abc..b298318e4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,5 @@
 20000916
+ - (djm) Update CygWin support from Corinna Vinschen <vinschen@cygnus.com>
 - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage.
   Patch from Larry Jones <larry.jones@sdrc.com>
 - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM 
diff --git a/auth1.c b/auth1.c
index 43faa67f3..99639b59f 100644
--- a/auth1.c
+++ b/auth1.c
@@ -29,11 +29,6 @@ RCSID("$OpenBSD: auth1.c,v 1.4 2000/09/07 20:27:49 deraadt Exp $");
 # include <siad.h>
 #endif
-#ifdef HAVE_CYGWIN
-#include <windows.h>
-#define is_winnt       (GetVersion() < 0x80000000)
-#endif
 /* import */
 extern ServerOptions options;
 extern char *forced_command;
@@ -383,16 +378,8 @@ do_authloop(struct passwd * pw)
                }
 #ifdef HAVE_CYGWIN
-                /*
+                if (authenticated &&
-                 * The only authentication which is able to change the user
+                    !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) {
-                 * context on NT systems is the password authentication. So
-                 * we deny all requsts for changing the user context if another
-                 * authentication method is used.
-                 * This may change in future when a special openssh
-                 * subauthentication package is available.
-                 */
-                if (is_winnt && type != SSH_CMSG_AUTH_PASSWORD &&
-                    authenticated && geteuid() != pw->pw_uid) {
                        packet_disconnect("Authentication rejected for uid %d.",
                                          (int) pw->pw_uid);
                        authenticated = 0;
diff --git a/auth2.c b/auth2.c
index 804afd8d6..8b0a4bc6a 100644
--- a/auth2.c
+++ b/auth2.c
@@ -182,6 +182,15 @@ input_userauth_request(int type, int plen)
                        authenticated = ssh2_auth_pubkey(pw, service);
                }
        }
+#ifdef HAVE_CYGWIN
+        if (authenticated && !check_nt_auth(strcmp(method, "password") == 0, pw->pw_uid)) {
+                packet_disconnect("Authentication rejected for uid %d.",
+                                  (int) pw->pw_uid);
+                authenticated = 0;
+        }
+#endif
        if (authenticated && pw && pw->pw_uid == 0 && !options.permit_root_login) {
                authenticated = 0;
                log("ROOT LOGIN REFUSED FROM %.200s",
@@ -189,8 +198,8 @@ input_userauth_request(int type, int plen)
        }
 #ifdef USE_PAM
-                if (authenticated && !do_pam_account(pw->pw_name, NULL))
+        if (authenticated && !do_pam_account(pw->pw_name, NULL))
-                        authenticated = 0;
+                authenticated = 0;
 #endif /* USE_PAM */
        /* Raise logging level */
diff --git a/authfile.c b/authfile.c
index 0a5bae96f..66bdc0ef1 100644
--- a/authfile.c
+++ b/authfile.c
@@ -479,12 +479,10 @@ load_private_key(const char *filename, const char *passphrase, Key *key,
        if (fd < 0)
                return 0;
-#ifndef HAVE_CYGWIN
+        /* check owner and modes.  */
-        /*
+#ifdef HAVE_CYGWIN
-         * check owner and modes.
+        if (check_ntsec(filename))
-         * This won't work on Windows under all circumstances so we drop
+#endif
-         * that check for now.
-         */
        if (fstat(fd, &st) < 0 ||
            (st.st_uid != 0 && st.st_uid != getuid()) ||
            (st.st_mode & 077) != 0) {
@@ -497,7 +495,6 @@ load_private_key(const char *filename, const char *passphrase, Key *key,
                error("It is recommended that your private key files are NOT accessible by others.");
                return 0;
        }
-#endif
        switch (key->type) {
        case KEY_RSA:
                if (key->rsa->e != NULL) {
diff --git a/cygwin_util.c b/cygwin_util.c
index 13bd66347..88748c4fb 100644
--- a/cygwin_util.c
+++ b/cygwin_util.c
@@ -18,6 +18,10 @@
 #ifdef HAVE_CYGWIN
 #include <fcntl.h>
 #include <io.h>
+#include <stdlib.h>
+#include <sys/vfs.h>
+#include <windows.h>
+#define is_winnt       (GetVersion() < 0x80000000)
 int binary_open(const char *filename, int flags, mode_t mode)
 {
@@ -31,5 +35,67 @@ int binary_pipe(int fd[2])
               setmode (fd[0], O_BINARY);
               setmode (fd[1], O_BINARY);
       }
+       return ret;
+}
+int check_nt_auth (int pwd_authenticated, uid_t uid)
+{
+        /*
+         * The only authentication which is able to change the user
+         * context on NT systems is the password authentication. So
+         * we deny all requsts for changing the user context if another
+         * authentication method is used.
+         * This may change in future when a special openssh
+         * subauthentication package is available.
+         */
+        if (is_winnt && !pwd_authenticated && geteuid() != uid)
+                return 0;
+        return 1;
+}
+int check_ntsec (const char *filename)
+{
+        char *cygwin;
+        int allow_ntea = 0;
+        int allow_ntsec = 0;
+        struct statfs fsstat;
+        /* Windows 95/98/ME don't support file system security at all. */
+        if (!is_winnt)
+                return 0;
+        /* Evaluate current CYGWIN settings. */
+        if ((cygwin = getenv("CYGWIN")) != NULL) {
+                if (strstr(cygwin, "ntea") && !strstr(cygwin, "nontea"))
+                        allow_ntea = 1;
+                if (strstr(cygwin, "ntsec") && !strstr(cygwin, "nontsec"))
+                        allow_ntsec = 1;
+        }
+        /*
+         * `ntea' is an emulation of POSIX attributes. It doesn't support
+         * real file level security as ntsec on NTFS file systems does
+         * but it supports FAT filesystems. `ntea' is minimum requirement
+         * for security checks.
+         */
+        if (allow_ntea)
+                return 1;
+        /*
+         * Retrieve file system flags. In Cygwin, file system flags are
+         * copied to f_type which has no meaning in Win32 itself.
+         */
+        if (statfs(filename, &fsstat))
+                return 1;
+        /*
+         * Only file systems supporting ACLs are able to set permissions.
+         * `ntsec' is the setting in Cygwin which switches using of NTFS
+         * ACLs to support POSIX permissions on files.
+         */
+        if (fsstat.f_type & FS_PERSISTENT_ACLS)
+                return allow_ntsec;
+        return 0;
 }
 #endif

diff --git a/ChangeLog b/ChangeLog index 507469abc..b298318e4 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,4 +1,5 @@
1	20000916	1	20000916
		2	- (djm) Update CygWin support from Corinna Vinschen <vinschen@cygnus.com>
2	- (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage.	3	- (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage.
3	Patch from Larry Jones <larry.jones@sdrc.com>	4	Patch from Larry Jones <larry.jones@sdrc.com>
4	- (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM	5	- (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM


diff --git a/auth1.c b/auth1.c index 43faa67f3..99639b59f 100644 --- a/auth1.c +++ b/auth1.c
@@ -29,11 +29,6 @@ RCSID("$OpenBSD: auth1.c,v 1.4 2000/09/07 20:27:49 deraadt Exp $");
29	# include <siad.h>	29	# include <siad.h>
30	#endif	30	#endif
31		31
32	#ifdef HAVE_CYGWIN
33	#include <windows.h>
34	#define is_winnt (GetVersion() < 0x80000000)
35	#endif
36
37	/* import */	32	/* import */
38	extern ServerOptions options;	33	extern ServerOptions options;
39	extern char *forced_command;	34	extern char *forced_command;
@@ -383,16 +378,8 @@ do_authloop(struct passwd * pw)
383	}	378	}
384		379
385	#ifdef HAVE_CYGWIN	380	#ifdef HAVE_CYGWIN
386	/*	381	if (authenticated &&
387	* The only authentication which is able to change the user	382	!check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) {
388	* context on NT systems is the password authentication. So
389	* we deny all requsts for changing the user context if another
390	* authentication method is used.
391	* This may change in future when a special openssh
392	* subauthentication package is available.
393	*/
394	if (is_winnt && type != SSH_CMSG_AUTH_PASSWORD &&
395	authenticated && geteuid() != pw->pw_uid) {
396	packet_disconnect("Authentication rejected for uid %d.",	383	packet_disconnect("Authentication rejected for uid %d.",
397	(int) pw->pw_uid);	384	(int) pw->pw_uid);
398	authenticated = 0;	385	authenticated = 0;


diff --git a/auth2.c b/auth2.c index 804afd8d6..8b0a4bc6a 100644 --- a/auth2.c +++ b/auth2.c
@@ -182,6 +182,15 @@ input_userauth_request(int type, int plen)
182	authenticated = ssh2_auth_pubkey(pw, service);	182	authenticated = ssh2_auth_pubkey(pw, service);
183	}	183	}
184	}	184	}
		185
		186	#ifdef HAVE_CYGWIN
		187	if (authenticated && !check_nt_auth(strcmp(method, "password") == 0, pw->pw_uid)) {
		188	packet_disconnect("Authentication rejected for uid %d.",
		189	(int) pw->pw_uid);
		190	authenticated = 0;
		191	}
		192	#endif
		193
185	if (authenticated && pw && pw->pw_uid == 0 && !options.permit_root_login) {	194	if (authenticated && pw && pw->pw_uid == 0 && !options.permit_root_login) {
186	authenticated = 0;	195	authenticated = 0;
187	log("ROOT LOGIN REFUSED FROM %.200s",	196	log("ROOT LOGIN REFUSED FROM %.200s",
@@ -189,8 +198,8 @@ input_userauth_request(int type, int plen)
189	}	198	}
190		199
191	#ifdef USE_PAM	200	#ifdef USE_PAM
192	if (authenticated && !do_pam_account(pw->pw_name, NULL))	201	if (authenticated && !do_pam_account(pw->pw_name, NULL))
193	authenticated = 0;	202	authenticated = 0;
194	#endif /* USE_PAM */	203	#endif /* USE_PAM */
195		204
196	/* Raise logging level */	205	/* Raise logging level */


diff --git a/authfile.c b/authfile.c index 0a5bae96f..66bdc0ef1 100644 --- a/authfile.c +++ b/authfile.c
@@ -479,12 +479,10 @@ load_private_key(const char filename, const char passphrase, Key *key,
479	if (fd < 0)	479	if (fd < 0)
480	return 0;	480	return 0;
481		481
482	#ifndef HAVE_CYGWIN	482	/* check owner and modes. */
483	/*	483	#ifdef HAVE_CYGWIN
484	* check owner and modes.	484	if (check_ntsec(filename))
485	* This won't work on Windows under all circumstances so we drop	485	#endif
486	* that check for now.
487	*/
488	if (fstat(fd, &st) < 0 \|\|	486	if (fstat(fd, &st) < 0 \|\|
489	(st.st_uid != 0 && st.st_uid != getuid()) \|\|	487	(st.st_uid != 0 && st.st_uid != getuid()) \|\|
490	(st.st_mode & 077) != 0) {	488	(st.st_mode & 077) != 0) {
@@ -497,7 +495,6 @@ load_private_key(const char filename, const char passphrase, Key *key,
497	error("It is recommended that your private key files are NOT accessible by others.");	495	error("It is recommended that your private key files are NOT accessible by others.");
498	return 0;	496	return 0;
499	}	497	}
500	#endif
501	switch (key->type) {	498	switch (key->type) {
502	case KEY_RSA:	499	case KEY_RSA:
503	if (key->rsa->e != NULL) {	500	if (key->rsa->e != NULL) {


diff --git a/cygwin_util.c b/cygwin_util.c index 13bd66347..88748c4fb 100644 --- a/cygwin_util.c +++ b/cygwin_util.c
@@ -18,6 +18,10 @@
18	#ifdef HAVE_CYGWIN	18	#ifdef HAVE_CYGWIN
19	#include <fcntl.h>	19	#include <fcntl.h>
20	#include <io.h>	20	#include <io.h>
		21	#include <stdlib.h>
		22	#include <sys/vfs.h>
		23	#include <windows.h>
		24	#define is_winnt (GetVersion() < 0x80000000)
21		25
22	int binary_open(const char *filename, int flags, mode_t mode)	26	int binary_open(const char *filename, int flags, mode_t mode)
23	{	27	{
@@ -31,5 +35,67 @@ int binary_pipe(int fd[2])
31	setmode (fd[0], O_BINARY);	35	setmode (fd[0], O_BINARY);
32	setmode (fd[1], O_BINARY);	36	setmode (fd[1], O_BINARY);
33	}	37	}
		38	return ret;
		39	}
		40
		41	int check_nt_auth (int pwd_authenticated, uid_t uid)
		42	{
		43	/*
		44	* The only authentication which is able to change the user
		45	* context on NT systems is the password authentication. So
		46	* we deny all requsts for changing the user context if another
		47	* authentication method is used.
		48	* This may change in future when a special openssh
		49	* subauthentication package is available.
		50	*/
		51	if (is_winnt && !pwd_authenticated && geteuid() != uid)
		52	return 0;
		53	return 1;
		54	}
		55
		56	int check_ntsec (const char *filename)
		57	{
		58	char *cygwin;
		59	int allow_ntea = 0;
		60	int allow_ntsec = 0;
		61	struct statfs fsstat;
		62
		63	/* Windows 95/98/ME don't support file system security at all. */
		64	if (!is_winnt)
		65	return 0;
		66
		67	/* Evaluate current CYGWIN settings. */
		68	if ((cygwin = getenv("CYGWIN")) != NULL) {
		69	if (strstr(cygwin, "ntea") && !strstr(cygwin, "nontea"))
		70	allow_ntea = 1;
		71	if (strstr(cygwin, "ntsec") && !strstr(cygwin, "nontsec"))
		72	allow_ntsec = 1;
		73	}
		74
		75	/*
		76	* `ntea' is an emulation of POSIX attributes. It doesn't support
		77	* real file level security as ntsec on NTFS file systems does
		78	* but it supports FAT filesystems. `ntea' is minimum requirement
		79	* for security checks.
		80	*/
		81	if (allow_ntea)
		82	return 1;
		83
		84	/*
		85	* Retrieve file system flags. In Cygwin, file system flags are
		86	* copied to f_type which has no meaning in Win32 itself.
		87	*/
		88	if (statfs(filename, &fsstat))
		89	return 1;
		90
		91	/*
		92	* Only file systems supporting ACLs are able to set permissions.
		93	* `ntsec' is the setting in Cygwin which switches using of NTFS
		94	* ACLs to support POSIX permissions on files.
		95	*/
		96	if (fsstat.f_type & FS_PERSISTENT_ACLS)
		97	return allow_ntsec;
		98
		99	return 0;
34	}	100	}
35	#endif	101	#endif