diff options
-rw-r--r-- | ChangeLog | 1 | ||||
-rw-r--r-- | auth1.c | 17 | ||||
-rw-r--r-- | auth2.c | 13 | ||||
-rw-r--r-- | authfile.c | 11 | ||||
-rw-r--r-- | cygwin_util.c | 66 |
5 files changed, 84 insertions, 24 deletions
@@ -1,4 +1,5 @@ | |||
1 | 20000916 | 1 | 20000916 |
2 | - (djm) Update CygWin support from Corinna Vinschen <vinschen@cygnus.com> | ||
2 | - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage. | 3 | - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage. |
3 | Patch from Larry Jones <larry.jones@sdrc.com> | 4 | Patch from Larry Jones <larry.jones@sdrc.com> |
4 | - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM | 5 | - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM |
@@ -29,11 +29,6 @@ RCSID("$OpenBSD: auth1.c,v 1.4 2000/09/07 20:27:49 deraadt Exp $"); | |||
29 | # include <siad.h> | 29 | # include <siad.h> |
30 | #endif | 30 | #endif |
31 | 31 | ||
32 | #ifdef HAVE_CYGWIN | ||
33 | #include <windows.h> | ||
34 | #define is_winnt (GetVersion() < 0x80000000) | ||
35 | #endif | ||
36 | |||
37 | /* import */ | 32 | /* import */ |
38 | extern ServerOptions options; | 33 | extern ServerOptions options; |
39 | extern char *forced_command; | 34 | extern char *forced_command; |
@@ -383,16 +378,8 @@ do_authloop(struct passwd * pw) | |||
383 | } | 378 | } |
384 | 379 | ||
385 | #ifdef HAVE_CYGWIN | 380 | #ifdef HAVE_CYGWIN |
386 | /* | 381 | if (authenticated && |
387 | * The only authentication which is able to change the user | 382 | !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) { |
388 | * context on NT systems is the password authentication. So | ||
389 | * we deny all requsts for changing the user context if another | ||
390 | * authentication method is used. | ||
391 | * This may change in future when a special openssh | ||
392 | * subauthentication package is available. | ||
393 | */ | ||
394 | if (is_winnt && type != SSH_CMSG_AUTH_PASSWORD && | ||
395 | authenticated && geteuid() != pw->pw_uid) { | ||
396 | packet_disconnect("Authentication rejected for uid %d.", | 383 | packet_disconnect("Authentication rejected for uid %d.", |
397 | (int) pw->pw_uid); | 384 | (int) pw->pw_uid); |
398 | authenticated = 0; | 385 | authenticated = 0; |
@@ -182,6 +182,15 @@ input_userauth_request(int type, int plen) | |||
182 | authenticated = ssh2_auth_pubkey(pw, service); | 182 | authenticated = ssh2_auth_pubkey(pw, service); |
183 | } | 183 | } |
184 | } | 184 | } |
185 | |||
186 | #ifdef HAVE_CYGWIN | ||
187 | if (authenticated && !check_nt_auth(strcmp(method, "password") == 0, pw->pw_uid)) { | ||
188 | packet_disconnect("Authentication rejected for uid %d.", | ||
189 | (int) pw->pw_uid); | ||
190 | authenticated = 0; | ||
191 | } | ||
192 | #endif | ||
193 | |||
185 | if (authenticated && pw && pw->pw_uid == 0 && !options.permit_root_login) { | 194 | if (authenticated && pw && pw->pw_uid == 0 && !options.permit_root_login) { |
186 | authenticated = 0; | 195 | authenticated = 0; |
187 | log("ROOT LOGIN REFUSED FROM %.200s", | 196 | log("ROOT LOGIN REFUSED FROM %.200s", |
@@ -189,8 +198,8 @@ input_userauth_request(int type, int plen) | |||
189 | } | 198 | } |
190 | 199 | ||
191 | #ifdef USE_PAM | 200 | #ifdef USE_PAM |
192 | if (authenticated && !do_pam_account(pw->pw_name, NULL)) | 201 | if (authenticated && !do_pam_account(pw->pw_name, NULL)) |
193 | authenticated = 0; | 202 | authenticated = 0; |
194 | #endif /* USE_PAM */ | 203 | #endif /* USE_PAM */ |
195 | 204 | ||
196 | /* Raise logging level */ | 205 | /* Raise logging level */ |
diff --git a/authfile.c b/authfile.c index 0a5bae96f..66bdc0ef1 100644 --- a/authfile.c +++ b/authfile.c | |||
@@ -479,12 +479,10 @@ load_private_key(const char *filename, const char *passphrase, Key *key, | |||
479 | if (fd < 0) | 479 | if (fd < 0) |
480 | return 0; | 480 | return 0; |
481 | 481 | ||
482 | #ifndef HAVE_CYGWIN | 482 | /* check owner and modes. */ |
483 | /* | 483 | #ifdef HAVE_CYGWIN |
484 | * check owner and modes. | 484 | if (check_ntsec(filename)) |
485 | * This won't work on Windows under all circumstances so we drop | 485 | #endif |
486 | * that check for now. | ||
487 | */ | ||
488 | if (fstat(fd, &st) < 0 || | 486 | if (fstat(fd, &st) < 0 || |
489 | (st.st_uid != 0 && st.st_uid != getuid()) || | 487 | (st.st_uid != 0 && st.st_uid != getuid()) || |
490 | (st.st_mode & 077) != 0) { | 488 | (st.st_mode & 077) != 0) { |
@@ -497,7 +495,6 @@ load_private_key(const char *filename, const char *passphrase, Key *key, | |||
497 | error("It is recommended that your private key files are NOT accessible by others."); | 495 | error("It is recommended that your private key files are NOT accessible by others."); |
498 | return 0; | 496 | return 0; |
499 | } | 497 | } |
500 | #endif | ||
501 | switch (key->type) { | 498 | switch (key->type) { |
502 | case KEY_RSA: | 499 | case KEY_RSA: |
503 | if (key->rsa->e != NULL) { | 500 | if (key->rsa->e != NULL) { |
diff --git a/cygwin_util.c b/cygwin_util.c index 13bd66347..88748c4fb 100644 --- a/cygwin_util.c +++ b/cygwin_util.c | |||
@@ -18,6 +18,10 @@ | |||
18 | #ifdef HAVE_CYGWIN | 18 | #ifdef HAVE_CYGWIN |
19 | #include <fcntl.h> | 19 | #include <fcntl.h> |
20 | #include <io.h> | 20 | #include <io.h> |
21 | #include <stdlib.h> | ||
22 | #include <sys/vfs.h> | ||
23 | #include <windows.h> | ||
24 | #define is_winnt (GetVersion() < 0x80000000) | ||
21 | 25 | ||
22 | int binary_open(const char *filename, int flags, mode_t mode) | 26 | int binary_open(const char *filename, int flags, mode_t mode) |
23 | { | 27 | { |
@@ -31,5 +35,67 @@ int binary_pipe(int fd[2]) | |||
31 | setmode (fd[0], O_BINARY); | 35 | setmode (fd[0], O_BINARY); |
32 | setmode (fd[1], O_BINARY); | 36 | setmode (fd[1], O_BINARY); |
33 | } | 37 | } |
38 | return ret; | ||
39 | } | ||
40 | |||
41 | int check_nt_auth (int pwd_authenticated, uid_t uid) | ||
42 | { | ||
43 | /* | ||
44 | * The only authentication which is able to change the user | ||
45 | * context on NT systems is the password authentication. So | ||
46 | * we deny all requsts for changing the user context if another | ||
47 | * authentication method is used. | ||
48 | * This may change in future when a special openssh | ||
49 | * subauthentication package is available. | ||
50 | */ | ||
51 | if (is_winnt && !pwd_authenticated && geteuid() != uid) | ||
52 | return 0; | ||
53 | return 1; | ||
54 | } | ||
55 | |||
56 | int check_ntsec (const char *filename) | ||
57 | { | ||
58 | char *cygwin; | ||
59 | int allow_ntea = 0; | ||
60 | int allow_ntsec = 0; | ||
61 | struct statfs fsstat; | ||
62 | |||
63 | /* Windows 95/98/ME don't support file system security at all. */ | ||
64 | if (!is_winnt) | ||
65 | return 0; | ||
66 | |||
67 | /* Evaluate current CYGWIN settings. */ | ||
68 | if ((cygwin = getenv("CYGWIN")) != NULL) { | ||
69 | if (strstr(cygwin, "ntea") && !strstr(cygwin, "nontea")) | ||
70 | allow_ntea = 1; | ||
71 | if (strstr(cygwin, "ntsec") && !strstr(cygwin, "nontsec")) | ||
72 | allow_ntsec = 1; | ||
73 | } | ||
74 | |||
75 | /* | ||
76 | * `ntea' is an emulation of POSIX attributes. It doesn't support | ||
77 | * real file level security as ntsec on NTFS file systems does | ||
78 | * but it supports FAT filesystems. `ntea' is minimum requirement | ||
79 | * for security checks. | ||
80 | */ | ||
81 | if (allow_ntea) | ||
82 | return 1; | ||
83 | |||
84 | /* | ||
85 | * Retrieve file system flags. In Cygwin, file system flags are | ||
86 | * copied to f_type which has no meaning in Win32 itself. | ||
87 | */ | ||
88 | if (statfs(filename, &fsstat)) | ||
89 | return 1; | ||
90 | |||
91 | /* | ||
92 | * Only file systems supporting ACLs are able to set permissions. | ||
93 | * `ntsec' is the setting in Cygwin which switches using of NTFS | ||
94 | * ACLs to support POSIX permissions on files. | ||
95 | */ | ||
96 | if (fsstat.f_type & FS_PERSISTENT_ACLS) | ||
97 | return allow_ntsec; | ||
98 | |||
99 | return 0; | ||
34 | } | 100 | } |
35 | #endif | 101 | #endif |