diff options
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | configure.ac | 22 | ||||
-rw-r--r-- | openbsd-compat/bsd-cygwin_util.c | 16 | ||||
-rw-r--r-- | openbsd-compat/bsd-cygwin_util.h | 6 |
4 files changed, 42 insertions, 6 deletions
@@ -3,6 +3,10 @@ | |||
3 | - (djm) [contrib/cygwin/ssh-host-config] Updated Cygwin ssh-host-config | 3 | - (djm) [contrib/cygwin/ssh-host-config] Updated Cygwin ssh-host-config |
4 | from Corinna Vinschen, fixing a number of bugs and preparing for | 4 | from Corinna Vinschen, fixing a number of bugs and preparing for |
5 | Cygwin 1.7.30. | 5 | Cygwin 1.7.30. |
6 | - (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c] | ||
7 | [openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege | ||
8 | separation user at runtime, since it may need to be a domain account. | ||
9 | Patch from Corinna Vinschen. | ||
6 | 10 | ||
7 | 20140522 | 11 | 20140522 |
8 | - (djm) [Makefile.in] typo in path | 12 | - (djm) [Makefile.in] typo in path |
diff --git a/configure.ac b/configure.ac index 7a89b57e6..66fbe821f 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.574 2014/05/21 07:06:47 djm Exp $ | 1 | # $Id: configure.ac,v 1.575 2014/05/27 04:34:43 djm Exp $ |
2 | # | 2 | # |
3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
4 | # | 4 | # |
@@ -15,7 +15,7 @@ | |||
15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | 16 | ||
17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) | 17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) |
18 | AC_REVISION($Revision: 1.574 $) | 18 | AC_REVISION($Revision: 1.575 $) |
19 | AC_CONFIG_SRCDIR([ssh.c]) | 19 | AC_CONFIG_SRCDIR([ssh.c]) |
20 | AC_LANG([C]) | 20 | AC_LANG([C]) |
21 | 21 | ||
@@ -2871,7 +2871,14 @@ if test "x$PAM_MSG" = "xyes" ; then | |||
2871 | ]) | 2871 | ]) |
2872 | fi | 2872 | fi |
2873 | 2873 | ||
2874 | SSH_PRIVSEP_USER=sshd | 2874 | case "$host" in |
2875 | *-*-cygwin*) | ||
2876 | SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER | ||
2877 | ;; | ||
2878 | *) | ||
2879 | SSH_PRIVSEP_USER=sshd | ||
2880 | ;; | ||
2881 | esac | ||
2875 | AC_ARG_WITH([privsep-user], | 2882 | AC_ARG_WITH([privsep-user], |
2876 | [ --with-privsep-user=user Specify non-privileged user for privilege separation], | 2883 | [ --with-privsep-user=user Specify non-privileged user for privilege separation], |
2877 | [ | 2884 | [ |
@@ -2881,8 +2888,13 @@ AC_ARG_WITH([privsep-user], | |||
2881 | fi | 2888 | fi |
2882 | ] | 2889 | ] |
2883 | ) | 2890 | ) |
2884 | AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], | 2891 | if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then |
2885 | [non-privileged user for privilege separation]) | 2892 | AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], |
2893 | [Cygwin function to fetch non-privileged user for privilege separation]) | ||
2894 | else | ||
2895 | AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], | ||
2896 | [non-privileged user for privilege separation]) | ||
2897 | fi | ||
2886 | AC_SUBST([SSH_PRIVSEP_USER]) | 2898 | AC_SUBST([SSH_PRIVSEP_USER]) |
2887 | 2899 | ||
2888 | if test "x$have_linux_no_new_privs" = "x1" ; then | 2900 | if test "x$have_linux_no_new_privs" = "x1" ; then |
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index 267e77a11..a2d82126d 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c | |||
@@ -57,6 +57,22 @@ check_ntsec(const char *filename) | |||
57 | return (pathconf(filename, _PC_POSIX_PERMISSIONS)); | 57 | return (pathconf(filename, _PC_POSIX_PERMISSIONS)); |
58 | } | 58 | } |
59 | 59 | ||
60 | const char * | ||
61 | cygwin_ssh_privsep_user() | ||
62 | { | ||
63 | static char cyg_privsep_user[DNLEN + UNLEN + 2]; | ||
64 | |||
65 | if (!cyg_privsep_user[0]) | ||
66 | { | ||
67 | #ifdef CW_CYGNAME_FROM_WINNAME | ||
68 | if (cygwin_internal (CW_CYGNAME_FROM_WINNAME, "sshd", cyg_privsep_user, | ||
69 | sizeof cyg_privsep_user) != 0) | ||
70 | #endif | ||
71 | strcpy (cyg_privsep_user, "sshd"); | ||
72 | } | ||
73 | return cyg_privsep_user; | ||
74 | } | ||
75 | |||
60 | #define NL(x) x, (sizeof (x) - 1) | 76 | #define NL(x) x, (sizeof (x) - 1) |
61 | #define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0])) | 77 | #define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0])) |
62 | 78 | ||
diff --git a/openbsd-compat/bsd-cygwin_util.h b/openbsd-compat/bsd-cygwin_util.h index 1177366f1..79cb2a197 100644 --- a/openbsd-compat/bsd-cygwin_util.h +++ b/openbsd-compat/bsd-cygwin_util.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: bsd-cygwin_util.h,v 1.17 2014/01/18 10:04:00 dtucker Exp $ */ | 1 | /* $Id: bsd-cygwin_util.h,v 1.18 2014/05/27 04:34:43 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001, 2011, 2013 Corinna Vinschen <vinschen@redhat.com> | 4 | * Copyright (c) 2000, 2001, 2011, 2013 Corinna Vinschen <vinschen@redhat.com> |
@@ -39,6 +39,8 @@ | |||
39 | /* Avoid including windows headers. */ | 39 | /* Avoid including windows headers. */ |
40 | typedef void *HANDLE; | 40 | typedef void *HANDLE; |
41 | #define INVALID_HANDLE_VALUE ((HANDLE) -1) | 41 | #define INVALID_HANDLE_VALUE ((HANDLE) -1) |
42 | #define DNLEN 16 | ||
43 | #define UNLEN 256 | ||
42 | 44 | ||
43 | /* Cygwin functions for which declarations are only available when including | 45 | /* Cygwin functions for which declarations are only available when including |
44 | windows headers, so we have to define them here explicitely. */ | 46 | windows headers, so we have to define them here explicitely. */ |
@@ -48,6 +50,8 @@ extern void cygwin_set_impersonation_token (const HANDLE); | |||
48 | #include <sys/cygwin.h> | 50 | #include <sys/cygwin.h> |
49 | #include <io.h> | 51 | #include <io.h> |
50 | 52 | ||
53 | #define CYGWIN_SSH_PRIVSEP_USER (cygwin_ssh_privsep_user()) | ||
54 | const char *cygwin_ssh_privsep_user(); | ||
51 | 55 | ||
52 | int binary_open(const char *, int , ...); | 56 | int binary_open(const char *, int , ...); |
53 | int check_ntsec(const char *); | 57 | int check_ntsec(const char *); |