diff options
author | mouring <mouring> | 2001-07-18 16:19:48 +0000 |
---|---|---|
committer | mouring <mouring> | 2001-07-18 16:19:48 +0000 |
commit | c30db2e5ad483f38cc7861b12342ef68fb40a181 (patch) | |
tree | a3c832ab8d730481ad0606e57d05e53750ae64b1 /openbsd-compat | |
parent | aab3c1f0b8614d45e40c90bcb7f2139bede18ff4 (diff) | |
download | openssh-c30db2e5ad483f38cc7861b12342ef68fb40a181.tar.gz |
- (bal) Allow sshd to switch user context without password for Cygwin.
Patch by Corinna Vinschen <vinschen@redhat.com>
Diffstat (limited to 'openbsd-compat')
-rw-r--r-- | openbsd-compat/bsd-cygwin_util.c | 47 |
1 files changed, 35 insertions, 12 deletions
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index 36f13e3f..87f36c0c 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c @@ -15,16 +15,20 @@ #include "includes.h" -RCSID("$Id: bsd-cygwin_util.c,v 1.4 2001/04/13 14:28:42 djm Exp $"); +RCSID("$Id: bsd-cygwin_util.c,v 1.5 2001/07/18 16:19:49 mouring Exp $"); #ifdef HAVE_CYGWIN #include <fcntl.h> #include <stdlib.h> +#include <sys/utsname.h> #include <sys/vfs.h> #include <windows.h> #define is_winnt (GetVersion() < 0x80000000) +#define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec")) +#define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea")) + #if defined(open) && open == binary_open # undef open #endif @@ -61,12 +65,34 @@ int check_nt_auth(int pwd_authenticated, uid_t uid) * context on NT systems is the password authentication. So * we deny all requsts for changing the user context if another * authentication method is used. - * This may change in future when a special openssh - * subauthentication package is available. + * + * This doesn't apply to Cygwin versions >= 1.3.2 anymore which + * uses the undocumented NtCreateToken() call to create a user + * token if the process has the appropriate privileges and if + * CYGWIN ntsec setting is on. */ - if (is_winnt && !pwd_authenticated && geteuid() != uid) - return 0; - + static int has_create_token = -1; + + if (is_winnt) { + if (has_create_token < 0) { + struct utsname uts; + int major_high = 0, major_low = 0, minor = 0; + char *cygwin = getenv("CYGWIN"); + + has_create_token = 0; + if (ntsec_on(cygwin) && !uname(&uts)) { + sscanf(uts.release, "%d.%d.%d", + &major_high, &major_low, &minor); + if (major_high > 1 || + (major_high == 1 && (major_low > 3 || + (major_low == 3 && minor >= 2)))) + has_create_token = 1; + } + } + if (has_create_token < 1 && + !pwd_authenticated && geteuid() != uid) + return 0; + } return 1; } @@ -82,12 +108,9 @@ int check_ntsec(const char *filename) return 0; /* Evaluate current CYGWIN settings. */ - if ((cygwin = getenv("CYGWIN")) != NULL) { - if (strstr(cygwin, "ntea") && !strstr(cygwin, "nontea")) - allow_ntea = 1; - if (strstr(cygwin, "ntsec") && !strstr(cygwin, "nontsec")) - allow_ntsec = 1; - } + cygwin = getenv("CYGWIN"); + allow_ntea = ntea_on(cygwin); + allow_ntsec = ntsec_on(cygwin); /* * `ntea' is an emulation of POSIX attributes. It doesn't support |