From 6482d90a65459a88c18c925368525855832272b3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 27 May 2014 14:34:42 +1000 Subject: [PATCH] - (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege separation user at runtime, since it may need to be a domain account. Patch from Corinna Vinschen. --- ChangeLog | 4 ++++ configure.ac | 22 +++++++++++++++++----- openbsd-compat/bsd-cygwin_util.c | 16 ++++++++++++++++ openbsd-compat/bsd-cygwin_util.h | 6 +++++- 4 files changed, 42 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index a79c2204c..d5192e470 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,10 @@ - (djm) [contrib/cygwin/ssh-host-config] Updated Cygwin ssh-host-config from Corinna Vinschen, fixing a number of bugs and preparing for Cygwin 1.7.30. + - (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c] + [openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege + separation user at runtime, since it may need to be a domain account. + Patch from Corinna Vinschen. 20140522 - (djm) [Makefile.in] typo in path diff --git a/configure.ac b/configure.ac index 7a89b57e6..66fbe821f 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.574 2014/05/21 07:06:47 djm Exp $ +# $Id: configure.ac,v 1.575 2014/05/27 04:34:43 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.574 $) +AC_REVISION($Revision: 1.575 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -2871,7 +2871,14 @@ if test "x$PAM_MSG" = "xyes" ; then ]) fi -SSH_PRIVSEP_USER=sshd +case "$host" in +*-*-cygwin*) + SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER + ;; +*) + SSH_PRIVSEP_USER=sshd + ;; +esac AC_ARG_WITH([privsep-user], [ --with-privsep-user=user Specify non-privileged user for privilege separation], [ @@ -2881,8 +2888,13 @@ AC_ARG_WITH([privsep-user], fi ] ) -AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], - [non-privileged user for privilege separation]) +if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then + AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], + [Cygwin function to fetch non-privileged user for privilege separation]) +else + AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], + [non-privileged user for privilege separation]) +fi AC_SUBST([SSH_PRIVSEP_USER]) if test "x$have_linux_no_new_privs" = "x1" ; then diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index 267e77a11..a2d82126d 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c @@ -57,6 +57,22 @@ check_ntsec(const char *filename) return (pathconf(filename, _PC_POSIX_PERMISSIONS)); } +const char * +cygwin_ssh_privsep_user() +{ + static char cyg_privsep_user[DNLEN + UNLEN + 2]; + + if (!cyg_privsep_user[0]) + { +#ifdef CW_CYGNAME_FROM_WINNAME + if (cygwin_internal (CW_CYGNAME_FROM_WINNAME, "sshd", cyg_privsep_user, + sizeof cyg_privsep_user) != 0) +#endif + strcpy (cyg_privsep_user, "sshd"); + } + return cyg_privsep_user; +} + #define NL(x) x, (sizeof (x) - 1) #define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0])) diff --git a/openbsd-compat/bsd-cygwin_util.h b/openbsd-compat/bsd-cygwin_util.h index 1177366f1..79cb2a197 100644 --- a/openbsd-compat/bsd-cygwin_util.h +++ b/openbsd-compat/bsd-cygwin_util.h @@ -1,4 +1,4 @@ -/* $Id: bsd-cygwin_util.h,v 1.17 2014/01/18 10:04:00 dtucker Exp $ */ +/* $Id: bsd-cygwin_util.h,v 1.18 2014/05/27 04:34:43 djm Exp $ */ /* * Copyright (c) 2000, 2001, 2011, 2013 Corinna Vinschen @@ -39,6 +39,8 @@ /* Avoid including windows headers. */ typedef void *HANDLE; #define INVALID_HANDLE_VALUE ((HANDLE) -1) +#define DNLEN 16 +#define UNLEN 256 /* Cygwin functions for which declarations are only available when including windows headers, so we have to define them here explicitely. */ @@ -48,6 +50,8 @@ extern void cygwin_set_impersonation_token (const HANDLE); #include #include +#define CYGWIN_SSH_PRIVSEP_USER (cygwin_ssh_privsep_user()) +const char *cygwin_ssh_privsep_user(); int binary_open(const char *, int , ...); int check_ntsec(const char *);