From b70b61f5fecf37d95e031414849745030fa8a420 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 16 Sep 2000 16:25:12 +1100 Subject: [PATCH] - (djm) Update CygWin support from Corinna Vinschen --- ChangeLog | 1 + auth1.c | 17 ++----------- auth2.c | 13 ++++++++-- authfile.c | 11 ++++----- cygwin_util.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 84 insertions(+), 24 deletions(-) diff --git a/ChangeLog b/ChangeLog index 507469abc..b298318e4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,5 @@ 20000916 + - (djm) Update CygWin support from Corinna Vinschen - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage. Patch from Larry Jones - (djm) Add Steve VanDevender's PAM diff --git a/auth1.c b/auth1.c index 43faa67f3..99639b59f 100644 --- a/auth1.c +++ b/auth1.c @@ -29,11 +29,6 @@ RCSID("$OpenBSD: auth1.c,v 1.4 2000/09/07 20:27:49 deraadt Exp $"); # include #endif -#ifdef HAVE_CYGWIN -#include -#define is_winnt (GetVersion() < 0x80000000) -#endif - /* import */ extern ServerOptions options; extern char *forced_command; @@ -383,16 +378,8 @@ do_authloop(struct passwd * pw) } #ifdef HAVE_CYGWIN - /* - * The only authentication which is able to change the user - * context on NT systems is the password authentication. So - * we deny all requsts for changing the user context if another - * authentication method is used. - * This may change in future when a special openssh - * subauthentication package is available. - */ - if (is_winnt && type != SSH_CMSG_AUTH_PASSWORD && - authenticated && geteuid() != pw->pw_uid) { + if (authenticated && + !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) { packet_disconnect("Authentication rejected for uid %d.", (int) pw->pw_uid); authenticated = 0; diff --git a/auth2.c b/auth2.c index 804afd8d6..8b0a4bc6a 100644 --- a/auth2.c +++ b/auth2.c @@ -182,6 +182,15 @@ input_userauth_request(int type, int plen) authenticated = ssh2_auth_pubkey(pw, service); } } + +#ifdef HAVE_CYGWIN + if (authenticated && !check_nt_auth(strcmp(method, "password") == 0, pw->pw_uid)) { + packet_disconnect("Authentication rejected for uid %d.", + (int) pw->pw_uid); + authenticated = 0; + } +#endif + if (authenticated && pw && pw->pw_uid == 0 && !options.permit_root_login) { authenticated = 0; log("ROOT LOGIN REFUSED FROM %.200s", @@ -189,8 +198,8 @@ input_userauth_request(int type, int plen) } #ifdef USE_PAM - if (authenticated && !do_pam_account(pw->pw_name, NULL)) - authenticated = 0; + if (authenticated && !do_pam_account(pw->pw_name, NULL)) + authenticated = 0; #endif /* USE_PAM */ /* Raise logging level */ diff --git a/authfile.c b/authfile.c index 0a5bae96f..66bdc0ef1 100644 --- a/authfile.c +++ b/authfile.c @@ -479,12 +479,10 @@ load_private_key(const char *filename, const char *passphrase, Key *key, if (fd < 0) return 0; -#ifndef HAVE_CYGWIN - /* - * check owner and modes. - * This won't work on Windows under all circumstances so we drop - * that check for now. - */ + /* check owner and modes. */ +#ifdef HAVE_CYGWIN + if (check_ntsec(filename)) +#endif if (fstat(fd, &st) < 0 || (st.st_uid != 0 && st.st_uid != getuid()) || (st.st_mode & 077) != 0) { @@ -497,7 +495,6 @@ load_private_key(const char *filename, const char *passphrase, Key *key, error("It is recommended that your private key files are NOT accessible by others."); return 0; } -#endif switch (key->type) { case KEY_RSA: if (key->rsa->e != NULL) { diff --git a/cygwin_util.c b/cygwin_util.c index 13bd66347..88748c4fb 100644 --- a/cygwin_util.c +++ b/cygwin_util.c @@ -18,6 +18,10 @@ #ifdef HAVE_CYGWIN #include #include +#include +#include +#include +#define is_winnt (GetVersion() < 0x80000000) int binary_open(const char *filename, int flags, mode_t mode) { @@ -31,5 +35,67 @@ int binary_pipe(int fd[2]) setmode (fd[0], O_BINARY); setmode (fd[1], O_BINARY); } + return ret; +} + +int check_nt_auth (int pwd_authenticated, uid_t uid) +{ + /* + * The only authentication which is able to change the user + * context on NT systems is the password authentication. So + * we deny all requsts for changing the user context if another + * authentication method is used. + * This may change in future when a special openssh + * subauthentication package is available. + */ + if (is_winnt && !pwd_authenticated && geteuid() != uid) + return 0; + return 1; +} + +int check_ntsec (const char *filename) +{ + char *cygwin; + int allow_ntea = 0; + int allow_ntsec = 0; + struct statfs fsstat; + + /* Windows 95/98/ME don't support file system security at all. */ + if (!is_winnt) + return 0; + + /* Evaluate current CYGWIN settings. */ + if ((cygwin = getenv("CYGWIN")) != NULL) { + if (strstr(cygwin, "ntea") && !strstr(cygwin, "nontea")) + allow_ntea = 1; + if (strstr(cygwin, "ntsec") && !strstr(cygwin, "nontsec")) + allow_ntsec = 1; + } + + /* + * `ntea' is an emulation of POSIX attributes. It doesn't support + * real file level security as ntsec on NTFS file systems does + * but it supports FAT filesystems. `ntea' is minimum requirement + * for security checks. + */ + if (allow_ntea) + return 1; + + /* + * Retrieve file system flags. In Cygwin, file system flags are + * copied to f_type which has no meaning in Win32 itself. + */ + if (statfs(filename, &fsstat)) + return 1; + + /* + * Only file systems supporting ACLs are able to set permissions. + * `ntsec' is the setting in Cygwin which switches using of NTFS + * ACLs to support POSIX permissions on files. + */ + if (fsstat.f_type & FS_PERSISTENT_ACLS) + return allow_ntsec; + + return 0; } #endif