mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-11-23 09:17:32 +08:00
- (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.c
auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h} openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old version of Cygwin. Patch from vinschen at redhat com.
This commit is contained in:
parent
3e7e15f1bd
commit
9d86e5d570
@ -1,3 +1,9 @@
|
||||
20090308
|
||||
- (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.c
|
||||
auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h}
|
||||
openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old
|
||||
version of Cygwin. Patch from vinschen at redhat com.
|
||||
|
||||
20090307
|
||||
- (dtucker) [contrib/aix/buildbff.sh] Only try to rename ssh_prng_cmds if it
|
||||
exists (it's not created if OpenSSL's PRNG is self-seeded, eg if the OS
|
||||
|
@ -102,7 +102,7 @@ auth_password(Authctxt *authctxt, const char *password)
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_CYGWIN
|
||||
if (is_winnt) {
|
||||
{
|
||||
HANDLE hToken = cygwin_logon_user(pw, password);
|
||||
|
||||
if (hToken == INVALID_HANDLE_VALUE)
|
||||
|
10
auth1.c
10
auth1.c
@ -318,15 +318,7 @@ do_authloop(Authctxt *authctxt)
|
||||
}
|
||||
#endif /* _UNICOS */
|
||||
|
||||
#ifdef HAVE_CYGWIN
|
||||
if (authenticated &&
|
||||
!check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,
|
||||
authctxt->pw)) {
|
||||
packet_disconnect("Authentication rejected for uid %d.",
|
||||
authctxt->pw == NULL ? -1 : authctxt->pw->pw_uid);
|
||||
authenticated = 0;
|
||||
}
|
||||
#else
|
||||
#ifndef HAVE_CYGWIN
|
||||
/* Special handling for root */
|
||||
if (authenticated && authctxt->pw->pw_uid == 0 &&
|
||||
!auth_root_allowed(meth->name)) {
|
||||
|
@ -58,10 +58,6 @@ userauth_kbdint(Authctxt *authctxt)
|
||||
|
||||
xfree(devs);
|
||||
xfree(lang);
|
||||
#ifdef HAVE_CYGWIN
|
||||
if (check_nt_auth(0, authctxt->pw) == 0)
|
||||
authenticated = 0;
|
||||
#endif
|
||||
return authenticated;
|
||||
}
|
||||
|
||||
|
@ -61,10 +61,6 @@ userauth_none(Authctxt *authctxt)
|
||||
{
|
||||
none_enabled = 0;
|
||||
packet_check_eom();
|
||||
#ifdef HAVE_CYGWIN
|
||||
if (check_nt_auth(1, authctxt->pw) == 0)
|
||||
return (0);
|
||||
#endif
|
||||
if (options.password_authentication)
|
||||
return (PRIVSEP(auth_password(authctxt, "")));
|
||||
return (0);
|
||||
|
@ -68,10 +68,6 @@ userauth_passwd(Authctxt *authctxt)
|
||||
logit("password change not supported");
|
||||
else if (PRIVSEP(auth_password(authctxt, password)) == 1)
|
||||
authenticated = 1;
|
||||
#ifdef HAVE_CYGWIN
|
||||
if (check_nt_auth(1, authctxt->pw) == 0)
|
||||
authenticated = 0;
|
||||
#endif
|
||||
memset(password, 0, len);
|
||||
xfree(password);
|
||||
return authenticated;
|
||||
|
@ -170,10 +170,6 @@ done:
|
||||
key_free(key);
|
||||
xfree(pkalg);
|
||||
xfree(pkblob);
|
||||
#ifdef HAVE_CYGWIN
|
||||
if (check_nt_auth(0, authctxt->pw) == 0)
|
||||
authenticated = 0;
|
||||
#endif
|
||||
return authenticated;
|
||||
}
|
||||
|
||||
|
@ -39,9 +39,6 @@
|
||||
#endif
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/utsname.h>
|
||||
#include <sys/vfs.h>
|
||||
|
||||
#include <fcntl.h>
|
||||
#include <stdlib.h>
|
||||
@ -49,11 +46,6 @@
|
||||
#include <windows.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#define is_winnt (GetVersion() < 0x80000000)
|
||||
|
||||
#define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
|
||||
#define ntsec_off(c) ((c) && strstr((c),"nontsec"))
|
||||
#define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea"))
|
||||
|
||||
int
|
||||
binary_open(const char *filename, int flags, ...)
|
||||
@ -79,128 +71,12 @@ binary_pipe(int fd[2])
|
||||
return (ret);
|
||||
}
|
||||
|
||||
#define HAS_CREATE_TOKEN 1
|
||||
#define HAS_NTSEC_BY_DEFAULT 2
|
||||
#define HAS_CREATE_TOKEN_WO_NTSEC 3
|
||||
|
||||
static int
|
||||
has_capability(int what)
|
||||
{
|
||||
static int inited;
|
||||
static int has_create_token;
|
||||
static int has_ntsec_by_default;
|
||||
static int has_create_token_wo_ntsec;
|
||||
|
||||
/*
|
||||
* has_capability() basically calls uname() and checks if
|
||||
* specific capabilities of Cygwin can be evaluated from that.
|
||||
* This simplifies the calling functions which only have to ask
|
||||
* for a capability using has_capability() instead of having
|
||||
* to figure that out by themselves.
|
||||
*/
|
||||
if (!inited) {
|
||||
struct utsname uts;
|
||||
|
||||
if (!uname(&uts)) {
|
||||
int major_high = 0, major_low = 0, minor = 0;
|
||||
int api_major_version = 0, api_minor_version = 0;
|
||||
char *c;
|
||||
|
||||
sscanf(uts.release, "%d.%d.%d", &major_high,
|
||||
&major_low, &minor);
|
||||
if ((c = strchr(uts.release, '(')) != NULL) {
|
||||
sscanf(c + 1, "%d.%d", &api_major_version,
|
||||
&api_minor_version);
|
||||
}
|
||||
if (major_high > 1 ||
|
||||
(major_high == 1 && (major_low > 3 ||
|
||||
(major_low == 3 && minor >= 2))))
|
||||
has_create_token = 1;
|
||||
if (api_major_version > 0 || api_minor_version >= 56)
|
||||
has_ntsec_by_default = 1;
|
||||
if (major_high > 1 ||
|
||||
(major_high == 1 && major_low >= 5))
|
||||
has_create_token_wo_ntsec = 1;
|
||||
inited = 1;
|
||||
}
|
||||
}
|
||||
switch (what) {
|
||||
case HAS_CREATE_TOKEN:
|
||||
return (has_create_token);
|
||||
case HAS_NTSEC_BY_DEFAULT:
|
||||
return (has_ntsec_by_default);
|
||||
case HAS_CREATE_TOKEN_WO_NTSEC:
|
||||
return (has_create_token_wo_ntsec);
|
||||
}
|
||||
return (0);
|
||||
}
|
||||
|
||||
int
|
||||
check_nt_auth(int pwd_authenticated, struct passwd *pw)
|
||||
{
|
||||
/*
|
||||
* The only authentication which is able to change the user
|
||||
* context on NT systems is the password authentication. So
|
||||
* we deny all requsts for changing the user context if another
|
||||
* authentication method is used.
|
||||
*
|
||||
* This doesn't apply to Cygwin versions >= 1.3.2 anymore which
|
||||
* uses the undocumented NtCreateToken() call to create a user
|
||||
* token if the process has the appropriate privileges and if
|
||||
* CYGWIN ntsec setting is on.
|
||||
*/
|
||||
static int has_create_token = -1;
|
||||
|
||||
if (pw == NULL)
|
||||
return 0;
|
||||
if (is_winnt) {
|
||||
if (has_create_token < 0) {
|
||||
char *cygwin = getenv("CYGWIN");
|
||||
|
||||
has_create_token = 0;
|
||||
if (has_capability(HAS_CREATE_TOKEN) &&
|
||||
(ntsec_on(cygwin) ||
|
||||
(has_capability(HAS_NTSEC_BY_DEFAULT) &&
|
||||
!ntsec_off(cygwin)) ||
|
||||
has_capability(HAS_CREATE_TOKEN_WO_NTSEC)))
|
||||
has_create_token = 1;
|
||||
}
|
||||
if (has_create_token < 1 &&
|
||||
!pwd_authenticated && geteuid() != pw->pw_uid)
|
||||
return (0);
|
||||
}
|
||||
return (1);
|
||||
}
|
||||
|
||||
int
|
||||
check_ntsec(const char *filename)
|
||||
{
|
||||
return (pathconf(filename, _PC_POSIX_PERMISSIONS));
|
||||
}
|
||||
|
||||
void
|
||||
register_9x_service(void)
|
||||
{
|
||||
HINSTANCE kerneldll;
|
||||
DWORD (*RegisterServiceProcess)(DWORD, DWORD);
|
||||
|
||||
/* The service register mechanism in 9x/Me is pretty different from
|
||||
* NT/2K/XP. In NT/2K/XP we're using a special service starter
|
||||
* application to register and control sshd as service. This method
|
||||
* doesn't play nicely with 9x/Me. For that reason we register here
|
||||
* as service when running under 9x/Me. This function is only called
|
||||
* by the child sshd when it's going to daemonize.
|
||||
*/
|
||||
if (is_winnt)
|
||||
return;
|
||||
if (!(kerneldll = LoadLibrary("KERNEL32.DLL")))
|
||||
return;
|
||||
if (!(RegisterServiceProcess = (DWORD (*)(DWORD, DWORD))
|
||||
GetProcAddress(kerneldll, "RegisterServiceProcess")))
|
||||
return;
|
||||
RegisterServiceProcess(0, 1);
|
||||
}
|
||||
|
||||
#define NL(x) x, (sizeof (x) - 1)
|
||||
#define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0]))
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $Id: bsd-cygwin_util.h,v 1.11 2004/08/30 10:42:08 dtucker Exp $ */
|
||||
/* $Id: bsd-cygwin_util.h,v 1.12 2009/03/08 00:40:28 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com>
|
||||
@ -35,7 +35,6 @@
|
||||
#ifdef HAVE_CYGWIN
|
||||
|
||||
#undef ERROR
|
||||
#define is_winnt (GetVersion() < 0x80000000)
|
||||
|
||||
#include <windows.h>
|
||||
#include <sys/cygwin.h>
|
||||
@ -43,9 +42,7 @@
|
||||
|
||||
int binary_open(const char *, int , ...);
|
||||
int binary_pipe(int fd[2]);
|
||||
int check_nt_auth(int, struct passwd *);
|
||||
int check_ntsec(const char *);
|
||||
void register_9x_service(void);
|
||||
char **fetch_windows_environment(void);
|
||||
void free_windows_environment(char **);
|
||||
|
||||
|
@ -57,18 +57,8 @@ daemon(int nochdir, int noclose)
|
||||
case -1:
|
||||
return (-1);
|
||||
case 0:
|
||||
#ifdef HAVE_CYGWIN
|
||||
register_9x_service();
|
||||
#endif
|
||||
break;
|
||||
default:
|
||||
#ifdef HAVE_CYGWIN
|
||||
/*
|
||||
* This sleep avoids a race condition which kills the
|
||||
* child process if parent is started by a NT/W2K service.
|
||||
*/
|
||||
sleep(1);
|
||||
#endif
|
||||
_exit(0);
|
||||
}
|
||||
|
||||
|
11
session.c
11
session.c
@ -571,8 +571,7 @@ do_exec_no_pty(Session *s, const char *command)
|
||||
signal(WJSIGNAL, cray_job_termination_handler);
|
||||
#endif /* _UNICOS */
|
||||
#ifdef HAVE_CYGWIN
|
||||
if (is_winnt)
|
||||
cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
|
||||
cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
|
||||
#endif
|
||||
|
||||
s->pid = pid;
|
||||
@ -726,8 +725,7 @@ do_exec_pty(Session *s, const char *command)
|
||||
signal(WJSIGNAL, cray_job_termination_handler);
|
||||
#endif /* _UNICOS */
|
||||
#ifdef HAVE_CYGWIN
|
||||
if (is_winnt)
|
||||
cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
|
||||
cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
|
||||
#endif
|
||||
|
||||
s->pid = pid;
|
||||
@ -1116,7 +1114,7 @@ do_setup_env(Session *s, const char *shell)
|
||||
u_int i, envsize;
|
||||
char **env, *laddr;
|
||||
struct passwd *pw = s->pw;
|
||||
#ifndef HAVE_LOGIN_CAP
|
||||
#if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN)
|
||||
char *path = NULL;
|
||||
#endif
|
||||
|
||||
@ -1551,9 +1549,6 @@ do_setusercontext(struct passwd *pw)
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifdef HAVE_CYGWIN
|
||||
if (is_winnt)
|
||||
#endif
|
||||
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
|
||||
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user