This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: Updated partial auth patch against CVS


Hi Carson...

Here is what I have so far. This is a patch based on 2.5.2p2 with your 
patch. So this is a patch on top of your patch. This patch allows

AuthOrder2 publickey:uidmatch,publickey:password

for the CygWin environment. It also highlites a couple of minor things I 
found in your patch. When you have a 2.9p1 patch I will update this.

Thanks,

...Karl

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
diff -u -r ./auth2.c /openssh-2.5.2p2/auth2.c
--- ./auth2.c	Sat May  5 13:52:11 2001
+++ /openssh-2.5.2p2/auth2.c	Sat May  5 13:59:52 2001
@@ -186,6 +186,8 @@
	Authorder *ao = NULL;
	char *user, *service, *method, *style = NULL;
	int authenticated = 0;
+	int r;
+	int tempuid;

	if (authctxt == NULL)
		fatal("input_userauth_request: no authctxt");
@@ -259,12 +261,37 @@
		authenticated = 0;
#endif /* USE_PAM */

+	authctxt->partial = 0;
+/* Karl-->Carson: We could change this to a while if we want to let 
matchuid
+		  have subauth methods. */
	if (authenticated && (ao->sub != NULL)) {
		authctxt->partial = 1;
		authenticated = 0;
		lastauth = ao;
+#ifdef HAVE_CYGWIN
+		ao = ao->sub;
+		while (((r = strcmp("matchuid",ao->name)) != 0) && (ao->next != NULL))
+			ao = ao->next;
+		if ((r == 0) && (getuid() == authctxt->pw->pw_uid)) {
+			authctxt->partial = 0;
+			authenticated = 1;
+		}
+#endif
	}

+#ifdef HAVE_CYGWIN
+/* Karl-->Corinna: I have removed the check_nt_calls from everything but
+		   userauth_passwd. I want to make sure that we have a
+		   password if we need it. Is there a better way to do this? */
+	if (authenticated) {
+		tempuid = getuid();
+		setuid(authctxt->pw->pw_uid);
+		if (getuid() != authctxt->pw->pw_uid)
+			authenticated = 0;
+		setuid(tempuid);
+	}
+#endif
+
	/* Log before sending the reply */
	auth_log(authctxt, authenticated, method, " ssh2");

@@ -381,10 +408,6 @@
	if (authctxt->valid == 0)
		return(0);

-#ifdef HAVE_CYGWIN
-	if (check_nt_auth(1, authctxt->pw->pw_uid) == 0)
-		return(0);
-#endif
#ifdef USE_PAM
	return auth_pam_password(authctxt->pw, "");
#elif defined(HAVE_OSF_SIA)
@@ -445,10 +468,6 @@
#endif
	xfree(lang);
	xfree(devs);
-#ifdef HAVE_CYGWIN
-	if (check_nt_auth(0, authctxt->pw->pw_uid) == 0)
-		return(0);
-#endif
	return authenticated;
}

@@ -551,10 +570,6 @@
	debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
	xfree(pkalg);
	xfree(pkblob);
-#ifdef HAVE_CYGWIN
-	if (check_nt_auth(0, authctxt->pw->pw_uid) == 0)
-		return(0);
-#endif
	return authenticated;
}

@@ -638,7 +653,8 @@
					r = 1;
				} else {
					as = ao->sub;
-					while ((r = strncmp(as->name, cp, i)) != 0) {
+/* Karl-->Carson: Needs to be case insensitive for the way servconf.c is 
now. */
+					while ((r = strncasecmp(as->name, cp, i)) != 0) {
						if (as->next != NULL) {
							as = as->next;
						} else {
@@ -664,7 +680,8 @@
				break;
			case ',':
				ao = authorder;
-				while(((r = strncmp(ao->name, cp, i)) != 0) && (ao->next != NULL)) {
+/* Karl-->Carson: Needs to be case insensitive for the way servconf.c is 
now. */
+				while(((r = strncasecmp(ao->name, cp, i)) != 0) && (ao->next != NULL)) 
{
					ao = ao->next;
				}
				if (r != 0) {
@@ -704,18 +721,39 @@
	}

	as = ao;
+#ifdef HAVE_CYGWIN
+	if (strcmp("matchuid",as->name) != 0)
+#endif
	size = strlen(as->name) + 1;
	while (as->next != NULL) {
		as = as->next;
+#ifdef HAVE_CYGWIN
+		if (strcmp("matchuid",as->name) != 0)
+#endif
		size += strlen(as->name) + 1;
	}
+#ifdef HAVE_CYGWIN
+	if (size == 0)
+		fatal("authmethods_get_new: no authmethods");
+#endif
+/* Karl-->Carson: No need for "size++;" here, is there? */
	size++;			/* trailing '\0' */
	list = xmalloc(size);
+#ifdef HAVE_CYGWIN
+	if (strcmp("matchuid",ao->name) == 0)
+		ao = ao->next;
+#endif
	strlcpy(list, ao->name, size);
	while(ao->next != NULL) {
		ao = ao->next;
+#ifdef HAVE_CYGWIN
+		if (strcmp("matchuid",ao->name) != 0) {
+#endif
		strlcat(list, DELIM, size);
		strlcat(list, ao->name, size);
+#ifdef HAVE_CYGWIN
+		}
+#endif
	}
	return list;
}
diff -u -r ./defines.h /openssh-2.5.2p2/defines.h
--- ./defines.h	Mon Mar 19 17:49:22 2001
+++ /openssh-2.5.2p2/defines.h	Fri May  4 20:49:04 2001
@@ -436,7 +436,7 @@
  * configure.in sets this for a few OS's which are known to have problems
  * but you may need to set it yourself
  */
-/* #define USE_PIPES 1 */
+#define USE_PIPES 1

/**
  ** login recorder definitions
diff -u -r ./openbsd-compat/strmode.c 
/openssh-2.5.2p2/openbsd-compat/strmode.c
--- ./openbsd-compat/strmode.c	Wed Jan 31 12:52:04 2001
+++ /openssh-2.5.2p2/openbsd-compat/strmode.c	Fri May  4 20:34:46 2001
@@ -42,6 +42,15 @@
#include <sys/stat.h>
#include <string.h>

+#ifdef HAVE_CYGWIN
+#undef S_IXUSR
+#undef S_IXGRP
+#undef S_IXOTH
+#define S_IXUSR 0100
+#define S_IXGRP 0010
+#define S_IXOTH 0001
+#endif
+
void
strmode(mode, p)
	register mode_t mode;
diff -u -r ./servconf.c /openssh-2.5.2p2/servconf.c
--- ./servconf.c	Sat May  5 13:52:11 2001
+++ /openssh-2.5.2p2/servconf.c	Sat May  5 13:36:09 2001
@@ -759,11 +759,25 @@

		case sAuthOrder:
			arg = strdelim(&cp);
+/* Karl-->Carson: Should whitespace be removed before processing? */
+/* Karl-->Carson: Perhaps we should just remove whitespace and convert
+		  everything to lowercase to simplify the remaining code
+		  here and in auth2.c? */
+/* Karl-->Carson: These comparisons need to be case insensitive somehow. */
			if ((strstr(arg,":none") != NULL) || (strstr(arg,"none:") != NULL)){
				fprintf(stderr, "%s line %d: none may not be or have a subauth 
method\n",
					filename, linenum);
				exit(1);
			}
+#ifdef HAVE_CYGWIN
+/* Karl-->Carson: These comparisons need to be case insensitive somehow. */
+			if ((strncasecmp(arg,"matchuid",8) == 0) || (strstr(arg,",matchuid") != 
NULL) ||
+			    (strstr(arg,"matchuid:") != NULL)){
+				fprintf(stderr, "%s line %d: matchuid must be and not have a subauth 
method\n",
+					filename, linenum);
+				exit(1);
+			}
+#endif
			{
				int i, match;
				char *mycp;
@@ -778,6 +792,10 @@
						match = 1;
					} else if (strncasecmp(mycp,"keyboard-interactive",i) == 0) {
						match = 1;
+#ifdef HAVE_CYGWIN
+					} else if (strncasecmp(mycp,"matchuid",i) == 0) {
+						match = 1;
+#endif
					}
					if (match == 0) {
						mycp[i]='\0';


--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]