Attachment #1021 for bug #1113

Lines 305-310 main() { if (NSVersionOfRunTimeLibrary(" Link Here

(-)configure.ac.orig (+9 lines)
305	;;	305	;;
306	esac	306	esac
307	;;	307	;;
		308	--interix3*)
		309	AC_DEFINE(HAVE_INTERIX)
		310	AC_DEFINE(DISABLE_FD_PASSING)
		311	AC_DEFINE(DISABLE_SHADOW)
		312	AC_DEFINE(IP_TOS_IS_BROKEN)
		313	AC_DEFINE(MISSING_HOWMANY)
		314	AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
		315	AC_DEFINE(USE_PIPES)
		316	;;
308	--irix5*)	317	--irix5*)
309	PATH="$PATH:/usr/etc"	318	PATH="$PATH:/usr/etc"
310	AC_DEFINE(BROKEN_INET_NTOA)	319	AC_DEFINE(BROKEN_INET_NTOA)

Lines 414-420 Link Here

(-)loginrec.c.orig (-1 / +1 lines)
414	int	414	int
415	login_write(struct logininfo *li)	415	login_write(struct logininfo *li)
416	{	416	{
417	#ifndef HAVE_CYGWIN	417	#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX)
418	if (geteuid() != 0) {	418	if (geteuid() != 0) {
419	logit("Attempt to write login records by non-root user (aborting)");	419	logit("Attempt to write login records by non-root user (aborting)");
420	return (1);	420	return (1);

Lines 164-169 Link Here

(-)includes.h.orig (+4 lines)
164	#ifdef HAVE_READPASSPHRASE_H	164	#ifdef HAVE_READPASSPHRASE_H
165	# include <readpassphrase.h>	165	# include <readpassphrase.h>
166	#endif	166	#endif
		167	#ifdef HAVE_INTERIX
		168	# include <interix/env.h>
		169	# include <interix/security.h>
		170	#endif
167		171
168	#ifdef HAVE_IA_H	172	#ifdef HAVE_IA_H
169	# include <ia.h>	173	# include <ia.h>

Lines 113-119 Link Here

(-)auth-passwd.c.orig (+5 lines)
113	authctxt->force_pwchange = 1;	113	authctxt->force_pwchange = 1;
114	}	114	}
115	#endif	115	#endif
		116
		117	#ifdef HAVE_INTERIX
		118	result = (!setuser(pw->pw_name, password, SU_CHECK);
		119	#else
116	result = sys_auth_passwd(authctxt, password);	120	result = sys_auth_passwd(authctxt, password);
		121	#endif
117	if (authctxt->force_pwchange)	122	if (authctxt->force_pwchange)
118	disable_forwarding();	123	disable_forwarding();
119	return (result && ok);	124	return (result && ok);

Lines 405-411 Link Here

(-)auth1.c.orig (-1 / +1 lines)
405	* If we are not running as root, the user must have the same uid as	405	* If we are not running as root, the user must have the same uid as
406	* the server.	406	* the server.
407	*/	407	*/
408	#ifndef HAVE_CYGWIN	408	#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX)
409	if (!use_privsep && getuid() != 0 && authctxt->pw &&	409	if (!use_privsep && getuid() != 0 && authctxt->pw &&
410	authctxt->pw->pw_uid != getuid())	410	authctxt->pw->pw_uid != getuid())
411	packet_disconnect("Cannot change user when server not running as root.");	411	packet_disconnect("Cannot change user when server not running as root.");

Lines 298-304 Link Here

(-)scp.c.orig (+8 lines)
298	argc -= optind;	298	argc -= optind;
299	argv += optind;	299	argv += optind;
300		300
		301	#ifdef HAVE_INTERIX
		302	if ((pwd = getpwuid_ex(userid = getuid(), PW_FULLNAME)) == NULL)
		303	#else
301	if ((pwd = getpwuid(userid = getuid())) == NULL)	304	if ((pwd = getpwuid(userid = getuid())) == NULL)
		305	#endif
302	fatal("unknown user %u", (u_int) userid);	306	fatal("unknown user %u", (u_int) userid);
303		307
304	if (!isatty(STDERR_FILENO))	308	if (!isatty(STDERR_FILENO))
Lines 643-650 Link Here
643	return;	647	return;
644	}	648	}
645	while ((dp = readdir(dirp)) != NULL) {	649	while ((dp = readdir(dirp)) != NULL) {
		650	#ifndef HAVE_INTERIX
646	if (dp->d_ino == 0)	651	if (dp->d_ino == 0)
647	continue;	652	continue;
		653	#endif
648	if (!strcmp(dp->d_name, ".") \|\| !strcmp(dp->d_name, ".."))	654	if (!strcmp(dp->d_name, ".") \|\| !strcmp(dp->d_name, ".."))
649	continue;	655	continue;
650	if (strlen(name) + 1 + strlen(dp->d_name) >= sizeof(path) - 1) {	656	if (strlen(name) + 1 + strlen(dp->d_name) >= sizeof(path) - 1) {
Lines 1093-1099 Link Here
1093	case '\'':	1099	case '\'':
1094	case '"':	1100	case '"':
1095	case '`':	1101	case '`':
		1102	#ifndef HAVE_INTERIX
1096	case ' ':	1103	case ' ':
		1104	#endif
1097	case '#':	1105	case '#':
1098	goto bad;	1106	goto bad;
1099	default:	1107	default:




		    strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
		read_environment_file(&env, &envsize, buf);
	}

#ifdef HAVE_INTERIX
	{
		/* copy standard Windows environment, then apply changes */
		env_t *winenv = env_login(pw);
		env_putarray(winenv, env, ENV_OVERRIDE);

		/* swap over to altered environment as a traditional array */
		env = env_array(winenv);
	}
#endif

	if (debug_flag) {
		/* dump the environment */
		fprintf(stderr, "Environment:\n");

void
do_setusercontext(struct passwd *pw)
{
#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX)
	if (getuid() == 0 || geteuid() == 0)
#endif /* !HAVE_CYGWIN && !HAVE_INTERIX */
	{

#ifdef HAVE_SETPCRED

			perror("setgid");
			exit(1);
		}
# if !defined(HAVE_INTERIX)
		/* Initialize the group list. */
		if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
			perror("initgroups");
			exit(1);
		}
# endif /* !HAVE_INTERIX */
		endgrent();
#ifdef GSSAPI
		if (options.gss_authentication) {

Lines 636-642 Link Here

(-)ssh.c.orig (-1 / +1 lines)
636	/* Open a connection to the remote host. */	636	/* Open a connection to the remote host. */
637	if (ssh_connect(host, &hostaddr, options.port,	637	if (ssh_connect(host, &hostaddr, options.port,
638	options.address_family, options.connection_attempts,	638	options.address_family, options.connection_attempts,
639	#ifdef HAVE_CYGWIN	639	#if defined(HAVE_CYGWIN) \|\| defined(HAVE_INTERIX)
640	options.use_privileged_port,	640	options.use_privileged_port,
641	#else	641	#else
642	original_effective_uid == 0 && options.use_privileged_port,	642	original_effective_uid == 0 && options.use_privileged_port,




	    (u_int)pw->pw_uid, (u_int)pw->pw_gid,
	    (u_int)saved_euid, (u_int)saved_egid);
#ifndef HAVE_CYGWIN
	if (saved_euid != ROOTUID) {
		privileged = 0;
		return;
	}
#endif
#else
	if (geteuid() != ROOTUID) {
		privileged = 0;
		return;
	}


	/* set and save the user's groups */
	if (user_groupslen == -1) {
#ifndef HAVE_INTERIX
		if (initgroups(pw->pw_name, pw->pw_gid) < 0)
			fatal("initgroups: %s: %.100s", pw->pw_name,
			    strerror(errno));
#endif

		user_groupslen = getgroups(0, NULL);
		if (user_groupslen < 0)

				xfree(user_groups);
		}
	}
#ifndef HAVE_INTERIX
	/* Set the effective uid to the given (unprivileged) uid. */
	if (setgroups(user_groupslen, user_groups) < 0)
		fatal("setgroups: %.100s", strerror(errno));
#endif
#ifndef SAVED_IDS_WORK_WITH_SETEUID
	/* Propagate the privileged gid to all of our gids. */
	if (setgid(getegid()) < 0)

	setgid(getgid());
#endif /* SAVED_IDS_WORK_WITH_SETEUID */

#ifndef HAVE_INTERIX
	if (setgroups(saved_egroupslen, saved_egroups) < 0)
		fatal("setgroups: %.100s", strerror(errno));
#endif
	temporarily_use_uid_effective = 0;
}


	debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
	    (u_int)pw->pw_gid);

#if defined(HAVE_INTERIX)
	if (setuser(pw->pw_name, NULL, SU_COMPLETE))
		fatal("setuser %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
#else
#if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID)
	if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)
		fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));

	    (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
		fatal("%s: was able to restore old [e]uid", __func__);
#endif
#endif /* HAVE_INTERIX */

	/* Verify UID drop was successful */
	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) {

Lines 232-238 Link Here

(-)servconf.c.orig (+4 lines)
232		232
233	/* Turn privilege separation on by default */	233	/* Turn privilege separation on by default */
234	if (use_privsep == -1)	234	if (use_privsep == -1)
		235	#ifdef HAVE_INTERIX
		236	use_privsep = 0;
		237	#else
235	use_privsep = 1;	238	use_privsep = 1;
		239	#endif
236		240
237	#ifndef HAVE_MMAP	241	#ifndef HAVE_MMAP
238	if (use_privsep && options->compression == 1) {	242	if (use_privsep && options->compression == 1) {




		return (-1);
	}

#if !defined(HAVE_INTERIX)
	/*
	 * Try to push the appropriate streams modules, as described 
	 * in Solaris pts(7).
	 */
	ioctl(*aslave, I_PUSH, "ptem");
	ioctl(*aslave, I_PUSH, "ldterm");
  # ifndef __hpux
	ioctl(*aslave, I_PUSH, "ttcompat");
  # endif /* __hpux */
#endif /* !HAVE_INTERIX */

	return (0);


Lines 574-583 Link Here

(-)sshd.c.orig (-4 / +9 lines)
574	/* XXX not ready, too heavy after chroot */	574	/* XXX not ready, too heavy after chroot */
575	do_setusercontext(pw);	575	do_setusercontext(pw);
576	#else	576	#else
		577	#ifdef HAVE_INTERIX
		578	if (setuser(pw->pw_name, NULL, SU_COMPLETE))
		579	fatal("setuser: %.100s", strerror(errno));
		580	#else
577	gidset[0] = pw->pw_gid;	581	gidset[0] = pw->pw_gid;
578	if (setgroups(1, gidset) < 0)	582	if (setgroups(1, gidset) < 0)
579	fatal("setgroups: %.100s", strerror(errno));	583	fatal("setgroups: %.100s", strerror(errno));
580	permanently_set_uid(pw);	584	permanently_set_uid(pw);
		585	#endif /* HAVE_INTERIX */
581	#endif	586	#endif
582	}	587	}
583		588
Lines 617-623 Link Here
617	close(pmonitor->m_sendfd);	622	close(pmonitor->m_sendfd);
618		623
619	/* Demote the child */	624	/* Demote the child */
620	if (getuid() == 0 \|\| geteuid() == 0)	625	if (getuid() == ROOTUID \|\| geteuid() == ROOTUID)
621	privsep_preauth_child();	626	privsep_preauth_child();
622	setproctitle("%s", "[net]");	627	setproctitle("%s", "[net]");
623	}	628	}
Lines 630-636 Link Here
630	#ifdef DISABLE_FD_PASSING	635	#ifdef DISABLE_FD_PASSING
631	if (1) {	636	if (1) {
632	#else	637	#else
633	if (authctxt->pw->pw_uid == 0 \|\| options.use_login) {	638	if (authctxt->pw->pw_uid == ROOTUID \|\| options.use_login) {
634	#endif	639	#endif
635	/* File descriptor passing is broken or root login */	640	/* File descriptor passing is broken or root login */
636	monitor_apply_keystate(pmonitor);	641	monitor_apply_keystate(pmonitor);
Lines 911-917 Link Here
911	av = saved_argv;	916	av = saved_argv;
912	#endif	917	#endif
913		918
914	if (geteuid() == 0 && setgroups(0, NULL) == -1)	919	if (geteuid() == ROOTUID && setgroups(0, NULL) == -1)
915	debug("setgroups(): %.200s", strerror(errno));	920	debug("setgroups(): %.200s", strerror(errno));
916		921
917	/* Initialize configuration options to their default values. */	922	/* Initialize configuration options to their default values. */
Lines 1168-1174 Link Here
1168	(st.st_uid != getuid () \|\|	1173	(st.st_uid != getuid () \|\|
1169	(st.st_mode & (S_IWGRP\|S_IWOTH)) != 0))	1174	(st.st_mode & (S_IWGRP\|S_IWOTH)) != 0))
1170	#else	1175	#else
1171	if (st.st_uid != 0 \|\| (st.st_mode & (S_IWGRP\|S_IWOTH)) != 0)	1176	if (st.st_uid != ROOTUID \|\| (st.st_mode & (S_IWGRP\|S_IWOTH)) != 0)
1172	#endif	1177	#endif
1173	fatal("%s must be owned by root and not group or "	1178	fatal("%s must be owned by root and not group or "
1174	"world-writable.", _PATH_PRIVSEP_CHROOT_DIR);	1179	"world-writable.", _PATH_PRIVSEP_CHROOT_DIR);

Return to bug 1113

Lines 1150-1155 Link Here

(-)session.c.orig (-2 / +16 lines)
1150	strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");	1150	strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
1151	read_environment_file(&env, &envsize, buf);	1151	read_environment_file(&env, &envsize, buf);
1152	}	1152	}
		1153
		1154	#ifdef HAVE_INTERIX
		1155	{
		1156	/* copy standard Windows environment, then apply changes */
		1157	env_t *winenv = env_login(pw);
		1158	env_putarray(winenv, env, ENV_OVERRIDE);
		1159
		1160	/* swap over to altered environment as a traditional array */
		1161	env = env_array(winenv);
		1162	}
		1163	#endif
		1164
1153	if (debug_flag) {	1165	if (debug_flag) {
1154	/* dump the environment */	1166	/* dump the environment */
1155	fprintf(stderr, "Environment:\n");	1167	fprintf(stderr, "Environment:\n");
Lines 1260-1268 Link Here
1260	void	1272	void
1261	do_setusercontext(struct passwd *pw)	1273	do_setusercontext(struct passwd *pw)
1262	{	1274	{
1263	#ifndef HAVE_CYGWIN	1275	#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX)
1264	if (getuid() == 0 \|\| geteuid() == 0)	1276	if (getuid() == 0 \|\| geteuid() == 0)
1265	#endif /* HAVE_CYGWIN */	1277	#endif /* !HAVE_CYGWIN && !HAVE_INTERIX */
1266	{	1278	{
1267		1279
1268	#ifdef HAVE_SETPCRED	1280	#ifdef HAVE_SETPCRED
Lines 1304-1314 Link Here
1304	perror("setgid");	1316	perror("setgid");
1305	exit(1);	1317	exit(1);
1306	}	1318	}
		1319	# if !defined(HAVE_INTERIX)
1307	/* Initialize the group list. */	1320	/* Initialize the group list. */
1308	if (initgroups(pw->pw_name, pw->pw_gid) < 0) {	1321	if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
1309	perror("initgroups");	1322	perror("initgroups");
1310	exit(1);	1323	exit(1);
1311	}	1324	}
		1325	# endif /* !HAVE_INTERIX */
1312	endgrent();	1326	endgrent();
1313	#ifdef GSSAPI	1327	#ifdef GSSAPI
1314	if (options.gss_authentication) {	1328	if (options.gss_authentication) {

Lines 57-69 temporarily_use_uid(struct passwd *pw) Link Here

(-)uidswap.c.orig (-2 / +13 lines)
57	(u_int)pw->pw_uid, (u_int)pw->pw_gid,	57	(u_int)pw->pw_uid, (u_int)pw->pw_gid,
58	(u_int)saved_euid, (u_int)saved_egid);	58	(u_int)saved_euid, (u_int)saved_egid);
59	#ifndef HAVE_CYGWIN	59	#ifndef HAVE_CYGWIN
60	if (saved_euid != 0) {	60	if (saved_euid != ROOTUID) {
61	privileged = 0;	61	privileged = 0;
62	return;	62	return;
63	}	63	}
64	#endif	64	#endif
65	#else	65	#else
66	if (geteuid() != 0) {	66	if (geteuid() != ROOTUID) {
67	privileged = 0;	67	privileged = 0;
68	return;	68	return;
69	}	69	}
Lines 87-95 temporarily_use_uid(struct passwd *pw) Link Here
87		87
88	/* set and save the user's groups */	88	/* set and save the user's groups */
89	if (user_groupslen == -1) {	89	if (user_groupslen == -1) {
		90	#ifndef HAVE_INTERIX
90	if (initgroups(pw->pw_name, pw->pw_gid) < 0)	91	if (initgroups(pw->pw_name, pw->pw_gid) < 0)
91	fatal("initgroups: %s: %.100s", pw->pw_name,	92	fatal("initgroups: %s: %.100s", pw->pw_name,
92	strerror(errno));	93	strerror(errno));
		94	#endif
93		95
94	user_groupslen = getgroups(0, NULL);	96	user_groupslen = getgroups(0, NULL);
95	if (user_groupslen < 0)	97	if (user_groupslen < 0)
Lines 104-112 temporarily_use_uid(struct passwd *pw) Link Here
104	xfree(user_groups);	106	xfree(user_groups);
105	}	107	}
106	}	108	}
		109	#ifndef HAVE_INTERIX
107	/* Set the effective uid to the given (unprivileged) uid. */	110	/* Set the effective uid to the given (unprivileged) uid. */
108	if (setgroups(user_groupslen, user_groups) < 0)	111	if (setgroups(user_groupslen, user_groups) < 0)
109	fatal("setgroups: %.100s", strerror(errno));	112	fatal("setgroups: %.100s", strerror(errno));
		113	#endif
110	#ifndef SAVED_IDS_WORK_WITH_SETEUID	114	#ifndef SAVED_IDS_WORK_WITH_SETEUID
111	/* Propagate the privileged gid to all of our gids. */	115	/* Propagate the privileged gid to all of our gids. */
112	if (setgid(getegid()) < 0)	116	if (setgid(getegid()) < 0)
Lines 154-161 restore_uid(void) Link Here
154	setgid(getgid());	158	setgid(getgid());
155	#endif /* SAVED_IDS_WORK_WITH_SETEUID */	159	#endif /* SAVED_IDS_WORK_WITH_SETEUID */
156		160
		161	#ifndef HAVE_INTERIX
157	if (setgroups(saved_egroupslen, saved_egroups) < 0)	162	if (setgroups(saved_egroupslen, saved_egroups) < 0)
158	fatal("setgroups: %.100s", strerror(errno));	163	fatal("setgroups: %.100s", strerror(errno));
		164	#endif
159	temporarily_use_uid_effective = 0;	165	temporarily_use_uid_effective = 0;
160	}	166	}
161		167
Lines 174-179 permanently_set_uid(struct passwd *pw) Link Here
174	debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,	180	debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
175	(u_int)pw->pw_gid);	181	(u_int)pw->pw_gid);
176		182
		183	#if defined(HAVE_INTERIX)
		184	if (setuser(pw->pw_name, NULL, SU_COMPLETE))
		185	fatal("setuser %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
		186	#else
177	#if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID)	187	#if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID)
178	if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)	188	if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)
179	fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));	189	fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
Lines 222-227 permanently_set_uid(struct passwd *pw) Link Here
222	(setuid(old_uid) != -1 \|\| seteuid(old_uid) != -1))	232	(setuid(old_uid) != -1 \|\| seteuid(old_uid) != -1))
223	fatal("%s: was able to restore old [e]uid", __func__);	233	fatal("%s: was able to restore old [e]uid", __func__);
224	#endif	234	#endif
		235	#endif /* HAVE_INTERIX */
225		236
226	/* Verify UID drop was successful */	237	/* Verify UID drop was successful */
227	if (getuid() != pw->pw_uid \|\| geteuid() != pw->pw_uid) {	238	if (getuid() != pw->pw_uid \|\| geteuid() != pw->pw_uid) {

Lines 102-116 Link Here

(-)openbsd-compat/bsd-openpty.c.orig (-2 / +4 lines)
102	return (-1);	102	return (-1);
103	}	103	}
104		104
		105	#if !defined(HAVE_INTERIX)
105	/*	106	/*
106	* Try to push the appropriate streams modules, as described	107	* Try to push the appropriate streams modules, as described
107	* in Solaris pts(7).	108	* in Solaris pts(7).
108	*/	109	*/
109	ioctl(*aslave, I_PUSH, "ptem");	110	ioctl(*aslave, I_PUSH, "ptem");
110	ioctl(*aslave, I_PUSH, "ldterm");	111	ioctl(*aslave, I_PUSH, "ldterm");
111	# ifndef __hpux	112	# ifndef __hpux
112	ioctl(*aslave, I_PUSH, "ttcompat");	113	ioctl(*aslave, I_PUSH, "ttcompat");
113	# endif /* __hpux */	114	# endif /* __hpux */
		115	#endif /* !HAVE_INTERIX */
114		116
115	return (0);	117	return (0);
116		118