Attachment #1022 for bug #1114

Lines 30-35 Link Here

(-)defines.h.orig (+9 lines)
30		30
31	/* Constants */	31	/* Constants */
32		32
		33	#ifdef HAVE_INTERIX
		34	/* Interix has a special concept of "administrator". */
		35	# define ROOTUID 197108
		36	# define ROOTGID 131616
		37	#else
		38	# define ROOTUID 0
		39	# define ROOTGID 0
		40	#endif
		41
33	#ifndef SHUT_RDWR	42	#ifndef SHUT_RDWR
34	enum	43	enum
35	{	44	{

Lines 78-84 Link Here

(-)auth-passwd.c.orig (-1 / +1 lines)
78	#endif	78	#endif
79		79
80	#ifndef HAVE_CYGWIN	80	#ifndef HAVE_CYGWIN
81	if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)	81	if (pw->pw_uid == ROOTUID && options.permit_root_login != PERMIT_YES)
82	ok = 0;	82	ok = 0;
83	#endif	83	#endif
84	if (*password == '\0' && options.permit_empty_passwd == 0)	84	if (*password == '\0' && options.permit_empty_passwd == 0)




		return 0;

	/* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */
	if (pw->pw_uid != ROOTUID) {
		if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,
		    client_user, pw->pw_name)) {
			auth_debug_add("Accepted for %.100s [%.100s] by /etc/hosts.equiv.",

		return 0;
	}
	if (options.strict_modes &&
	    ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) ||
	    (st.st_mode & 022) != 0)) {
		logit("Rhosts authentication refused for %.100s: "
		    "bad ownership or modes for home directory.", pw->pw_name);

		 * allowing access to their account by anyone.
		 */
		if (options.strict_modes &&
		    ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) ||
		    (st.st_mode & 022) != 0)) {
			logit("Rhosts authentication refused for %.100s: bad modes for %.200s",
			    pw->pw_name, buf);




		user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
		if (options.strict_modes &&
		    (stat(user_hostfile, &st) == 0) &&
		    ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) ||
		    (st.st_mode & 022) != 0)) {
			logit("Authentication refused for %.100s: "
			    "bad owner or modes for %.200s",


	/* check the open file to avoid races */
	if (fstat(fileno(f), &st) < 0 ||
	    (st.st_uid != ROOTUID && st.st_uid != uid) ||
	    (st.st_mode & 022) != 0) {
		snprintf(err, errlen, "bad ownership or modes for file %s",
		    buf);


		debug3("secure_filename: checking '%s'", buf);
		if (stat(buf, &st) < 0 ||
		    (st.st_uid != ROOTUID && st.st_uid != uid) ||
		    (st.st_mode & 022) != 0) {
			snprintf(err, errlen,
			    "bad ownership or modes for directory %s", buf);

Lines 307-313 Link Here

(-)auth1.c.orig (-1 / +1 lines)
307	}	307	}
308	#else	308	#else
309	/* Special handling for root */	309	/* Special handling for root */
310	if (authenticated && authctxt->pw->pw_uid == 0 &&	310	if (authenticated && authctxt->pw->pw_uid == ROOTUID &&
311	!auth_root_allowed(meth->name)) {	311	!auth_root_allowed(meth->name)) {
312	authenticated = 0;	312	authenticated = 0;
313	# ifdef SSH_AUDIT_EVENTS	313	# ifdef SSH_AUDIT_EVENTS

Lines 216-222 Link Here

(-)auth2.c.orig (-1 / +1 lines)
216	authctxt->user);	216	authctxt->user);
217		217
218	/* Special handling for root */	218	/* Special handling for root */
219	if (authenticated && authctxt->pw->pw_uid == 0 &&	219	if (authenticated && authctxt->pw->pw_uid == ROOTUID &&
220	!auth_root_allowed(method)) {	220	!auth_root_allowed(method)) {
221	authenticated = 0;	221	authenticated = 0;
222	#ifdef SSH_AUDIT_EVENTS	222	#ifdef SSH_AUDIT_EVENTS




				break;
			}
			debug("Received TCP/IP port forwarding request.");
			channel_input_port_forward_request(s->pw->pw_uid == ROOTUID, options.gateway_ports);
			success = 1;
			break;


	if (tmpenv == NULL)
		return;

	if (uid == ROOTUID)
		var = child_get_env(tmpenv, "SUPATH");
	else
		var = child_get_env(tmpenv, "PATH");

#  endif /* HAVE_ETC_DEFAULT_LOGIN */
		if (path == NULL || *path == '\0') {
			child_set_env(&env, &envsize, "PATH",
			    s->pw->pw_uid == ROOTUID ?
				SUPERUSER_PATH : _PATH_STDPATH);
		}
# endif /* HAVE_CYGWIN */

		record_logout(s->pid, s->tty, s->pw->pw_name);

	/* Release the pseudo-tty. */
	if (getuid() == ROOTUID)
		pty_release(s->tty);

	/*

Lines 62-68 pty_allocate(int ptyfd, int ttyfd, cha Link Here

(-)sshpty.c.orig (-2 / +2 lines)
62	void	62	void
63	pty_release(const char *tty)	63	pty_release(const char *tty)
64	{	64	{
65	if (chown(tty, (uid_t) 0, (gid_t) 0) < 0)	65	if (chown(tty, (uid_t) ROOTUID, (gid_t) ROOTGID) < 0)
66	error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno));	66	error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno));
67	if (chmod(tty, (mode_t) 0666) < 0)	67	if (chmod(tty, (mode_t) 0666) < 0)
68	error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno));	68	error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno));
Lines 203-209 pty_setowner(struct passwd *pw, const ch Link Here
203	if (st.st_uid != pw->pw_uid \|\| st.st_gid != gid) {	203	if (st.st_uid != pw->pw_uid \|\| st.st_gid != gid) {
204	if (chown(tty, pw->pw_uid, gid) < 0) {	204	if (chown(tty, pw->pw_uid, gid) < 0) {
205	if (errno == EROFS &&	205	if (errno == EROFS &&
206	(st.st_uid == pw->pw_uid \|\| st.st_uid == 0))	206	(st.st_uid == pw->pw_uid \|\| st.st_uid == ROOTUID))
207	debug("chown(%.100s, %u, %u) failed: %.100s",	207	debug("chown(%.100s, %u, %u) failed: %.100s",
208	tty, (u_int)pw->pw_uid, (u_int)gid,	208	tty, (u_int)pw->pw_uid, (u_int)gid,
209	strerror(errno));	209	strerror(errno));




	    (u_int)pw->pw_uid, (u_int)pw->pw_gid,
	    (u_int)saved_euid, (u_int)saved_egid);
#ifndef HAVE_CYGWIN
	if (saved_euid != ROOTUID) {
		privileged = 0;
		return;
	}
#endif
#else
	if (geteuid() != ROOTUID) {
		privileged = 0;
		return;
	}




		close(pmonitor->m_sendfd);

		/* Demote the child */
		if (getuid() == ROOTUID || geteuid() == ROOTUID)
			privsep_preauth_child();
		setproctitle("%s", "[net]");
	}

#ifdef DISABLE_FD_PASSING
	if (1) {
#else
	if (authctxt->pw->pw_uid == ROOTUID || options.use_login) {
#endif
		/* File descriptor passing is broken or root login */
		monitor_apply_keystate(pmonitor);

	av = saved_argv;
#endif

	if (geteuid() == ROOTUID && setgroups(0, NULL) == -1)
		debug("setgroups(): %.200s", strerror(errno));

	/* Initialize configuration options to their default values. */

		    (st.st_uid != getuid () ||
		    (st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
#else
		if (st.st_uid != ROOTUID || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
#endif
			fatal("%s must be owned by root and not group or "
			    "world-writable.", _PATH_PRIVSEP_CHROOT_DIR);

Return to bug 1114

Lines 198-204 auth_rhosts2_raw(struct passwd *pw, cons Link Here

(-)auth-rhosts.c.orig (-3 / +3 lines)
198	return 0;	198	return 0;
199		199
200	/* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */	200	/* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */
201	if (pw->pw_uid != 0) {	201	if (pw->pw_uid != ROOTUID) {
202	if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,	202	if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,
203	client_user, pw->pw_name)) {	203	client_user, pw->pw_name)) {
204	auth_debug_add("Accepted for %.100s [%.100s] by /etc/hosts.equiv.",	204	auth_debug_add("Accepted for %.100s [%.100s] by /etc/hosts.equiv.",
Lines 224-230 auth_rhosts2_raw(struct passwd *pw, cons Link Here
224	return 0;	224	return 0;
225	}	225	}
226	if (options.strict_modes &&	226	if (options.strict_modes &&
227	((st.st_uid != 0 && st.st_uid != pw->pw_uid) \|\|	227	((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) \|\|
228	(st.st_mode & 022) != 0)) {	228	(st.st_mode & 022) != 0)) {
229	logit("Rhosts authentication refused for %.100s: "	229	logit("Rhosts authentication refused for %.100s: "
230	"bad ownership or modes for home directory.", pw->pw_name);	230	"bad ownership or modes for home directory.", pw->pw_name);
Lines 251-257 auth_rhosts2_raw(struct passwd *pw, cons Link Here
251	* allowing access to their account by anyone.	251	* allowing access to their account by anyone.
252	*/	252	*/
253	if (options.strict_modes &&	253	if (options.strict_modes &&
254	((st.st_uid != 0 && st.st_uid != pw->pw_uid) \|\|	254	((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) \|\|
255	(st.st_mode & 022) != 0)) {	255	(st.st_mode & 022) != 0)) {
256	logit("Rhosts authentication refused for %.100s: bad modes for %.200s",	256	logit("Rhosts authentication refused for %.100s: bad modes for %.200s",
257	pw->pw_name, buf);	257	pw->pw_name, buf);

Lines 388-394 Link Here

(-)auth.c.orig (-3 / +3 lines)
388	user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);	388	user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
389	if (options.strict_modes &&	389	if (options.strict_modes &&
390	(stat(user_hostfile, &st) == 0) &&	390	(stat(user_hostfile, &st) == 0) &&
391	((st.st_uid != 0 && st.st_uid != pw->pw_uid) \|\|	391	((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) \|\|
392	(st.st_mode & 022) != 0)) {	392	(st.st_mode & 022) != 0)) {
393	logit("Authentication refused for %.100s: "	393	logit("Authentication refused for %.100s: "
394	"bad owner or modes for %.200s",	394	"bad owner or modes for %.200s",
Lines 441-447 Link Here
441		441
442	/* check the open file to avoid races */	442	/* check the open file to avoid races */
443	if (fstat(fileno(f), &st) < 0 \|\|	443	if (fstat(fileno(f), &st) < 0 \|\|
444	(st.st_uid != 0 && st.st_uid != uid) \|\|	444	(st.st_uid != ROOTUID && st.st_uid != uid) \|\|
445	(st.st_mode & 022) != 0) {	445	(st.st_mode & 022) != 0) {
446	snprintf(err, errlen, "bad ownership or modes for file %s",	446	snprintf(err, errlen, "bad ownership or modes for file %s",
447	buf);	447	buf);
Lines 458-464 Link Here
458		458
459	debug3("secure_filename: checking '%s'", buf);	459	debug3("secure_filename: checking '%s'", buf);
460	if (stat(buf, &st) < 0 \|\|	460	if (stat(buf, &st) < 0 \|\|
461	(st.st_uid != 0 && st.st_uid != uid) \|\|	461	(st.st_uid != ROOTUID && st.st_uid != uid) \|\|
462	(st.st_mode & 022) != 0) {	462	(st.st_mode & 022) != 0) {
463	snprintf(err, errlen,	463	snprintf(err, errlen,
464	"bad ownership or modes for directory %s", buf);	464	"bad ownership or modes for directory %s", buf);

Lines 331-337 Link Here

(-)session.c.orig (-4 / +4 lines)
331	break;	331	break;
332	}	332	}
333	debug("Received TCP/IP port forwarding request.");	333	debug("Received TCP/IP port forwarding request.");
334	channel_input_port_forward_request(s->pw->pw_uid == 0, options.gateway_ports);	334	channel_input_port_forward_request(s->pw->pw_uid == ROOTUID, options.gateway_ports);
335	success = 1;	335	success = 1;
336	break;	336	break;
337		337
Lines 930-936 Link Here
930	if (tmpenv == NULL)	930	if (tmpenv == NULL)
931	return;	931	return;
932		932
933	if (uid == 0)	933	if (uid == ROOTUID)
934	var = child_get_env(tmpenv, "SUPATH");	934	var = child_get_env(tmpenv, "SUPATH");
935	else	935	else
936	var = child_get_env(tmpenv, "PATH");	936	var = child_get_env(tmpenv, "PATH");
Lines 1036-1042 Link Here
1036	# endif /* HAVE_ETC_DEFAULT_LOGIN */	1036	# endif /* HAVE_ETC_DEFAULT_LOGIN */
1037	if (path == NULL \|\| *path == '\0') {	1037	if (path == NULL \|\| *path == '\0') {
1038	child_set_env(&env, &envsize, "PATH",	1038	child_set_env(&env, &envsize, "PATH",
1039	s->pw->pw_uid == 0 ?	1039	s->pw->pw_uid == ROOTUID ?
1040	SUPERUSER_PATH : _PATH_STDPATH);	1040	SUPERUSER_PATH : _PATH_STDPATH);
1041	}	1041	}
1042	# endif /* HAVE_CYGWIN */	1042	# endif /* HAVE_CYGWIN */
Lines 2052-2058 Link Here
2052	record_logout(s->pid, s->tty, s->pw->pw_name);	2066	record_logout(s->pid, s->tty, s->pw->pw_name);
2053		2067
2054	/* Release the pseudo-tty. */	2068	/* Release the pseudo-tty. */
2055	if (getuid() == 0)	2069	if (getuid() == ROOTUID)
2056	pty_release(s->tty);	2070	pty_release(s->tty);
2057		2071
2058	/*	2072	/*

Lines 617-623 Link Here

(-)sshd.c.orig (-4 / +4 lines)
617	close(pmonitor->m_sendfd);	622	close(pmonitor->m_sendfd);
618		623
619	/* Demote the child */	624	/* Demote the child */
620	if (getuid() == 0 \|\| geteuid() == 0)	625	if (getuid() == ROOTUID \|\| geteuid() == ROOTUID)
621	privsep_preauth_child();	626	privsep_preauth_child();
622	setproctitle("%s", "[net]");	627	setproctitle("%s", "[net]");
623	}	628	}
Lines 630-636 Link Here
630	#ifdef DISABLE_FD_PASSING	635	#ifdef DISABLE_FD_PASSING
631	if (1) {	636	if (1) {
632	#else	637	#else
633	if (authctxt->pw->pw_uid == 0 \|\| options.use_login) {	638	if (authctxt->pw->pw_uid == ROOTUID \|\| options.use_login) {
634	#endif	639	#endif
635	/* File descriptor passing is broken or root login */	640	/* File descriptor passing is broken or root login */
636	monitor_apply_keystate(pmonitor);	641	monitor_apply_keystate(pmonitor);
Lines 911-917 Link Here
911	av = saved_argv;	916	av = saved_argv;
912	#endif	917	#endif
913		918
914	if (geteuid() == 0 && setgroups(0, NULL) == -1)	919	if (geteuid() == ROOTUID && setgroups(0, NULL) == -1)
915	debug("setgroups(): %.200s", strerror(errno));	920	debug("setgroups(): %.200s", strerror(errno));
916		921
917	/* Initialize configuration options to their default values. */	922	/* Initialize configuration options to their default values. */
Lines 1168-1174 Link Here
1168	(st.st_uid != getuid () \|\|	1173	(st.st_uid != getuid () \|\|
1169	(st.st_mode & (S_IWGRP\|S_IWOTH)) != 0))	1174	(st.st_mode & (S_IWGRP\|S_IWOTH)) != 0))
1170	#else	1175	#else
1171	if (st.st_uid != 0 \|\| (st.st_mode & (S_IWGRP\|S_IWOTH)) != 0)	1176	if (st.st_uid != ROOTUID \|\| (st.st_mode & (S_IWGRP\|S_IWOTH)) != 0)
1172	#endif	1177	#endif
1173	fatal("%s must be owned by root and not group or "	1178	fatal("%s must be owned by root and not group or "
1174	"world-writable.", _PATH_PRIVSEP_CHROOT_DIR);	1179	"world-writable.", _PATH_PRIVSEP_CHROOT_DIR);

Lines 57-69 temporarily_use_uid(struct passwd *pw) Link Here

(-)uidswap.c.orig (-2 / +2 lines)
57	(u_int)pw->pw_uid, (u_int)pw->pw_gid,	57	(u_int)pw->pw_uid, (u_int)pw->pw_gid,
58	(u_int)saved_euid, (u_int)saved_egid);	58	(u_int)saved_euid, (u_int)saved_egid);
59	#ifndef HAVE_CYGWIN	59	#ifndef HAVE_CYGWIN
60	if (saved_euid != 0) {	60	if (saved_euid != ROOTUID) {
61	privileged = 0;	61	privileged = 0;
62	return;	62	return;
63	}	63	}
64	#endif	64	#endif
65	#else	65	#else
66	if (geteuid() != 0) {	66	if (geteuid() != ROOTUID) {
67	privileged = 0;	67	privileged = 0;
68	return;	68	return;
69	}	69	}