Bugzilla – Attachment 1026 Details for
Bug 1114
Make concept of "root UID" more abstract for Interix support
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
split uid checks into capabilities.
openssh-capability.patch (text/plain), 10.22 KB, created by
Darren Tucker
on 2005-11-06 18:00:02 AEDT
(
hide
)
Description:
split uid checks into capabilities.
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2005-11-06 18:00:02 AEDT
Size:
10.22 KB
patch
obsolete
>Index: loginrec.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/loginrec.c,v >retrieving revision 1.70 >diff -u -p -r1.70 loginrec.c >--- loginrec.c 17 Jul 2005 07:26:44 -0000 1.70 >+++ loginrec.c 6 Nov 2005 06:09:47 -0000 >@@ -414,12 +414,10 @@ login_set_addr(struct logininfo *li, con > int > login_write(struct logininfo *li) > { >-#ifndef HAVE_CYGWIN >- if (geteuid() != 0) { >+ if (!have_capability(geteuid(), SSH_WRITE_LOGIN_RECORDS)) { > logit("Attempt to write login records by non-root user (aborting)"); > return (1); > } >-#endif > > /* set the timestamp */ > login_set_current_time(li); >Index: readconf.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/readconf.c,v >retrieving revision 1.118 >diff -u -p -r1.118 readconf.c >--- readconf.c 12 Aug 2005 12:11:18 -0000 1.118 >+++ readconf.c 6 Nov 2005 06:11:39 -0000 >@@ -210,11 +210,11 @@ void > add_local_forward(Options *options, const Forward *newfwd) > { > Forward *fwd; >-#ifndef NO_IPPORT_RESERVED_CONCEPT > extern uid_t original_real_uid; >- if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0) >+ >+ if (newfwd->listen_port < IPPORT_RESERVED && >+ !have_capability(original_real_uid, CAP_NET_BIND_SERVICE)) > fatal("Privileged ports can only be forwarded by root."); >-#endif > if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) > fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); > fwd = &options->local_forwards[options->num_local_forwards++]; >Index: serverloop.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/serverloop.c,v >retrieving revision 1.122 >diff -u -p -r1.122 serverloop.c >--- serverloop.c 5 Nov 2005 04:16:52 -0000 1.122 >+++ serverloop.c 6 Nov 2005 06:11:24 -0000 >@@ -1013,11 +1013,9 @@ server_input_global_request(int type, u_ > > /* check permissions */ > if (!options.allow_tcp_forwarding || >- no_port_forwarding_flag >-#ifndef NO_IPPORT_RESERVED_CONCEPT >- || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0) >-#endif >- ) { >+ no_port_forwarding_flag || >+ (listen_port < IPPORT_RESERVED && >+ !have_capability(pw->pw_uid, CAP_NET_BIND_SERVICE))) { > success = 0; > packet_send_debug("Server has disabled port forwarding."); > } else { >Index: session.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/session.c,v >retrieving revision 1.309 >diff -u -p -r1.309 session.c >--- session.c 5 Nov 2005 04:15:00 -0000 1.309 >+++ session.c 6 Nov 2005 06:10:46 -0000 >@@ -241,7 +241,7 @@ do_authenticated1(Authctxt *authctxt) > { > Session *s; > char *command; >- int success, type, screen_flag; >+ int success, type, screen_flag, privileged; > int enable_compression_after_reply = 0; > u_int proto_len, data_len, dlen, compression_level = 0; > >@@ -330,8 +330,10 @@ do_authenticated1(Authctxt *authctxt) > debug("Port forwarding not permitted."); > break; > } >+ privileged = have_capability(s->pw->pw_uid, >+ CAP_NET_BIND_SERVICE); > debug("Received TCP/IP port forwarding request."); >- channel_input_port_forward_request(s->pw->pw_uid == 0, options.gateway_ports); >+ channel_input_port_forward_request(privileged, options.gateway_ports); > success = 1; > break; > >@@ -1035,9 +1037,10 @@ do_setup_env(Session *s, const char *she > path = child_get_env(env, "PATH"); > # endif /* HAVE_ETC_DEFAULT_LOGIN */ > if (path == NULL || *path == '\0') { >- child_set_env(&env, &envsize, "PATH", >- s->pw->pw_uid == 0 ? >- SUPERUSER_PATH : _PATH_STDPATH); >+ path = have_capability(s->pw->pw_uid, >+ SSH_PRIVILEGED_LOGIN) ? SUPERUSER_PATH : >+ _PATH_STDPATH; >+ child_set_env(&env, &envsize, "PATH", path); > } > # endif /* HAVE_CYGWIN */ > #endif /* HAVE_LOGIN_CAP */ >Index: ssh.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/ssh.c,v >retrieving revision 1.240 >diff -u -p -r1.240 ssh.c >--- ssh.c 5 Nov 2005 04:15:00 -0000 1.240 >+++ ssh.c 6 Nov 2005 06:10:57 -0000 >@@ -182,7 +182,7 @@ main(int ac, char **av) > char *p, *cp, *line, buf[256]; > struct stat st; > struct passwd *pw; >- int dummy; >+ int dummy, privileged_port; > extern int optind, optreset; > extern char *optarg; > struct servent *sp; >@@ -636,15 +636,13 @@ again: > if (options.control_path != NULL) > control_client(options.control_path); > >+ privileged_port = options.use_privileged_port && >+ have_capability(original_effective_uid, CAP_NET_BIND_SERVICE); >+ > /* Open a connection to the remote host. */ > if (ssh_connect(host, &hostaddr, options.port, > options.address_family, options.connection_attempts, >-#ifdef HAVE_CYGWIN >- options.use_privileged_port, >-#else >- original_effective_uid == 0 && options.use_privileged_port, >-#endif >- options.proxy_command) != 0) >+ privileged_port, options.proxy_command) != 0) > exit(1); > > /* >Index: sshd.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/sshd.c,v >retrieving revision 1.319 >diff -u -p -r1.319 sshd.c >--- sshd.c 5 Nov 2005 04:15:00 -0000 1.319 >+++ sshd.c 6 Nov 2005 06:09:14 -0000 >@@ -617,7 +617,8 @@ privsep_preauth(Authctxt *authctxt) > close(pmonitor->m_sendfd); > > /* Demote the child */ >- if (getuid() == 0 || geteuid() == 0) >+ if (have_capability(getuid(), CAP_SETUID) || >+ have_capability(geteuid(), CAP_SETUID)) > privsep_preauth_child(); > setproctitle("%s", "[net]"); > } >Index: openbsd-compat/Makefile.in >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/Makefile.in,v >retrieving revision 1.35 >diff -u -p -r1.35 Makefile.in >--- openbsd-compat/Makefile.in 26 Aug 2005 20:15:20 -0000 1.35 >+++ openbsd-compat/Makefile.in 6 Nov 2005 00:39:10 -0000 >@@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@ > > OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o > >-COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o >+COMPAT=bsd-arc4random.o bsd-capability.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o > > PORTS=port-irix.o port-aix.o port-uw.o > >Index: openbsd-compat/bsd-capability.c >=================================================================== >RCS file: openbsd-compat/bsd-capability.c >diff -N openbsd-compat/bsd-capability.c >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ openbsd-compat/bsd-capability.c 6 Nov 2005 06:14:08 -0000 >@@ -0,0 +1,37 @@ >+/* $Id$ */ >+ >+/* >+ * Copyright (c) 2005 Darren Tucker. All rights reserved. >+ * >+ * Permission to use, copy, modify, and distribute this software for any >+ * purpose with or without fee is hereby granted, provided that the above >+ * copyright notice and this permission notice appear in all copies. >+ * >+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES >+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF >+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR >+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES >+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN >+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF >+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. >+ */ >+ >+#include "includes.h" >+ >+int >+have_capability(uid_t uid, int cap) >+{ >+#ifdef NO_IPPORT_RESERVED_CONCEPT >+ if (cap == CAP_NET_BIND_SERVICE) >+ return 1; >+#endif >+ >+#ifdef HAVE_CYGWIN >+ if (cap == SSH_WRITE_LOGIN_RECORDS) >+ return 1; >+#endif >+ >+ if (uid == 0) >+ return 1; >+ return 0; >+} >Index: openbsd-compat/bsd-capability.h >=================================================================== >RCS file: openbsd-compat/bsd-capability.h >diff -N openbsd-compat/bsd-capability.h >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ openbsd-compat/bsd-capability.h 6 Nov 2005 06:08:15 -0000 >@@ -0,0 +1,34 @@ >+/* $Id$ */ >+ >+/* >+ * Copyright (c) 2005 Darren Tucker. All rights reserved. >+ * >+ * Permission to use, copy, modify, and distribute this software for any >+ * purpose with or without fee is hereby granted, provided that the above >+ * copyright notice and this permission notice appear in all copies. >+ * >+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES >+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF >+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR >+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES >+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN >+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF >+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. >+ */ >+ >+/* POSIX Capabilities, if not defined */ >+#ifndef CAP_SETUID >+# define CAP_SETUID 0x1001 >+#endif >+#ifndef CAP_SETGID >+# define CAP_SETGID 0x1002 >+#endif >+#ifndef CAP_NET_BIND_SERVICE >+# define CAP_NET_BIND_SERVICE 0x1003 >+#endif >+ >+/* SSH-specific capabilities */ >+#define SSH_WRITE_LOGIN_RECORDS 0x8001 >+#define SSH_PRIVILEGED_LOGIN 0x8002 >+ >+int have_capability(uid_t, int); >Index: openbsd-compat/openbsd-compat.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/openbsd-compat.h,v >retrieving revision 1.31 >diff -u -p -r1.31 openbsd-compat.h >--- openbsd-compat/openbsd-compat.h 29 Sep 2005 23:55:50 -0000 1.31 >+++ openbsd-compat/openbsd-compat.h 6 Nov 2005 00:54:44 -0000 >@@ -172,6 +172,8 @@ char *shadow_pw(struct passwd *pw); > /* rfc2553 socket API replacements */ > #include "fake-rfc2553.h" > >+#include "bsd-capability.h" >+ > /* Routines for a single OS platform */ > #include "bsd-cray.h" > #include "bsd-cygwin_util.h"
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1026">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1114
:
1022
| 1026