Attachment 1021 Details for Bug 1113 – Support for Interix in configure, and authentication support

[patch] Support for Interix in configure, and authentication support

x.interix-basic (text/plain), 8.76 KB, created by Todd Vierling on 2005-11-05 15:22:36 AEDT

(hide)

Description:

Filename:

MIME Type:

Creator: Todd Vierling

Created: 2005-11-05 15:22:36 AEDT

Size: 8.76 KB

patch

obsolete

>--- configure.ac.orig	2005-08-31 12:59:49.000000000 -0400
>+++ configure.ac
>@@ -305,6 +305,15 @@ main() { if (NSVersionOfRunTimeLibrary("
> 		;;
> 	esac
> 	;;
>+*-*-interix3*)
>+        AC_DEFINE(HAVE_INTERIX)
>+        AC_DEFINE(DISABLE_FD_PASSING)
>+        AC_DEFINE(DISABLE_SHADOW)
>+        AC_DEFINE(IP_TOS_IS_BROKEN)
>+        AC_DEFINE(MISSING_HOWMANY)
>+        AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
>+        AC_DEFINE(USE_PIPES)
>+        ;;
> *-*-irix5*)
> 	PATH="$PATH:/usr/etc"
> 	AC_DEFINE(BROKEN_INET_NTOA)
>--- loginrec.c.orig	2005-07-17 02:26:44.000000000 -0500
>+++ loginrec.c
>@@ -414,7 +414,7 @@
> int
> login_write(struct logininfo *li)
> {
>-#ifndef HAVE_CYGWIN
>+#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX)
> 	if (geteuid() != 0) {
> 		logit("Attempt to write login records by non-root user (aborting)");
> 		return (1);
>--- includes.h.orig	2005-08-26 15:15:20.000000000 -0500
>+++ includes.h
>@@ -164,6 +164,10 @@
> #ifdef HAVE_READPASSPHRASE_H
> # include <readpassphrase.h>
> #endif
>+#ifdef HAVE_INTERIX
>+# include <interix/env.h>
>+# include <interix/security.h>
>+#endif
> 
> #ifdef HAVE_IA_H
> # include <ia.h>
>--- auth-passwd.c.orig	2005-07-26 06:54:12.000000000 -0500
>+++ auth-passwd.c
>@@ -113,7 +113,12 @@
> 			authctxt->force_pwchange = 1;
> 	}
> #endif
>+
>+#ifdef HAVE_INTERIX
>+        result = (!setuser(pw->pw_name, password, SU_CHECK);
>+#else
> 	result = sys_auth_passwd(authctxt, password);
>+#endif
> 	if (authctxt->force_pwchange)
> 		disable_forwarding();
> 	return (result && ok);
>--- auth1.c.orig	2005-07-17 02:26:44.000000000 -0500
>+++ auth1.c
>@@ -405,7 +405,7 @@
> 	 * If we are not running as root, the user must have the same uid as
> 	 * the server.
> 	 */
>-#ifndef HAVE_CYGWIN
>+#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX)
> 	if (!use_privsep && getuid() != 0 && authctxt->pw &&
> 	    authctxt->pw->pw_uid != getuid())
> 		packet_disconnect("Cannot change user when server not running as root.");
>--- scp.c.orig	2005-08-02 02:07:08.000000000 -0500
>+++ scp.c
>@@ -298,7 +298,11 @@
> 	argc -= optind;
> 	argv += optind;
> 
>+#ifdef HAVE_INTERIX
>+	if ((pwd = getpwuid_ex(userid = getuid(), PW_FULLNAME)) == NULL)
>+#else
> 	if ((pwd = getpwuid(userid = getuid())) == NULL)
>+#endif
> 		fatal("unknown user %u", (u_int) userid);
> 
> 	if (!isatty(STDERR_FILENO))
>@@ -643,8 +647,10 @@
> 		return;
> 	}
> 	while ((dp = readdir(dirp)) != NULL) {
>+#ifndef HAVE_INTERIX
> 		if (dp->d_ino == 0)
> 			continue;
>+#endif
> 		if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, ".."))
> 			continue;
> 		if (strlen(name) + 1 + strlen(dp->d_name) >= sizeof(path) - 1) {
>@@ -1093,7 +1099,9 @@
> 			case '\'':
> 			case '"':
> 			case '`':
>+#ifndef HAVE_INTERIX
> 			case ' ':
>+#endif
> 			case '#':
> 				goto bad;
> 			default:
>--- session.c.orig	2005-08-31 11:59:49.000000000 -0500
>+++ session.c
>@@ -1150,6 +1150,18 @@
> 		    strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
> 		read_environment_file(&env, &envsize, buf);
> 	}
>+
>+#ifdef HAVE_INTERIX
>+	{
>+		/* copy standard Windows environment, then apply changes */
>+		env_t *winenv = env_login(pw);
>+		env_putarray(winenv, env, ENV_OVERRIDE);
>+
>+		/* swap over to altered environment as a traditional array */
>+		env = env_array(winenv);
>+	}
>+#endif
>+
> 	if (debug_flag) {
> 		/* dump the environment */
> 		fprintf(stderr, "Environment:\n");
>@@ -1260,9 +1272,9 @@
> void
> do_setusercontext(struct passwd *pw)
> {
>-#ifndef HAVE_CYGWIN
>+#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX)
> 	if (getuid() == 0 || geteuid() == 0)
>-#endif /* HAVE_CYGWIN */
>+#endif /* !HAVE_CYGWIN && !HAVE_INTERIX */
> 	{
> 
> #ifdef HAVE_SETPCRED
>@@ -1304,11 +1316,13 @@
> 			perror("setgid");
> 			exit(1);
> 		}
>+# if !defined(HAVE_INTERIX)
> 		/* Initialize the group list. */
> 		if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
> 			perror("initgroups");
> 			exit(1);
> 		}
>+# endif /* !HAVE_INTERIX */
> 		endgrent();
> #ifdef GSSAPI
> 		if (options.gss_authentication) {
>--- ssh.c.orig	2005-08-12 07:10:56.000000000 -0500
>+++ ssh.c
>@@ -636,7 +636,7 @@
> 	/* Open a connection to the remote host. */
> 	if (ssh_connect(host, &hostaddr, options.port,
> 	    options.address_family, options.connection_attempts,
>-#ifdef HAVE_CYGWIN
>+#if defined(HAVE_CYGWIN) || defined(HAVE_INTERIX)
> 	    options.use_privileged_port,
> #else
> 	    original_effective_uid == 0 && options.use_privileged_port,
>--- uidswap.c.orig	2005-02-22 01:57:13.000000000 -0500
>+++ uidswap.c
>@@ -57,13 +57,13 @@ temporarily_use_uid(struct passwd *pw)
> 	    (u_int)pw->pw_uid, (u_int)pw->pw_gid,
> 	    (u_int)saved_euid, (u_int)saved_egid);
> #ifndef HAVE_CYGWIN
>-	if (saved_euid != 0) {
>+	if (saved_euid != ROOTUID) {
> 		privileged = 0;
> 		return;
> 	}
> #endif
> #else
>-	if (geteuid() != 0) {
>+	if (geteuid() != ROOTUID) {
> 		privileged = 0;
> 		return;
> 	}
>@@ -87,9 +87,11 @@ temporarily_use_uid(struct passwd *pw)
> 
> 	/* set and save the user's groups */
> 	if (user_groupslen == -1) {
>+#ifndef HAVE_INTERIX
> 		if (initgroups(pw->pw_name, pw->pw_gid) < 0)
> 			fatal("initgroups: %s: %.100s", pw->pw_name,
> 			    strerror(errno));
>+#endif
> 
> 		user_groupslen = getgroups(0, NULL);
> 		if (user_groupslen < 0)
>@@ -104,9 +106,11 @@ temporarily_use_uid(struct passwd *pw)
> 				xfree(user_groups);
> 		}
> 	}
>+#ifndef HAVE_INTERIX
> 	/* Set the effective uid to the given (unprivileged) uid. */
> 	if (setgroups(user_groupslen, user_groups) < 0)
> 		fatal("setgroups: %.100s", strerror(errno));
>+#endif
> #ifndef SAVED_IDS_WORK_WITH_SETEUID
> 	/* Propagate the privileged gid to all of our gids. */
> 	if (setgid(getegid()) < 0)
>@@ -154,8 +158,10 @@ restore_uid(void)
> 	setgid(getgid());
> #endif /* SAVED_IDS_WORK_WITH_SETEUID */
> 
>+#ifndef HAVE_INTERIX
> 	if (setgroups(saved_egroupslen, saved_egroups) < 0)
> 		fatal("setgroups: %.100s", strerror(errno));
>+#endif
> 	temporarily_use_uid_effective = 0;
> }
> 
>@@ -174,6 +180,10 @@ permanently_set_uid(struct passwd *pw)
> 	debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
> 	    (u_int)pw->pw_gid);
> 
>+#if defined(HAVE_INTERIX)
>+	if (setuser(pw->pw_name, NULL, SU_COMPLETE))
>+		fatal("setuser %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
>+#else
> #if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID)
> 	if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)
> 		fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
>@@ -222,6 +232,7 @@ permanently_set_uid(struct passwd *pw)
> 	    (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
> 		fatal("%s: was able to restore old [e]uid", __func__);
> #endif
>+#endif /* HAVE_INTERIX */
> 
> 	/* Verify UID drop was successful */
> 	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) {
>--- servconf.c.orig	2005-08-12 07:11:37.000000000 -0500
>+++ servconf.c
>@@ -232,7 +232,11 @@
> 
> 	/* Turn privilege separation on by default */
> 	if (use_privsep == -1)
>+#ifdef HAVE_INTERIX
>+		use_privsep = 0;
>+#else
> 		use_privsep = 1;
>+#endif
> 
> #ifndef HAVE_MMAP
> 	if (use_privsep && options->compression == 1) {
>--- openbsd-compat/bsd-openpty.c.orig	2005-02-25 17:04:29.000000000 -0600
>+++ openbsd-compat/bsd-openpty.c
>@@ -102,15 +102,17 @@
> 		return (-1);
> 	}
> 
>+#if !defined(HAVE_INTERIX)
> 	/*
> 	 * Try to push the appropriate streams modules, as described 
> 	 * in Solaris pts(7).
> 	 */
> 	ioctl(*aslave, I_PUSH, "ptem");
> 	ioctl(*aslave, I_PUSH, "ldterm");
>-# ifndef __hpux
>+  # ifndef __hpux
> 	ioctl(*aslave, I_PUSH, "ttcompat");
>-# endif /* __hpux */
>+  # endif /* __hpux */
>+#endif /* !HAVE_INTERIX */
> 
> 	return (0);
> 
>--- sshd.c.orig	2005-07-26 06:54:56.000000000 -0500
>+++ sshd.c
>@@ -574,10 +574,15 @@
> 	/* XXX not ready, too heavy after chroot */
> 	do_setusercontext(pw);
> #else
>+#ifdef HAVE_INTERIX
>+	if (setuser(pw->pw_name, NULL, SU_COMPLETE))
>+		fatal("setuser: %.100s", strerror(errno));
>+#else
> 	gidset[0] = pw->pw_gid;
> 	if (setgroups(1, gidset) < 0)
> 		fatal("setgroups: %.100s", strerror(errno));
> 	permanently_set_uid(pw);
>+#endif /* HAVE_INTERIX */
> #endif
> }
> 
>@@ -617,7 +622,7 @@
> 		close(pmonitor->m_sendfd);
> 
> 		/* Demote the child */
>-		if (getuid() == 0 || geteuid() == 0)
>+		if (getuid() == ROOTUID || geteuid() == ROOTUID)
> 			privsep_preauth_child();
> 		setproctitle("%s", "[net]");
> 	}
>@@ -630,7 +635,7 @@
> #ifdef DISABLE_FD_PASSING
> 	if (1) {
> #else
>-	if (authctxt->pw->pw_uid == 0 || options.use_login) {
>+	if (authctxt->pw->pw_uid == ROOTUID || options.use_login) {
> #endif
> 		/* File descriptor passing is broken or root login */
> 		monitor_apply_keystate(pmonitor);
>@@ -911,7 +916,7 @@
> 	av = saved_argv;
> #endif
> 
>-	if (geteuid() == 0 && setgroups(0, NULL) == -1)
>+	if (geteuid() == ROOTUID && setgroups(0, NULL) == -1)
> 		debug("setgroups(): %.200s", strerror(errno));
> 
> 	/* Initialize configuration options to their default values. */
>@@ -1168,7 +1173,7 @@
> 		    (st.st_uid != getuid () ||
> 		    (st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
> #else
>-		if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
>+		if (st.st_uid != ROOTUID || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
> #endif
> 			fatal("%s must be owned by root and not group or "
> 			    "world-writable.", _PATH_PRIVSEP_CHROOT_DIR);

Actions: View | Diff

Attachments on bug 1113: 1021 | 1027