Bugzilla – Attachment 1022 Details for
Bug 1114
Make concept of "root UID" more abstract for Interix support
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch abstracting root uid/gid to ROOTUID/ROOTGID macros
x (text/plain), 7.00 KB, created by
Todd Vierling
on 2005-11-05 15:32:47 AEDT
(
hide
)
Description:
Patch abstracting root uid/gid to ROOTUID/ROOTGID macros
Filename:
MIME Type:
Creator:
Todd Vierling
Created:
2005-11-05 15:32:47 AEDT
Size:
7.00 KB
patch
obsolete
>--- defines.h.orig 2005-08-31 11:59:49.000000000 -0500 >+++ defines.h >@@ -30,6 +30,15 @@ > > /* Constants */ > >+#ifdef HAVE_INTERIX >+/* Interix has a special concept of "administrator". */ >+# define ROOTUID 197108 >+# define ROOTGID 131616 >+#else >+# define ROOTUID 0 >+# define ROOTGID 0 >+#endif >+ > #ifndef SHUT_RDWR > enum > { >--- auth-passwd.c.orig 2005-07-26 06:54:12.000000000 -0500 >+++ auth-passwd.c >@@ -78,7 +78,7 @@ > #endif > > #ifndef HAVE_CYGWIN >- if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) >+ if (pw->pw_uid == ROOTUID && options.permit_root_login != PERMIT_YES) > ok = 0; > #endif > if (*password == '\0' && options.permit_empty_passwd == 0) >--- auth-rhosts.c.orig 2003-11-17 05:13:41.000000000 -0500 >+++ auth-rhosts.c >@@ -198,7 +198,7 @@ auth_rhosts2_raw(struct passwd *pw, cons > return 0; > > /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ >- if (pw->pw_uid != 0) { >+ if (pw->pw_uid != ROOTUID) { > if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, > client_user, pw->pw_name)) { > auth_debug_add("Accepted for %.100s [%.100s] by /etc/hosts.equiv.", >@@ -224,7 +224,7 @@ auth_rhosts2_raw(struct passwd *pw, cons > return 0; > } > if (options.strict_modes && >- ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || >+ ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) || > (st.st_mode & 022) != 0)) { > logit("Rhosts authentication refused for %.100s: " > "bad ownership or modes for home directory.", pw->pw_name); >@@ -251,7 +251,7 @@ auth_rhosts2_raw(struct passwd *pw, cons > * allowing access to their account by anyone. > */ > if (options.strict_modes && >- ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || >+ ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) || > (st.st_mode & 022) != 0)) { > logit("Rhosts authentication refused for %.100s: bad modes for %.200s", > pw->pw_name, buf); >--- auth.c.orig 2005-08-31 11:59:49.000000000 -0500 >+++ auth.c >@@ -388,7 +388,7 @@ > user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); > if (options.strict_modes && > (stat(user_hostfile, &st) == 0) && >- ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || >+ ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) || > (st.st_mode & 022) != 0)) { > logit("Authentication refused for %.100s: " > "bad owner or modes for %.200s", >@@ -441,7 +441,7 @@ > > /* check the open file to avoid races */ > if (fstat(fileno(f), &st) < 0 || >- (st.st_uid != 0 && st.st_uid != uid) || >+ (st.st_uid != ROOTUID && st.st_uid != uid) || > (st.st_mode & 022) != 0) { > snprintf(err, errlen, "bad ownership or modes for file %s", > buf); >@@ -458,7 +458,7 @@ > > debug3("secure_filename: checking '%s'", buf); > if (stat(buf, &st) < 0 || >- (st.st_uid != 0 && st.st_uid != uid) || >+ (st.st_uid != ROOTUID && st.st_uid != uid) || > (st.st_mode & 022) != 0) { > snprintf(err, errlen, > "bad ownership or modes for directory %s", buf); >--- auth1.c.orig 2005-07-17 02:26:44.000000000 -0500 >+++ auth1.c >@@ -307,7 +307,7 @@ > } > #else > /* Special handling for root */ >- if (authenticated && authctxt->pw->pw_uid == 0 && >+ if (authenticated && authctxt->pw->pw_uid == ROOTUID && > !auth_root_allowed(meth->name)) { > authenticated = 0; > # ifdef SSH_AUDIT_EVENTS >--- auth2.c.orig 2005-07-17 02:26:44.000000000 -0500 >+++ auth2.c >@@ -216,7 +216,7 @@ > authctxt->user); > > /* Special handling for root */ >- if (authenticated && authctxt->pw->pw_uid == 0 && >+ if (authenticated && authctxt->pw->pw_uid == ROOTUID && > !auth_root_allowed(method)) { > authenticated = 0; > #ifdef SSH_AUDIT_EVENTS >--- session.c.orig 2005-08-31 11:59:49.000000000 -0500 >+++ session.c >@@ -331,7 +331,7 @@ > break; > } > debug("Received TCP/IP port forwarding request."); >- channel_input_port_forward_request(s->pw->pw_uid == 0, options.gateway_ports); >+ channel_input_port_forward_request(s->pw->pw_uid == ROOTUID, options.gateway_ports); > success = 1; > break; > >@@ -930,7 +930,7 @@ > if (tmpenv == NULL) > return; > >- if (uid == 0) >+ if (uid == ROOTUID) > var = child_get_env(tmpenv, "SUPATH"); > else > var = child_get_env(tmpenv, "PATH"); >@@ -1036,7 +1036,7 @@ > # endif /* HAVE_ETC_DEFAULT_LOGIN */ > if (path == NULL || *path == '\0') { > child_set_env(&env, &envsize, "PATH", >- s->pw->pw_uid == 0 ? >+ s->pw->pw_uid == ROOTUID ? > SUPERUSER_PATH : _PATH_STDPATH); > } > # endif /* HAVE_CYGWIN */ >@@ -2052,7 +2066,7 @@ > record_logout(s->pid, s->tty, s->pw->pw_name); > > /* Release the pseudo-tty. */ >- if (getuid() == 0) >+ if (getuid() == ROOTUID) > pty_release(s->tty); > > /* >--- sshpty.c.orig 2004-06-21 22:56:02.000000000 -0400 >+++ sshpty.c >@@ -62,7 +62,7 @@ pty_allocate(int *ptyfd, int *ttyfd, cha > void > pty_release(const char *tty) > { >- if (chown(tty, (uid_t) 0, (gid_t) 0) < 0) >+ if (chown(tty, (uid_t) ROOTUID, (gid_t) ROOTGID) < 0) > error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno)); > if (chmod(tty, (mode_t) 0666) < 0) > error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno)); >@@ -203,7 +203,7 @@ pty_setowner(struct passwd *pw, const ch > if (st.st_uid != pw->pw_uid || st.st_gid != gid) { > if (chown(tty, pw->pw_uid, gid) < 0) { > if (errno == EROFS && >- (st.st_uid == pw->pw_uid || st.st_uid == 0)) >+ (st.st_uid == pw->pw_uid || st.st_uid == ROOTUID)) > debug("chown(%.100s, %u, %u) failed: %.100s", > tty, (u_int)pw->pw_uid, (u_int)gid, > strerror(errno)); >--- uidswap.c.orig 2005-02-22 01:57:13.000000000 -0500 >+++ uidswap.c >@@ -57,13 +57,13 @@ temporarily_use_uid(struct passwd *pw) > (u_int)pw->pw_uid, (u_int)pw->pw_gid, > (u_int)saved_euid, (u_int)saved_egid); > #ifndef HAVE_CYGWIN >- if (saved_euid != 0) { >+ if (saved_euid != ROOTUID) { > privileged = 0; > return; > } > #endif > #else >- if (geteuid() != 0) { >+ if (geteuid() != ROOTUID) { > privileged = 0; > return; > } >--- sshd.c.orig 2005-07-26 06:54:56.000000000 -0500 >+++ sshd.c >@@ -617,7 +622,7 @@ > close(pmonitor->m_sendfd); > > /* Demote the child */ >- if (getuid() == 0 || geteuid() == 0) >+ if (getuid() == ROOTUID || geteuid() == ROOTUID) > privsep_preauth_child(); > setproctitle("%s", "[net]"); > } >@@ -630,7 +635,7 @@ > #ifdef DISABLE_FD_PASSING > if (1) { > #else >- if (authctxt->pw->pw_uid == 0 || options.use_login) { >+ if (authctxt->pw->pw_uid == ROOTUID || options.use_login) { > #endif > /* File descriptor passing is broken or root login */ > monitor_apply_keystate(pmonitor); >@@ -911,7 +916,7 @@ > av = saved_argv; > #endif > >- if (geteuid() == 0 && setgroups(0, NULL) == -1) >+ if (geteuid() == ROOTUID && setgroups(0, NULL) == -1) > debug("setgroups(): %.200s", strerror(errno)); > > /* Initialize configuration options to their default values. */ >@@ -1168,7 +1173,7 @@ > (st.st_uid != getuid () || > (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)) > #else >- if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) >+ if (st.st_uid != ROOTUID || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) > #endif > fatal("%s must be owned by root and not group or " > "world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1114
: 1022 |
1026