Attachment 1022 Details for Bug 1114 – Patch abstracting root uid/gid to ROOTUID/ROOTGID macros

[patch] Patch abstracting root uid/gid to ROOTUID/ROOTGID macros

x (text/plain), 7.00 KB, created by Todd Vierling on 2005-11-05 15:32:47 AEDT

(hide)

Description:

Filename:

MIME Type:

Creator: Todd Vierling

Created: 2005-11-05 15:32:47 AEDT

Size: 7.00 KB

patch

obsolete

>--- defines.h.orig	2005-08-31 11:59:49.000000000 -0500
>+++ defines.h
>@@ -30,6 +30,15 @@
> 
> /* Constants */
> 
>+#ifdef HAVE_INTERIX
>+/* Interix has a special concept of "administrator". */
>+# define ROOTUID	197108
>+# define ROOTGID	131616
>+#else
>+# define ROOTUID	0
>+# define ROOTGID	0
>+#endif
>+
> #ifndef SHUT_RDWR
> enum
> {
>--- auth-passwd.c.orig	2005-07-26 06:54:12.000000000 -0500
>+++ auth-passwd.c
>@@ -78,7 +78,7 @@
> #endif
> 
> #ifndef HAVE_CYGWIN
>-	if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
>+	if (pw->pw_uid == ROOTUID && options.permit_root_login != PERMIT_YES)
> 		ok = 0;
> #endif
> 	if (*password == '\0' && options.permit_empty_passwd == 0)
>--- auth-rhosts.c.orig	2003-11-17 05:13:41.000000000 -0500
>+++ auth-rhosts.c
>@@ -198,7 +198,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
> 		return 0;
> 
> 	/* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */
>-	if (pw->pw_uid != 0) {
>+	if (pw->pw_uid != ROOTUID) {
> 		if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,
> 		    client_user, pw->pw_name)) {
> 			auth_debug_add("Accepted for %.100s [%.100s] by /etc/hosts.equiv.",
>@@ -224,7 +224,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
> 		return 0;
> 	}
> 	if (options.strict_modes &&
>-	    ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
>+	    ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) ||
> 	    (st.st_mode & 022) != 0)) {
> 		logit("Rhosts authentication refused for %.100s: "
> 		    "bad ownership or modes for home directory.", pw->pw_name);
>@@ -251,7 +251,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
> 		 * allowing access to their account by anyone.
> 		 */
> 		if (options.strict_modes &&
>-		    ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
>+		    ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) ||
> 		    (st.st_mode & 022) != 0)) {
> 			logit("Rhosts authentication refused for %.100s: bad modes for %.200s",
> 			    pw->pw_name, buf);
>--- auth.c.orig	2005-08-31 11:59:49.000000000 -0500
>+++ auth.c
>@@ -388,7 +388,7 @@
> 		user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
> 		if (options.strict_modes &&
> 		    (stat(user_hostfile, &st) == 0) &&
>-		    ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
>+		    ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) ||
> 		    (st.st_mode & 022) != 0)) {
> 			logit("Authentication refused for %.100s: "
> 			    "bad owner or modes for %.200s",
>@@ -441,7 +441,7 @@
> 
> 	/* check the open file to avoid races */
> 	if (fstat(fileno(f), &st) < 0 ||
>-	    (st.st_uid != 0 && st.st_uid != uid) ||
>+	    (st.st_uid != ROOTUID && st.st_uid != uid) ||
> 	    (st.st_mode & 022) != 0) {
> 		snprintf(err, errlen, "bad ownership or modes for file %s",
> 		    buf);
>@@ -458,7 +458,7 @@
> 
> 		debug3("secure_filename: checking '%s'", buf);
> 		if (stat(buf, &st) < 0 ||
>-		    (st.st_uid != 0 && st.st_uid != uid) ||
>+		    (st.st_uid != ROOTUID && st.st_uid != uid) ||
> 		    (st.st_mode & 022) != 0) {
> 			snprintf(err, errlen,
> 			    "bad ownership or modes for directory %s", buf);
>--- auth1.c.orig	2005-07-17 02:26:44.000000000 -0500
>+++ auth1.c
>@@ -307,7 +307,7 @@
> 		}
> #else
> 		/* Special handling for root */
>-		if (authenticated && authctxt->pw->pw_uid == 0 &&
>+		if (authenticated && authctxt->pw->pw_uid == ROOTUID &&
> 		    !auth_root_allowed(meth->name)) {
>  			authenticated = 0;
> # ifdef SSH_AUDIT_EVENTS
>--- auth2.c.orig	2005-07-17 02:26:44.000000000 -0500
>+++ auth2.c
>@@ -216,7 +216,7 @@
> 		    authctxt->user);
> 
> 	/* Special handling for root */
>-	if (authenticated && authctxt->pw->pw_uid == 0 &&
>+	if (authenticated && authctxt->pw->pw_uid == ROOTUID &&
> 	    !auth_root_allowed(method)) {
> 		authenticated = 0;
> #ifdef SSH_AUDIT_EVENTS
>--- session.c.orig	2005-08-31 11:59:49.000000000 -0500
>+++ session.c
>@@ -331,7 +331,7 @@
> 				break;
> 			}
> 			debug("Received TCP/IP port forwarding request.");
>-			channel_input_port_forward_request(s->pw->pw_uid == 0, options.gateway_ports);
>+			channel_input_port_forward_request(s->pw->pw_uid == ROOTUID, options.gateway_ports);
> 			success = 1;
> 			break;
> 
>@@ -930,7 +930,7 @@
> 	if (tmpenv == NULL)
> 		return;
> 
>-	if (uid == 0)
>+	if (uid == ROOTUID)
> 		var = child_get_env(tmpenv, "SUPATH");
> 	else
> 		var = child_get_env(tmpenv, "PATH");
>@@ -1036,7 +1036,7 @@
> #  endif /* HAVE_ETC_DEFAULT_LOGIN */
> 		if (path == NULL || *path == '\0') {
> 			child_set_env(&env, &envsize, "PATH",
>-			    s->pw->pw_uid == 0 ?
>+			    s->pw->pw_uid == ROOTUID ?
> 				SUPERUSER_PATH : _PATH_STDPATH);
> 		}
> # endif /* HAVE_CYGWIN */
>@@ -2052,7 +2066,7 @@
> 		record_logout(s->pid, s->tty, s->pw->pw_name);
> 
> 	/* Release the pseudo-tty. */
>-	if (getuid() == 0)
>+	if (getuid() == ROOTUID)
> 		pty_release(s->tty);
> 
> 	/*
>--- sshpty.c.orig	2004-06-21 22:56:02.000000000 -0400
>+++ sshpty.c
>@@ -62,7 +62,7 @@ pty_allocate(int *ptyfd, int *ttyfd, cha
> void
> pty_release(const char *tty)
> {
>-	if (chown(tty, (uid_t) 0, (gid_t) 0) < 0)
>+	if (chown(tty, (uid_t) ROOTUID, (gid_t) ROOTGID) < 0)
> 		error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno));
> 	if (chmod(tty, (mode_t) 0666) < 0)
> 		error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno));
>@@ -203,7 +203,7 @@ pty_setowner(struct passwd *pw, const ch
> 	if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
> 		if (chown(tty, pw->pw_uid, gid) < 0) {
> 			if (errno == EROFS &&
>-			    (st.st_uid == pw->pw_uid || st.st_uid == 0))
>+			    (st.st_uid == pw->pw_uid || st.st_uid == ROOTUID))
> 				debug("chown(%.100s, %u, %u) failed: %.100s",
> 				    tty, (u_int)pw->pw_uid, (u_int)gid,
> 				    strerror(errno));
>--- uidswap.c.orig	2005-02-22 01:57:13.000000000 -0500
>+++ uidswap.c
>@@ -57,13 +57,13 @@ temporarily_use_uid(struct passwd *pw)
> 	    (u_int)pw->pw_uid, (u_int)pw->pw_gid,
> 	    (u_int)saved_euid, (u_int)saved_egid);
> #ifndef HAVE_CYGWIN
>-	if (saved_euid != 0) {
>+	if (saved_euid != ROOTUID) {
> 		privileged = 0;
> 		return;
> 	}
> #endif
> #else
>-	if (geteuid() != 0) {
>+	if (geteuid() != ROOTUID) {
> 		privileged = 0;
> 		return;
> 	}
>--- sshd.c.orig	2005-07-26 06:54:56.000000000 -0500
>+++ sshd.c
>@@ -617,7 +622,7 @@
> 		close(pmonitor->m_sendfd);
> 
> 		/* Demote the child */
>-		if (getuid() == 0 || geteuid() == 0)
>+		if (getuid() == ROOTUID || geteuid() == ROOTUID)
> 			privsep_preauth_child();
> 		setproctitle("%s", "[net]");
> 	}
>@@ -630,7 +635,7 @@
> #ifdef DISABLE_FD_PASSING
> 	if (1) {
> #else
>-	if (authctxt->pw->pw_uid == 0 || options.use_login) {
>+	if (authctxt->pw->pw_uid == ROOTUID || options.use_login) {
> #endif
> 		/* File descriptor passing is broken or root login */
> 		monitor_apply_keystate(pmonitor);
>@@ -911,7 +916,7 @@
> 	av = saved_argv;
> #endif
> 
>-	if (geteuid() == 0 && setgroups(0, NULL) == -1)
>+	if (geteuid() == ROOTUID && setgroups(0, NULL) == -1)
> 		debug("setgroups(): %.200s", strerror(errno));
> 
> 	/* Initialize configuration options to their default values. */
>@@ -1168,7 +1173,7 @@
> 		    (st.st_uid != getuid () ||
> 		    (st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
> #else
>-		if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
>+		if (st.st_uid != ROOTUID || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
> #endif
> 			fatal("%s must be owned by root and not group or "
> 			    "world-writable.", _PATH_PRIVSEP_CHROOT_DIR);

Actions: View | Diff

Attachments on bug 1114: 1022 | 1026