Attachment #1944 for bug #1832

View | Details | Raw Unified | Return to bug 1832
Collapse All | Expand All

Lines 53-58 Link Here

(-)openssh-5.5p1.orig/auth-passwd.c (+14 lines)
53	#include "hostfile.h"	53	#include "hostfile.h"
54	#include "auth.h"	54	#include "auth.h"
55	#include "auth-options.h"	55	#include "auth-options.h"
		56	#include "misc.h"
		57
		58	#ifdef __INTERIX
		59	# include <interix/security.h>
		60	extern char* InterixPwdToken;
		61	#endif
56		62
57	extern Buffer loginmsg;	63	extern Buffer loginmsg;
58	extern ServerOptions options;	64	extern ServerOptions options;
Lines 111-116 Link Here
111	return ok;	117	return ok;
112	}	118	}
113	#endif	119	#endif
		120	#ifdef __INTERIX
		121	if(setuser(authctxt->user, password, SU_CHECK) == 0) {
		122	InterixPwdToken = xstrdup(password);
		123	return ok;
		124	} else {
		125	return 0;
		126	}
		127	#endif
114	#ifdef USE_PAM	128	#ifdef USE_PAM
115	if (options.use_pam)	129	if (options.use_pam)
116	return (sshpam_auth_passwd(authctxt, password) && ok);	130	return (sshpam_auth_passwd(authctxt, password) && ok);





	pw = getpwnam(user);

#ifdef __INTERIX
    /* on windows, if there is no such user in the principal domain
	 * (which is checked by default), we also have a look at the
	 * local accounts by prefixing the username with the hostname
	 */
	if (pw == NULL) {
		char *tmp = xmalloc(MAXHOSTNAMELEN + strlen(user) + 2);

		if(gethostname(tmp, MAXHOSTNAMELEN) == 0) {
			strcat(tmp, "+");
			strcat(tmp, user);

			pw = getpwnam(tmp);

			if(pw)
				debug2("found local %s as fallback for principal domain", tmp);
		}

        xfree(tmp);
	}
#endif /* __INTERIX */

#if defined(_AIX) && defined(HAVE_SETAUTHDB)
	aix_restoreauthdb();
#endif




		file descriptor passing])
	AC_DEFINE(SSH_IOBUFSZ, 65535, [Windows is sensitive to read buffer size])
	;;
*-*-interix*)
	AC_DEFINE(MISSING_HOWMANY, 1, [howmany macro is missing])
	AC_DEFINE(DISABLE_LOGIN, 1,
		[Define if you don't want to use your system's login() call])
	AC_DEFINE(DISABLE_SHADOW, 1,
	    [Define if you want to disable shadow passwords])
	AC_DEFINE(IP_TOS_IS_BROKEN, 1,
	    [Define if your system choked on IP TOS setting])
	AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
	    [Define if the concept of ports only accessible to
		superusers isn't known])
	AC_DEFINE(DISABLE_FD_PASSING, 1,
		[Define if your platform needs to skip post auth
		file descriptor passing])
	AC_DEFINE(LOGIN_NO_ENDOPT, 1,
	    [Define if your login program cannot handle end of options ("--")])
	SSHDLIBS="$SSHDLIBS -lcrypt"
	;;
*-*-dgux*)
	AC_DEFINE(IP_TOS_IS_BROKEN, 1,
		[Define if your system choked on IP TOS setting])

dnl    Checks for lastlog functions
AC_CHECK_FUNCS(getlastlogxbyname)

dnl    Checks for res_query function
AC_CHECK_FUNC(res_query,
    [AC_DEFINE(HAVE_RES_QUERY, 1, [Define if your system has res_query()])],
    [AC_CHECK_LIB(resolv, res_query,
        [LIBS="$LIBS -lresolv"; AC_DEFINE(HAVE_RES_QUERY)])]
)

AC_CHECK_FUNC(daemon,
	[AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
	[AC_CHECK_LIB(bsd, daemon,

Lines 732-738 Link Here

(-)openssh-5.5p1.orig/defines.h (-1 / +5 lines)
732	#endif	732	#endif
733		733
734	#ifndef IOV_MAX	734	#ifndef IOV_MAX
735	# if defined(_XOPEN_IOV_MAX)	735	# ifdef __INTERIX
		736	// Interix: has _XOPEN_IOV_MAX = INT_MAX which breaks
		737	// the compilation, since an iovec array of INT_MAX is too large
		738	# define IOV_MAX _SC_IOV_MAX
		739	# elif defined(_XOPEN_IOV_MAX)
736	# define IOV_MAX _XOPEN_IOV_MAX	740	# define IOV_MAX _XOPEN_IOV_MAX
737	# elif defined(DEF_IOV_MAX)	741	# elif defined(DEF_IOV_MAX)
738	# define IOV_MAX DEF_IOV_MAX	742	# define IOV_MAX DEF_IOV_MAX

Lines 45-51 Link Here

(-)openssh-5.5p1.orig/hostfile.c (-1 / +3 lines)
45	#include <openssl/hmac.h>	45	#include <openssl/hmac.h>
46	#include <openssl/sha.h>	46	#include <openssl/sha.h>
47		47
48	#include <resolv.h>	48	#ifndef __INTERIX
		49	# include <resolv.h>
		50	#endif
49	#include <stdarg.h>	51	#include <stdarg.h>
50	#include <stdio.h>	52	#include <stdio.h>
51	#include <stdlib.h>	53	#include <stdlib.h>




#endif /* HAVE_TRUNCATE */

#if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP)
#ifndef __INTERIX
#ifndef HAVE_STRUCT_TIMESPEC
struct timespec {
	time_t	tv_sec;
	long	tv_nsec;
};
#endif
#endif
int nanosleep(const struct timespec *, struct timespec *);
#endif


Lines 61-66 Link Here

(-)openssh-5.5p1.orig/openbsd-compat/getrrsetbyname.c (+14 lines)
61	extern int h_errno;	61	extern int h_errno;
62	#endif	62	#endif
63		63
		64	/* on interix, all this stuff won't work that easy
		65	* so we skip it for now. */
		66	#ifndef __INTERIX
		67
64	/* We don't need multithread support here */	68	/* We don't need multithread support here */
65	#ifdef _THREAD_PRIVATE	69	#ifdef _THREAD_PRIVATE
66	# undef _THREAD_PRIVATE	70	# undef _THREAD_PRIVATE
Lines 182-192 Link Here
182		186
183	static int count_dns_rr(struct dns_rr *, u_int16_t, u_int16_t);	187	static int count_dns_rr(struct dns_rr *, u_int16_t, u_int16_t);
184		188
		189	#endif /* __INTERIX */
		190
185	int	191	int
186	getrrsetbyname(const char *hostname, unsigned int rdclass,	192	getrrsetbyname(const char *hostname, unsigned int rdclass,
187	unsigned int rdtype, unsigned int flags,	193	unsigned int rdtype, unsigned int flags,
188	struct rrsetinfo **res)	194	struct rrsetinfo **res)
189	{	195	{
		196	#ifndef HAVE_RES_QUERY
		197	return (ERRSET_FAIL);
		198	#else
190	struct __res_state *_resp = _THREAD_PRIVATE(_res, _res, &_res);	199	struct __res_state *_resp = _THREAD_PRIVATE(_res, _res, &_res);
191	int result;	200	int result;
192	struct rrsetinfo *rrset = NULL;	201	struct rrsetinfo *rrset = NULL;
Lines 343-348 Link Here
343	if (response != NULL)	352	if (response != NULL)
344	free_dns_response(response);	353	free_dns_response(response);
345	return (result);	354	return (result);
		355	#endif /* HAVE_RES_QUERY */
346	}	356	}
347		357
348	void	358	void
Lines 376-381 Link Here
376	free(rrset);	386	free(rrset);
377	}	387	}
378		388
		389	#ifndef __INTERIX
		390
379	/*	391	/*
380	* DNS response parsing routines	392	* DNS response parsing routines
381	*/	393	*/
Lines 607-610 Link Here
607	return (n);	619	return (n);
608	}	620	}
609		621
		622	#endif /* __INTERIX */
		623
610	#endif /* !defined(HAVE_GETRRSETBYNAME) */	624	#endif /* !defined(HAVE_GETRRSETBYNAME) */

Lines 54-62 Link Here

(-)openssh-5.5p1.orig/openbsd-compat/getrrsetbyname.h (-2 / +4 lines)
54		54
55	#include <sys/types.h>	55	#include <sys/types.h>
56	#include <netinet/in.h>	56	#include <netinet/in.h>
57	#include <arpa/nameser.h>	57	#ifndef __INTERIX
		58	# include <arpa/nameser.h>
		59	# include <resolv.h>
		60	#endif
58	#include <netdb.h>	61	#include <netdb.h>
59	#include <resolv.h>
60		62
61	#ifndef HFIXEDSZ	63	#ifndef HFIXEDSZ
62	#define HFIXEDSZ 12	64	#define HFIXEDSZ 12

Lines 27-33 Link Here

(-)openssh-5.5p1.orig/openbsd-compat/inet_ntop.c (-1 / +3 lines)
27	#include <sys/socket.h>	27	#include <sys/socket.h>
28	#include <netinet/in.h>	28	#include <netinet/in.h>
29	#include <arpa/inet.h>	29	#include <arpa/inet.h>
30	#include <arpa/nameser.h>	30	#ifndef __INTERIX
		31	# include <arpa/nameser.h>
		32	#endif
31	#include <string.h>	33	#include <string.h>
32	#include <errno.h>	34	#include <errno.h>
33	#include <stdio.h>	35	#include <stdio.h>




#include "monitor_wrap.h"
#include "sftp.h"

#ifdef __INTERIX
# include <interix/env.h>
# include <interix/security.h>
char* InterixPwdToken = NULL;

#define INTERIX_PWD_WARNING \
    "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n" \
    "@ WARNING: Due to limitations in the POSIX Subsystem and Win32  @\n" \
    "@     a Password is required to acquire a full authentication.  @\n" \
    "@     Without such an authentication token, certain things will @\n" \
    "@     only be available in a very limited way (Visual Studio's  @\n" \
    "@     link.exe can only link without debug information, network @\n" \
    "@     shares that require user authentication don't fully work, @\n" \
    "@     etc.). However if you don't require those things to work, @\n" \
    "@     you may be just fine without password (public-key, etc.). @\n" \
    "@ To obtain a full authentication you need to use password      @\n" \
    "@ authentication at the moment. To do so, remove your public    @\n" \
    "@ key from your ~/.ssh/authorized_keys[2] file(s).              @\n" \
    "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n"
#endif

#if defined(KRB5) && defined(USE_AFS)
#include <kafs.h>
#endif

	}
#endif

#ifdef __INTERIX
	{
		/* new stuff: create a full windows login environment */
		struct passwd* fullpw = getpwuid_ex(pw->pw_uid, PW_FULLNAME);
		env_t* w_env = env_login(fullpw);
		
		copy_environment(env_array(w_env), &env, &envsize);
		env_free(w_env);
	}
#endif

#ifdef GSSAPI
	/* Allow any GSSAPI methods that we've used to alter
	 * the childs environment as they see fit

			perror("setgid");
			exit(1);
		}
#ifndef __INTERIX
		/* Initialize the group list. */
		if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
			perror("initgroups");
			exit(1);
		}
#endif
		endgrent();
# ifdef USE_PAM
		/*

			exit(1);
		}
#else
#ifdef __INTERIX
		/* on interix, to get a full env, we _need_ the plain text
		 * password during this! */
		if(InterixPwdToken) {
			debug2("re-setting user password");
			strcpy(pw->pw_passwd, InterixPwdToken);
		} else {
			fprintf(stderr, INTERIX_PWD_WARNING);
		}
#endif
		/* Permanently switch to the desired uid. */
		permanently_set_uid(pw);

#ifdef __INTERIX
		/* after authentication, wipe out the memorized password
		 * for increased security (tm) */
		if(InterixPwdToken) {
			memset(InterixPwdToken, 0, strlen(InterixPwdToken));
			memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
			strcpy(pw->pw_passwd, "*");
			debug2("wiped password from memory");
		}
#endif
#endif
	}


launch_login(struct passwd *pw, const char *hostname)
{
	/* Launch login(1). */
	#ifdef __INTERIX
	/* -f only works if the user is already autheticated as the requested user */
	if (!InterixPwdToken)
		fprintf(stderr, INTERIX_PWD_WARNING);
	if (setuser(pw->pw_name, InterixPwdToken, SU_COMPLETE))
		fatal("setuser %.100s: %.100s", pw->pw_name, strerror(errno));
	#endif

	execl(LOGIN_PROGRAM, "login", "-h", hostname,
#ifdef xxxLOGIN_NEEDS_TERM

Lines 137-142 Link Here

(-)openssh-5.5p1.orig/sshd.c (+37 lines)
137	#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3)	137	#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3)
138	#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4)	138	#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4)
139		139
		140	#ifdef __INTERIX
		141	# include <interix/security.h>
		142	#endif
		143
140	extern char *__progname;	144	extern char *__progname;
141		145
142	/* Server configuration options. */	146	/* Server configuration options. */
Lines 236-242 Link Here
236	int startup_pipe; /* in child */	240	int startup_pipe; /* in child */
237		241
238	/* variables used for privilege separation */	242	/* variables used for privilege separation */
		243	#ifdef __INTERIX
		244	int use_privsep = 0;
		245	#else
239	int use_privsep = -1;	246	int use_privsep = -1;
		247	#endif
240	struct monitor *pmonitor = NULL;	248	struct monitor *pmonitor = NULL;
241		249
242	/* global authentication context */	250	/* global authentication context */
Lines 613-620 Link Here
613	do_setusercontext(privsep_pw);	621	do_setusercontext(privsep_pw);
614	#else	622	#else
615	gidset[0] = privsep_pw->pw_gid;	623	gidset[0] = privsep_pw->pw_gid;
		624	#ifndef __INTERIX
616	if (setgroups(1, gidset) < 0)	625	if (setgroups(1, gidset) < 0)
617	fatal("setgroups: %.100s", strerror(errno));	626	fatal("setgroups: %.100s", strerror(errno));
		627	#endif
618	permanently_set_uid(privsep_pw);	628	permanently_set_uid(privsep_pw);
619	#endif	629	#endif
620	}	630	}
Lines 1310-1317 Link Here
1310	av = saved_argv;	1320	av = saved_argv;
1311	#endif	1321	#endif
1312		1322
		1323	#ifndef __INTERIX
1313	if (geteuid() == 0 && setgroups(0, NULL) == -1)	1324	if (geteuid() == 0 && setgroups(0, NULL) == -1)
1314	debug("setgroups(): %.200s", strerror(errno));	1325	debug("setgroups(): %.200s", strerror(errno));
		1326	#endif
1315		1327
1316	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */	1328	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
1317	sanitise_stdfd();	1329	sanitise_stdfd();
Lines 1532-1537 Link Here
1532		1544
1533	debug("sshd version %.100s", SSH_RELEASE);	1545	debug("sshd version %.100s", SSH_RELEASE);
1534		1546
		1547	#ifdef __INTERIX
		1548	/* on interix >= 6, there is a problem is sshd is started from init:
		1549	* even though the process runs as "Administrator", it seems that
		1550	* the authentication token is pretty much stripped down, so it is
		1551	* not possible for the process to impersonate another user.
		1552	* impersonating ourself works around the problem by creating a full
		1553	* authetication token for the current user (Administrator...), which
		1554	* then is allowed to set uid/gid of any other user as normal. */
		1555	if(getuid() == 0) {
		1556	struct passwd* _admin = getpwuid(getuid());
		1557
		1558	if(!_admin) {
		1559	fatal("Cannot retrieve user information for current user!\n");
		1560	}
		1561
		1562	debug3("impersonating %s to upgrade authentication token\n", _admin->pw_name);
		1563
		1564	if(setuser(_admin->pw_name, NULL, SU_COMPLETE) != 0) {
		1565	fatal("Cannot obtain full authentication for current user: %s\n", strerror(errno));
		1566	}
		1567	}
		1568	#endif
		1569
1535	/* Store privilege separation user for later use if required. */	1570	/* Store privilege separation user for later use if required. */
1536	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {	1571	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
1537	if (use_privsep \|\| options.kerberos_authentication)	1572	if (use_privsep \|\| options.kerberos_authentication)
Lines 1688-1695 Link Here
1688	* to create a file, and we can't control the code in every	1723	* to create a file, and we can't control the code in every
1689	* module which might be used).	1724	* module which might be used).
1690	*/	1725	*/
		1726	#ifndef __INTERIX
1691	if (setgroups(0, NULL) < 0)	1727	if (setgroups(0, NULL) < 0)
1692	debug("setgroups() failed: %.200s", strerror(errno));	1728	debug("setgroups() failed: %.200s", strerror(errno));
		1729	#endif
1693		1730
1694	if (rexec_flag) {	1731	if (rexec_flag) {
1695	rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *));	1732	rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *));

Lines 14-19 Link Here

(-)openssh-5.5p1.orig/uidswap.c (-3 / +21 lines)
14		14
15	#include "includes.h"	15	#include "includes.h"
16		16
		17	#ifdef __INTERIX
		18	# include <interix/security.h>
		19	#endif
		20
17	#include <sys/param.h>	21	#include <sys/param.h>
18	#include <errno.h>	22	#include <errno.h>
19	#include <pwd.h>	23	#include <pwd.h>
Lines 81-86 Link Here
81	privileged = 1;	85	privileged = 1;
82	temporarily_use_uid_effective = 1;	86	temporarily_use_uid_effective = 1;
83		87
		88	#ifndef __INTERIX
84	saved_egroupslen = getgroups(0, NULL);	89	saved_egroupslen = getgroups(0, NULL);
85	if (saved_egroupslen < 0)	90	if (saved_egroupslen < 0)
86	fatal("getgroups: %.100s", strerror(errno));	91	fatal("getgroups: %.100s", strerror(errno));
Lines 116-121 Link Here
116	/* Set the effective uid to the given (unprivileged) uid. */	121	/* Set the effective uid to the given (unprivileged) uid. */
117	if (setgroups(user_groupslen, user_groups) < 0)	122	if (setgroups(user_groupslen, user_groups) < 0)
118	fatal("setgroups: %.100s", strerror(errno));	123	fatal("setgroups: %.100s", strerror(errno));
		124	#endif
119	#ifndef SAVED_IDS_WORK_WITH_SETEUID	125	#ifndef SAVED_IDS_WORK_WITH_SETEUID
120	/* Propagate the privileged gid to all of our gids. */	126	/* Propagate the privileged gid to all of our gids. */
121	if (setgid(getegid()) < 0)	127	if (setgid(getegid()) < 0)
Lines 153-159 Link Here
153	fatal("setuid %u: %.100s", (u_int)uid, strerror(errno));	159	fatal("setuid %u: %.100s", (u_int)uid, strerror(errno));
154	#endif	160	#endif
155		161
156	#ifndef HAVE_CYGWIN	162	#if !defined(HAVE_CYGWIN) && !defined(__INTERIX)
157	/* Try restoration of UID if changed (test clearing of saved uid) */	163	/* Try restoration of UID if changed (test clearing of saved uid) */
158	if (old_uid != uid &&	164	if (old_uid != uid &&
159	(setuid(old_uid) != -1 \|\| seteuid(old_uid) != -1))	165	(setuid(old_uid) != -1 \|\| seteuid(old_uid) != -1))
Lines 198-205 Link Here
198	setgid(getgid());	204	setgid(getgid());
199	#endif /* SAVED_IDS_WORK_WITH_SETEUID */	205	#endif /* SAVED_IDS_WORK_WITH_SETEUID */
200		206
		207	#ifndef __INTERIX
201	if (setgroups(saved_egroupslen, saved_egroups) < 0)	208	if (setgroups(saved_egroupslen, saved_egroups) < 0)
202	fatal("setgroups: %.100s", strerror(errno));	209	fatal("setgroups: %.100s", strerror(errno));
		210	#endif
203	temporarily_use_uid_effective = 0;	211	temporarily_use_uid_effective = 0;
204	}	212	}
205		213
Lines 220-225 Link Here
220	debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,	228	debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
221	(u_int)pw->pw_gid);	229	(u_int)pw->pw_gid);
222		230
		231	#ifdef __INTERIX
		232	if (strcmp(pw->pw_passwd, "*") == 0) {
		233	if (setuser(pw->pw_name, NULL, SU_COMPLETE))
		234	fatal("setuser %.100s: %.100s", pw->pw_name, strerror(errno));
		235	} else {
		236	if (setuser(pw->pw_name, pw->pw_passwd, SU_COMPLETE))
		237	fatal("setuser %.100s: %.100s", pw->pw_name, strerror(errno));
		238	}
		239	#else
223	#if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID)	240	#if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID)
224	if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)	241	if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)
225	fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));	242	fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
Lines 257-264 Link Here
257	if (setuid(pw->pw_uid) < 0)	274	if (setuid(pw->pw_uid) < 0)
258	fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));	275	fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
259	#endif	276	#endif
		277	#endif /* __INTERIX */
260		278
261	#ifndef HAVE_CYGWIN	279	#if !defined(HAVE_CYGWIN) && !defined(__INTERIX)
262	/* Try restoration of GID if changed (test clearing of saved gid) */	280	/* Try restoration of GID if changed (test clearing of saved gid) */
263	if (old_gid != pw->pw_gid && pw->pw_uid != 0 &&	281	if (old_gid != pw->pw_gid && pw->pw_uid != 0 &&
264	(setgid(old_gid) != -1 \|\| setegid(old_gid) != -1))	282	(setgid(old_gid) != -1 \|\| setegid(old_gid) != -1))
Lines 272-278 Link Here
272	(u_int)pw->pw_gid);	290	(u_int)pw->pw_gid);
273	}	291	}
274		292
275	#ifndef HAVE_CYGWIN	293	#if !defined(HAVE_CYGWIN) && !defined(__INTERIX)
276	/* Try restoration of UID if changed (test clearing of saved uid) */	294	/* Try restoration of UID if changed (test clearing of saved uid) */
277	if (old_uid != pw->pw_uid &&	295	if (old_uid != pw->pw_uid &&
278	(setuid(old_uid) != -1 \|\| seteuid(old_uid) != -1))	296	(setuid(old_uid) != -1 \|\| seteuid(old_uid) != -1))

Lines 27-33 Link Here

(-)openssh-5.5p1.orig/uuencode.c (-1 / +3 lines)
27		27
28	#include <sys/types.h>	28	#include <sys/types.h>
29	#include <netinet/in.h>	29	#include <netinet/in.h>
30	#include <resolv.h>	30	#ifndef __INTERIX
		31	# include <resolv.h>
		32	#endif
31	#include <stdio.h>	33	#include <stdio.h>
32		34
33	#include "xmalloc.h"	35	#include "xmalloc.h"

Return to bug 1832

Lines 541-546 Link Here

(-)openssh-5.5p1.orig/auth.c (+22 lines)
541		541
542	pw = getpwnam(user);	542	pw = getpwnam(user);
543		543
		544	#ifdef __INTERIX
		545	/* on windows, if there is no such user in the principal domain
		546	* (which is checked by default), we also have a look at the
		547	* local accounts by prefixing the username with the hostname
		548	*/
		549	if (pw == NULL) {
		550	char *tmp = xmalloc(MAXHOSTNAMELEN + strlen(user) + 2);
		551
		552	if(gethostname(tmp, MAXHOSTNAMELEN) == 0) {
		553	strcat(tmp, "+");
		554	strcat(tmp, user);
		555
		556	pw = getpwnam(tmp);
		557
		558	if(pw)
		559	debug2("found local %s as fallback for principal domain", tmp);
		560	}
		561
		562	xfree(tmp);
		563	}
		564	#endif /* __INTERIX */
		565
544	#if defined(_AIX) && defined(HAVE_SETAUTHDB)	566	#if defined(_AIX) && defined(HAVE_SETAUTHDB)
545	aix_restoreauthdb();	567	aix_restoreauthdb();
546	#endif	568	#endif

Lines 448-453 Link Here

(-)openssh-5.5p1.orig/configure.ac (+25 lines)
448	file descriptor passing])	448	file descriptor passing])
449	AC_DEFINE(SSH_IOBUFSZ, 65535, [Windows is sensitive to read buffer size])	449	AC_DEFINE(SSH_IOBUFSZ, 65535, [Windows is sensitive to read buffer size])
450	;;	450	;;
		451	--interix*)
		452	AC_DEFINE(MISSING_HOWMANY, 1, [howmany macro is missing])
		453	AC_DEFINE(DISABLE_LOGIN, 1,
		454	[Define if you don't want to use your system's login() call])
		455	AC_DEFINE(DISABLE_SHADOW, 1,
		456	[Define if you want to disable shadow passwords])
		457	AC_DEFINE(IP_TOS_IS_BROKEN, 1,
		458	[Define if your system choked on IP TOS setting])
		459	AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
		460	[Define if the concept of ports only accessible to
		461	superusers isn't known])
		462	AC_DEFINE(DISABLE_FD_PASSING, 1,
		463	[Define if your platform needs to skip post auth
		464	file descriptor passing])
		465	AC_DEFINE(LOGIN_NO_ENDOPT, 1,
		466	[Define if your login program cannot handle end of options ("--")])
		467	SSHDLIBS="$SSHDLIBS -lcrypt"
		468	;;
451	--dgux*)	469	--dgux*)
452	AC_DEFINE(IP_TOS_IS_BROKEN, 1,	470	AC_DEFINE(IP_TOS_IS_BROKEN, 1,
453	[Define if your system choked on IP TOS setting])	471	[Define if your system choked on IP TOS setting])
Lines 1562-1567 Link Here
1562	dnl Checks for lastlog functions	1580	dnl Checks for lastlog functions
1563	AC_CHECK_FUNCS(getlastlogxbyname)	1581	AC_CHECK_FUNCS(getlastlogxbyname)
1564		1582
		1583	dnl Checks for res_query function
		1584	AC_CHECK_FUNC(res_query,
		1585	[AC_DEFINE(HAVE_RES_QUERY, 1, [Define if your system has res_query()])],
		1586	[AC_CHECK_LIB(resolv, res_query,
		1587	[LIBS="$LIBS -lresolv"; AC_DEFINE(HAVE_RES_QUERY)])]
		1588	)
		1589
1565	AC_CHECK_FUNC(daemon,	1590	AC_CHECK_FUNC(daemon,
1566	[AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],	1591	[AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1567	[AC_CHECK_LIB(bsd, daemon,	1592	[AC_CHECK_LIB(bsd, daemon,

Lines 68-79 Link Here

(-)openssh-5.5p1.orig/openbsd-compat/bsd-misc.h (+2 lines)
68	#endif /* HAVE_TRUNCATE */	68	#endif /* HAVE_TRUNCATE */
69		69
70	#if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP)	70	#if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP)
		71	#ifndef __INTERIX
71	#ifndef HAVE_STRUCT_TIMESPEC	72	#ifndef HAVE_STRUCT_TIMESPEC
72	struct timespec {	73	struct timespec {
73	time_t tv_sec;	74	time_t tv_sec;
74	long tv_nsec;	75	long tv_nsec;
75	};	76	};
76	#endif	77	#endif
		78	#endif
77	int nanosleep(const struct timespec , struct timespec );	79	int nanosleep(const struct timespec , struct timespec );
78	#endif	80	#endif
79		81

Lines 91-96 Link Here

(-)openssh-5.5p1.orig/session.c (+62 lines)
91	#include "monitor_wrap.h"	91	#include "monitor_wrap.h"
92	#include "sftp.h"	92	#include "sftp.h"
93		93
		94	#ifdef __INTERIX
		95	# include <interix/env.h>
		96	# include <interix/security.h>
		97	char* InterixPwdToken = NULL;
		98
		99	#define INTERIX_PWD_WARNING \
		100	"@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n" \
		101	"@ WARNING: Due to limitations in the POSIX Subsystem and Win32 @\n" \
		102	"@ a Password is required to acquire a full authentication. @\n" \
		103	"@ Without such an authentication token, certain things will @\n" \
		104	"@ only be available in a very limited way (Visual Studio's @\n" \
		105	"@ link.exe can only link without debug information, network @\n" \
		106	"@ shares that require user authentication don't fully work, @\n" \
		107	"@ etc.). However if you don't require those things to work, @\n" \
		108	"@ you may be just fine without password (public-key, etc.). @\n" \
		109	"@ To obtain a full authentication you need to use password @\n" \
		110	"@ authentication at the moment. To do so, remove your public @\n" \
		111	"@ key from your ~/.ssh/authorized_keys[2] file(s). @\n" \
		112	"@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n"
		113	#endif
		114
94	#if defined(KRB5) && defined(USE_AFS)	115	#if defined(KRB5) && defined(USE_AFS)
95	#include <kafs.h>	116	#include <kafs.h>
96	#endif	117	#endif
Lines 1142-1147 Link Here
1142	}	1163	}
1143	#endif	1164	#endif
1144		1165
		1166	#ifdef __INTERIX
		1167	{
		1168	/* new stuff: create a full windows login environment */
		1169	struct passwd* fullpw = getpwuid_ex(pw->pw_uid, PW_FULLNAME);
		1170	env_t* w_env = env_login(fullpw);
		1171
		1172	copy_environment(env_array(w_env), &env, &envsize);
		1173	env_free(w_env);
		1174	}
		1175	#endif
		1176
1145	#ifdef GSSAPI	1177	#ifdef GSSAPI
1146	/* Allow any GSSAPI methods that we've used to alter	1178	/* Allow any GSSAPI methods that we've used to alter
1147	* the childs environment as they see fit	1179	* the childs environment as they see fit
Lines 1504-1514 Link Here
1504	perror("setgid");	1536	perror("setgid");
1505	exit(1);	1537	exit(1);
1506	}	1538	}
		1539	#ifndef __INTERIX
1507	/* Initialize the group list. */	1540	/* Initialize the group list. */
1508	if (initgroups(pw->pw_name, pw->pw_gid) < 0) {	1541	if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
1509	perror("initgroups");	1542	perror("initgroups");
1510	exit(1);	1543	exit(1);
1511	}	1544	}
		1545	#endif
1512	endgrent();	1546	endgrent();
1513	# ifdef USE_PAM	1547	# ifdef USE_PAM
1514	/*	1548	/*
Lines 1572-1579 Link Here
1572	exit(1);	1606	exit(1);
1573	}	1607	}
1574	#else	1608	#else
		1609	#ifdef __INTERIX
		1610	/* on interix, to get a full env, we _need_ the plain text
		1611	* password during this! */
		1612	if(InterixPwdToken) {
		1613	debug2("re-setting user password");
		1614	strcpy(pw->pw_passwd, InterixPwdToken);
		1615	} else {
		1616	fprintf(stderr, INTERIX_PWD_WARNING);
		1617	}
		1618	#endif
1575	/* Permanently switch to the desired uid. */	1619	/* Permanently switch to the desired uid. */
1576	permanently_set_uid(pw);	1620	permanently_set_uid(pw);
		1621
		1622	#ifdef __INTERIX
		1623	/* after authentication, wipe out the memorized password
		1624	* for increased security (tm) */
		1625	if(InterixPwdToken) {
		1626	memset(InterixPwdToken, 0, strlen(InterixPwdToken));
		1627	memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
		1628	strcpy(pw->pw_passwd, "*");
		1629	debug2("wiped password from memory");
		1630	}
		1631	#endif
1577	#endif	1632	#endif
1578	}	1633	}
1579		1634
Lines 1607-1612 Link Here
1607	launch_login(struct passwd pw, const char hostname)	1662	launch_login(struct passwd pw, const char hostname)
1608	{	1663	{
1609	/* Launch login(1). */	1664	/* Launch login(1). */
		1665	#ifdef __INTERIX
		1666	/* -f only works if the user is already autheticated as the requested user */
		1667	if (!InterixPwdToken)
		1668	fprintf(stderr, INTERIX_PWD_WARNING);
		1669	if (setuser(pw->pw_name, InterixPwdToken, SU_COMPLETE))
		1670	fatal("setuser %.100s: %.100s", pw->pw_name, strerror(errno));
		1671	#endif
1610		1672
1611	execl(LOGIN_PROGRAM, "login", "-h", hostname,	1673	execl(LOGIN_PROGRAM, "login", "-h", hostname,
1612	#ifdef xxxLOGIN_NEEDS_TERM	1674	#ifdef xxxLOGIN_NEEDS_TERM