Hi Carson...
Here is what I have so far. This is a patch based on 2.5.2p2 with your
patch. So this is a patch on top of your patch. This patch allows
AuthOrder2 publickey:uidmatch,publickey:password
for the CygWin environment. It also highlites a couple of minor things I
found in your patch. When you have a 2.9p1 patch I will update this.
Thanks,
...Karl
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
diff -u -r ./auth2.c /openssh-2.5.2p2/auth2.c
--- ./auth2.c Sat May 5 13:52:11 2001
+++ /openssh-2.5.2p2/auth2.c Sat May 5 13:59:52 2001
@@ -186,6 +186,8 @@
Authorder *ao = NULL;
char *user, *service, *method, *style = NULL;
int authenticated = 0;
+ int r;
+ int tempuid;
if (authctxt == NULL)
fatal("input_userauth_request: no authctxt");
@@ -259,12 +261,37 @@
authenticated = 0;
#endif /* USE_PAM */
+ authctxt->partial = 0;
+/* Karl-->Carson: We could change this to a while if we want to let
matchuid
+ have subauth methods. */
if (authenticated && (ao->sub != NULL)) {
authctxt->partial = 1;
authenticated = 0;
lastauth = ao;
+#ifdef HAVE_CYGWIN
+ ao = ao->sub;
+ while (((r = strcmp("matchuid",ao->name)) != 0) && (ao->next != NULL))
+ ao = ao->next;
+ if ((r == 0) && (getuid() == authctxt->pw->pw_uid)) {
+ authctxt->partial = 0;
+ authenticated = 1;
+ }
+#endif
}
+#ifdef HAVE_CYGWIN
+/* Karl-->Corinna: I have removed the check_nt_calls from everything but
+ userauth_passwd. I want to make sure that we have a
+ password if we need it. Is there a better way to do this? */
+ if (authenticated) {
+ tempuid = getuid();
+ setuid(authctxt->pw->pw_uid);
+ if (getuid() != authctxt->pw->pw_uid)
+ authenticated = 0;
+ setuid(tempuid);
+ }
+#endif
+
/* Log before sending the reply */
auth_log(authctxt, authenticated, method, " ssh2");
@@ -381,10 +408,6 @@
if (authctxt->valid == 0)
return(0);
-#ifdef HAVE_CYGWIN
- if (check_nt_auth(1, authctxt->pw->pw_uid) == 0)
- return(0);
-#endif
#ifdef USE_PAM
return auth_pam_password(authctxt->pw, "");
#elif defined(HAVE_OSF_SIA)
@@ -445,10 +468,6 @@
#endif
xfree(lang);
xfree(devs);
-#ifdef HAVE_CYGWIN
- if (check_nt_auth(0, authctxt->pw->pw_uid) == 0)
- return(0);
-#endif
return authenticated;
}
@@ -551,10 +570,6 @@
debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
xfree(pkalg);
xfree(pkblob);
-#ifdef HAVE_CYGWIN
- if (check_nt_auth(0, authctxt->pw->pw_uid) == 0)
- return(0);
-#endif
return authenticated;
}
@@ -638,7 +653,8 @@
r = 1;
} else {
as = ao->sub;
- while ((r = strncmp(as->name, cp, i)) != 0) {
+/* Karl-->Carson: Needs to be case insensitive for the way servconf.c is
now. */
+ while ((r = strncasecmp(as->name, cp, i)) !=
+0) {
if (as->next != NULL) {
as = as->next;
} else {
@@ -664,7 +680,8 @@
break;
case ',':
ao = authorder;
- while(((r = strncmp(ao->name, cp, i)) != 0) &&
(ao->next != NULL)) {
+/* Karl-->Carson: Needs to be case insensitive for the way servconf.c is
now. */
+ while(((r = strncasecmp(ao->name, cp, i)) != 0) &&
+(ao->next != NULL))
{
ao = ao->next;
}
if (r != 0) {
@@ -704,18 +721,39 @@
}
as = ao;
+#ifdef HAVE_CYGWIN
+ if (strcmp("matchuid",as->name) != 0)
+#endif
size = strlen(as->name) + 1;
while (as->next != NULL) {
as = as->next;
+#ifdef HAVE_CYGWIN
+ if (strcmp("matchuid",as->name) != 0)
+#endif
size += strlen(as->name) + 1;
}
+#ifdef HAVE_CYGWIN
+ if (size == 0)
+ fatal("authmethods_get_new: no authmethods");
+#endif
+/* Karl-->Carson: No need for "size++;" here, is there? */
size++; /* trailing '\0' */
list = xmalloc(size);
+#ifdef HAVE_CYGWIN
+ if (strcmp("matchuid",ao->name) == 0)
+ ao = ao->next;
+#endif
strlcpy(list, ao->name, size);
while(ao->next != NULL) {
ao = ao->next;
+#ifdef HAVE_CYGWIN
+ if (strcmp("matchuid",ao->name) != 0) {
+#endif
strlcat(list, DELIM, size);
strlcat(list, ao->name, size);
+#ifdef HAVE_CYGWIN
+ }
+#endif
}
return list;
}
diff -u -r ./defines.h /openssh-2.5.2p2/defines.h
--- ./defines.h Mon Mar 19 17:49:22 2001
+++ /openssh-2.5.2p2/defines.h Fri May 4 20:49:04 2001
@@ -436,7 +436,7 @@
* configure.in sets this for a few OS's which are known to have problems
* but you may need to set it yourself
*/
-/* #define USE_PIPES 1 */
+#define USE_PIPES 1
/**
** login recorder definitions
diff -u -r ./openbsd-compat/strmode.c
/openssh-2.5.2p2/openbsd-compat/strmode.c
--- ./openbsd-compat/strmode.c Wed Jan 31 12:52:04 2001
+++ /openssh-2.5.2p2/openbsd-compat/strmode.c Fri May 4 20:34:46 2001
@@ -42,6 +42,15 @@
#include <sys/stat.h>
#include <string.h>
+#ifdef HAVE_CYGWIN
+#undef S_IXUSR
+#undef S_IXGRP
+#undef S_IXOTH
+#define S_IXUSR 0100
+#define S_IXGRP 0010
+#define S_IXOTH 0001
+#endif
+
void
strmode(mode, p)
register mode_t mode;
diff -u -r ./servconf.c /openssh-2.5.2p2/servconf.c
--- ./servconf.c Sat May 5 13:52:11 2001
+++ /openssh-2.5.2p2/servconf.c Sat May 5 13:36:09 2001
@@ -759,11 +759,25 @@
case sAuthOrder:
arg = strdelim(&cp);
+/* Karl-->Carson: Should whitespace be removed before processing? */
+/* Karl-->Carson: Perhaps we should just remove whitespace and convert
+ everything to lowercase to simplify the remaining code
+ here and in auth2.c? */
+/* Karl-->Carson: These comparisons need to be case insensitive somehow. */
if ((strstr(arg,":none") != NULL) || (strstr(arg,"none:") !=
NULL)){
fprintf(stderr, "%s line %d: none may not be or have a
subauth
method\n",
filename, linenum);
exit(1);
}
+#ifdef HAVE_CYGWIN
+/* Karl-->Carson: These comparisons need to be case insensitive somehow. */
+ if ((strncasecmp(arg,"matchuid",8) == 0) ||
+(strstr(arg,",matchuid") !=
NULL) ||
+ (strstr(arg,"matchuid:") != NULL)){
+ fprintf(stderr, "%s line %d: matchuid must be and not
+have a subauth
method\n",
+ filename, linenum);
+ exit(1);
+ }
+#endif
{
int i, match;
char *mycp;
@@ -778,6 +792,10 @@
match = 1;
} else if
(strncasecmp(mycp,"keyboard-interactive",i) == 0) {
match = 1;
+#ifdef HAVE_CYGWIN
+ } else if (strncasecmp(mycp,"matchuid",i) ==
+0) {
+ match = 1;
+#endif
}
if (match == 0) {
mycp[i]='\0';
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple
