- (djm) Update CygWin support from Corinna Vinschen <vinschen@cygnus.com>

5 files changed, 84 insertions, 24 deletions

diff --git a/ChangeLog b/ChangeLog
index 507469ab..b298318e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,5 @@
 20000916
+ - (djm) Update CygWin support from Corinna Vinschen <vinschen@cygnus.com>
  - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage.
    Patch from Larry Jones <larry.jones@sdrc.com>
  - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM 
diff --git a/auth1.c b/auth1.c
index 43faa67f..99639b59 100644
--- a/auth1.c
+++ b/auth1.c
@@ -29,11 +29,6 @@ RCSID("$OpenBSD: auth1.c,v 1.4 2000/09/07 20:27:49 deraadt Exp $");
 # include <siad.h>
 #endif
 
-#ifdef HAVE_CYGWIN
-#include <windows.h>
-#define is_winnt       (GetVersion() < 0x80000000)
-#endif
-
 /* import */
 extern ServerOptions options;
 extern char *forced_command;
@@ -383,16 +378,8 @@ do_authloop(struct passwd * pw)
 		}
 
 #ifdef HAVE_CYGWIN
-		/*
-		 * The only authentication which is able to change the user
-		 * context on NT systems is the password authentication. So
-		 * we deny all requsts for changing the user context if another
-		 * authentication method is used.
-		 * This may change in future when a special openssh
-		 * subauthentication package is available.
-		 */
-		if (is_winnt && type != SSH_CMSG_AUTH_PASSWORD &&
-		    authenticated && geteuid() != pw->pw_uid) {
+		if (authenticated &&
+		    !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) {
 			packet_disconnect("Authentication rejected for uid %d.",
 					  (int) pw->pw_uid);
 			authenticated = 0;
diff --git a/auth2.c b/auth2.c
index 804afd8d..8b0a4bc6 100644
--- a/auth2.c
+++ b/auth2.c
@@ -182,6 +182,15 @@ input_userauth_request(int type, int plen)
 			authenticated =	ssh2_auth_pubkey(pw, service);
 		}
 	}
+
+#ifdef HAVE_CYGWIN
+	if (authenticated && !check_nt_auth(strcmp(method, "password") == 0, pw->pw_uid)) {
+		packet_disconnect("Authentication rejected for uid %d.",
+				  (int) pw->pw_uid);
+		authenticated = 0;
+	}
+#endif
+
 	if (authenticated && pw && pw->pw_uid == 0 && !options.permit_root_login) {
 		authenticated = 0;
 		log("ROOT LOGIN REFUSED FROM %.200s",
@@ -189,8 +198,8 @@ input_userauth_request(int type, int plen)
 	}
 
 #ifdef USE_PAM
-		if (authenticated && !do_pam_account(pw->pw_name, NULL))
-			authenticated = 0;
+	if (authenticated && !do_pam_account(pw->pw_name, NULL))
+		authenticated = 0;
 #endif /* USE_PAM */
 
 	/* Raise logging level */
diff --git a/authfile.c b/authfile.c
index 0a5bae96..66bdc0ef 100644
--- a/authfile.c
+++ b/authfile.c
@@ -479,12 +479,10 @@ load_private_key(const char *filename, const char *passphrase, Key *key,
 	if (fd < 0)
 		return 0;
 
-#ifndef HAVE_CYGWIN
-	/*
-	 * check owner and modes.
-	 * This won't work on Windows under all circumstances so we drop
-	 * that check for now.
-	 */
+	/* check owner and modes.  */
+#ifdef HAVE_CYGWIN
+        if (check_ntsec(filename))
+#endif
 	if (fstat(fd, &st) < 0 ||
 	    (st.st_uid != 0 && st.st_uid != getuid()) ||
 	    (st.st_mode & 077) != 0) {
@@ -497,7 +495,6 @@ load_private_key(const char *filename, const char *passphrase, Key *key,
 		error("It is recommended that your private key files are NOT accessible by others.");
 		return 0;
 	}
-#endif
 	switch (key->type) {
 	case KEY_RSA:
 		if (key->rsa->e != NULL) {
diff --git a/cygwin_util.c b/cygwin_util.c
index 13bd6634..88748c4f 100644
--- a/cygwin_util.c
+++ b/cygwin_util.c
@@ -18,6 +18,10 @@
 #ifdef HAVE_CYGWIN
 #include <fcntl.h>
 #include <io.h>
+#include <stdlib.h>
+#include <sys/vfs.h>
+#include <windows.h>
+#define is_winnt       (GetVersion() < 0x80000000)
 
 int binary_open(const char *filename, int flags, mode_t mode)
 {
@@ -31,5 +35,67 @@ int binary_pipe(int fd[2])
                setmode (fd[0], O_BINARY);
                setmode (fd[1], O_BINARY);
        }
+       return ret;
+}
+
+int check_nt_auth (int pwd_authenticated, uid_t uid)
+{
+	/*
+	 * The only authentication which is able to change the user
+	 * context on NT systems is the password authentication. So
+	 * we deny all requsts for changing the user context if another
+	 * authentication method is used.
+	 * This may change in future when a special openssh
+	 * subauthentication package is available.
+	 */
+	if (is_winnt && !pwd_authenticated && geteuid() != uid)
+		return 0;
+	return 1;
+}
+
+int check_ntsec (const char *filename)
+{
+	char *cygwin;
+	int allow_ntea = 0;
+	int allow_ntsec = 0;
+	struct statfs fsstat;
+
+	/* Windows 95/98/ME don't support file system security at all. */
+	if (!is_winnt)
+		return 0;
+
+	/* Evaluate current CYGWIN settings. */
+	if ((cygwin = getenv("CYGWIN")) != NULL) {
+		if (strstr(cygwin, "ntea") && !strstr(cygwin, "nontea"))
+			allow_ntea = 1;
+		if (strstr(cygwin, "ntsec") && !strstr(cygwin, "nontsec"))
+			allow_ntsec = 1;
+	}
+
+	/*
+	 * `ntea' is an emulation of POSIX attributes. It doesn't support
+	 * real file level security as ntsec on NTFS file systems does
+	 * but it supports FAT filesystems. `ntea' is minimum requirement
+	 * for security checks.
+	 */
+	if (allow_ntea)
+		return 1;
+
+	/*
+	 * Retrieve file system flags. In Cygwin, file system flags are
+	 * copied to f_type which has no meaning in Win32 itself.
+	 */
+	if (statfs(filename, &fsstat))
+		return 1;
+
+	/*
+	 * Only file systems supporting ACLs are able to set permissions.
+	 * `ntsec' is the setting in Cygwin which switches using of NTFS
+	 * ACLs to support POSIX permissions on files.
+	 */
+	if (fsstat.f_type & FS_PERSISTENT_ACLS)
+		return allow_ntsec;
+
+	return 0;
 }
 #endif