[PATCH] Two Cygwin related patches

Corinna Vinschen vinschen at redhat.com
Sat Nov 9 20:32:16 EST 2002


Hi,

the attached patch file contains two patches in one:

- contrib/cygwin/ssh-host-config: Create sshd_config according to latest
  changes.

- openbsd-compat/bsd-cygwin_util.c: Rewrite a bit to allow easier retrieval
  of Cygwin capabilities from version number (uname).  For Cygwin versions
  beginning with API minor version 56 assume ntsec being on by default.

Thanks in advance for applying this patch,
Corinna

-- 
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com
-------------- next part --------------
Index: contrib/cygwin/ssh-host-config
===================================================================
RCS file: /cvs/openssh_cvs/contrib/cygwin/ssh-host-config,v
retrieving revision 1.9
diff -u -p -r1.9 ssh-host-config
--- contrib/cygwin/ssh-host-config	10 Jul 2002 14:40:12 -0000	1.9
+++ contrib/cygwin/ssh-host-config	9 Nov 2002 09:25:09 -0000
@@ -378,6 +378,8 @@ then
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
 
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
 # The strategy used for options in the default sshd_config shipped with
 # OpenSSH is to specify options with their default value where
 # possible, but leave them commented.  Uncommented options change a
@@ -394,7 +396,7 @@ Port $port_number
 #HostKey ${SYSCONFDIR}/ssh_host_rsa_key
 #HostKey ${SYSCONFDIR}/ssh_host_dsa_key
 
-# Lifetime and size of ephemeral version 1 server ke
+# Lifetime and size of ephemeral version 1 server key
 #KeyRegenerationInterval 3600
 #ServerKeyBits 768
 
@@ -405,7 +407,7 @@ Port $port_number
 
 # Authentication:
 
-#LoginGraceTime 600
+#LoginGraceTime 120
 #PermitRootLogin yes
 # The following setting overrides permission checks on host key files
 # and directories. For security reasons set this to "yes" when running
@@ -414,11 +416,11 @@ StrictModes no
 
 #RSAAuthentication yes
 #PubkeyAuthentication yes
-#AuthorizedKeysFile     %h/.ssh/authorized_keys
+#AuthorizedKeysFile     .ssh/authorized_keys
 
 # rhosts authentication should not be used
 #RhostsAuthentication no
-# Don't read ~/.rhosts and ~/.shosts files
+# Don't read the user's ~/.rhosts and ~/.shosts files
 #IgnoreRhosts yes
 # For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts
 #RhostsRSAAuthentication no
@@ -443,6 +445,7 @@ StrictModes no
 #KeepAlive yes
 #UseLogin no
 UsePrivilegeSeparation $privsep_used
+#PermitUserEnvironment no
 #Compression yes
 
 #MaxStartups 10
Index: openbsd-compat/bsd-cygwin_util.c
===================================================================
RCS file: /cvs/openssh_cvs/openbsd-compat/bsd-cygwin_util.c,v
retrieving revision 1.8
diff -u -p -r1.8 bsd-cygwin_util.c
--- openbsd-compat/bsd-cygwin_util.c	15 Apr 2002 22:00:52 -0000	1.8
+++ openbsd-compat/bsd-cygwin_util.c	9 Nov 2002 09:25:09 -0000
@@ -43,6 +43,7 @@ RCSID("$Id: bsd-cygwin_util.c,v 1.8 2002
 #define is_winnt       (GetVersion() < 0x80000000)
 
 #define ntsec_on(c)	((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
+#define ntsec_off(c)	((c) && strstr((c),"nontsec"))
 #define ntea_on(c)	((c) && strstr((c),"ntea") && !strstr((c),"nontea"))
 
 #if defined(open) && open == binary_open
@@ -74,6 +75,56 @@ int binary_pipe(int fd[2])
 	return ret;
 }
 
+#define HAS_CREATE_TOKEN 1
+#define HAS_NTSEC_BY_DEFAULT 2
+
+static int has_capability(int what)
+{
+	/* has_capability() basically calls uname() and checks if
+	   specific capabilities of Cygwin can be evaluated from that.
+	   This simplifies the calling functions which only have to ask
+	   for a capability using has_capability() instead of having
+	   to figure that out by themselves. */
+	static int inited;
+	static int has_create_token;
+	static int has_ntsec_by_default;
+
+	if (!inited) {
+		struct utsname uts;
+		char *c;
+		
+		if (!uname(&uts)) {
+			int major_high = 0;
+			int major_low = 0;
+			int minor = 0;
+			int api_major_version = 0;
+			int api_minor_version = 0;
+			char *c;
+
+			sscanf(uts.release, "%d.%d.%d", &major_high,
+			       &major_low, &minor);
+			c = strchr(uts.release, '(');
+			if (c)
+				sscanf(c + 1, "%d.%d", &api_major_version,
+				       &api_minor_version);
+			if (major_high > 1 ||
+			    (major_high == 1 && (major_low > 3 ||
+			     (major_low == 3 && minor >= 2))))
+				has_create_token = 1;
+			if (api_major_version > 0 || api_minor_version >= 56)
+				has_ntsec_by_default = 1;
+			inited = 1;
+		}
+	}
+	switch (what) {
+	case HAS_CREATE_TOKEN:
+		return has_create_token;
+	case HAS_NTSEC_BY_DEFAULT:
+		return has_ntsec_by_default;
+	}
+	return 0;
+}
+
 int check_nt_auth(int pwd_authenticated, struct passwd *pw)
 {
 	/*
@@ -93,19 +144,14 @@ int check_nt_auth(int pwd_authenticated,
 		return 0;
 	if (is_winnt) {
 		if (has_create_token < 0) {
-			struct utsname uts;
-		        int major_high = 0, major_low = 0, minor = 0;
 			char *cygwin = getenv("CYGWIN");
 
 			has_create_token = 0;
-			if (ntsec_on(cygwin) && !uname(&uts)) {
-				sscanf(uts.release, "%d.%d.%d",
-				       &major_high, &major_low, &minor);
-				if (major_high > 1 ||
-				    (major_high == 1 && (major_low > 3 ||
-				     (major_low == 3 && minor >= 2))))
-					has_create_token = 1;
-			}
+			if (has_capability(HAS_CREATE_TOKEN) &&
+			    (ntsec_on(cygwin) ||
+			     (has_capability(HAS_NTSEC_BY_DEFAULT) &&
+			      !ntsec_off(cygwin))))
+				has_create_token = 1;
 		}
 		if (has_create_token < 1 &&
 		    !pwd_authenticated && geteuid() != pw->pw_uid)
@@ -128,7 +174,9 @@ int check_ntsec(const char *filename)
 	/* Evaluate current CYGWIN settings. */
 	cygwin = getenv("CYGWIN");
 	allow_ntea = ntea_on(cygwin);
-	allow_ntsec = ntsec_on(cygwin);
+	allow_ntsec = ntsec_on(cygwin) ||
+		      (has_capability(HAS_NTSEC_BY_DEFAULT) &&
+		       !ntsec_off(cygwin));
 
 	/*
 	 * `ntea' is an emulation of POSIX attributes. It doesn't support


More information about the openssh-unix-dev mailing list