[patch/cygwin] SSH_PRIVSEP_USER as function (was Re: SSH_PRIVSEP_USER configurable at runtime?)

Corinna Vinschen vinschen at redhat.com
Thu May 15 21:28:14 EST 2014 

On Apr  2 14:44, Corinna Vinschen wrote:
> On Apr  2 13:37, Peter Stuge wrote:
> > Corinna Vinschen wrote:
> > > On non-domain machines the account
> > > name will be "sshd", not "${machine}+sshd".  Except if the admin
> > > specifies that the domain is always prepended, which makes it
> > > "${machine}+sshd" again.  And if the admin specifies the separator char
> > > to be not '+' but, for instance '#', the account name will be
> > > "${machine}#sshd".
> > > 
> > > All that knowledge would have to go into sshd.c.
> > 
> > FWIW I think this is the right solution.
> 
> Hmm.  Come to think of it, SSH_PRIVSEP_USER could be defined as a macro
> calling a function which returns the username.  And configure.ac could
> define SSH_PRIVSEP_USER as, say, cygwin_privsep_user() by default, when
> built for Cygwin so the ugly details could be hidden in bsd-cygwin_util.c.
> 
> The Cygwin changes are still in an early stage of testing, but I'll
> come back to this.

Ok, after some mulling about, I prepared the below patch.  What it does
is this:

- The default replacement string for SSH_PRIVSEP_USER in configure.ac
  is now CYGWIN_SSH_PRIVSEP_USER, if the target is Cygwin.  This can
  still be overridden with --with-privsep-user=FOO.

- openbsd-compat/bsd-cygwin_util.h defines CYGWIN_SSH_PRIVSEP_USER
  as a function call cygwin_ssh_privsep_user().

- openbsd-compat/bsd-cygwin_util.c implements cygwin_ssh_privsep_user().
  The function fills a static buffer with a username fetched by calling
  an internal Cygwin function.  The function fills the buffer with the
  correct username, for instance "DOMAIN+sshd".  If the function fails
  (non-0 return value), the function falls back to the username "sshd".

  I just applied the required functionality to Cygwin's repository:
  https://cygwin.com/viewvc/src/winsup/cygwin/external.cc?r1=1.137&r2=1.138

  It will show up in the next official release 1.7.30.  The below
  patch makes sure that the code also compiles and falls back to the
  username "sshd", if its getting built under an older version of
  Cygwin.  Additionally, even if built for 1.7.30 and later it will
  still run under an older Cygwin version.

I hope that patch is ok to support the discussed account mapping
functionality.  I tried to implement it as non-intrusive as possible.


Thanks,
Corinna


Index: configure.ac
===================================================================
RCS file: /cvs/openssh/configure.ac,v
retrieving revision 1.573
diff -u -p -r1.573 configure.ac
--- configure.ac	15 May 2014 04:58:08 -0000	1.573
+++ configure.ac	15 May 2014 11:26:21 -0000
@@ -2872,7 +2872,14 @@ if test "x$PAM_MSG" = "xyes" ; then
 	])
 fi
 
-SSH_PRIVSEP_USER=sshd
+case "$host" in
+*-*-cygwin*)
+	SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
+	;;
+*)
+	SSH_PRIVSEP_USER=sshd
+	;;
+esac
 AC_ARG_WITH([privsep-user],
 	[  --with-privsep-user=user Specify non-privileged user for privilege separation],
 	[
@@ -2882,8 +2889,13 @@ AC_ARG_WITH([privsep-user],
 		fi
 	]
 )
-AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
-	[non-privileged user for privilege separation])
+if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
+	AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
+		[Cygwin function to fetch non-privileged user for privilege separation])
+else
+	AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
+		[non-privileged user for privilege separation])
+fi
 AC_SUBST([SSH_PRIVSEP_USER])
 
 if test "x$have_linux_no_new_privs" = "x1" ; then
Index: openbsd-compat/bsd-cygwin_util.c
===================================================================
RCS file: /cvs/openssh/openbsd-compat/bsd-cygwin_util.c,v
retrieving revision 1.26
diff -u -p -r1.26 bsd-cygwin_util.c
--- openbsd-compat/bsd-cygwin_util.c	1 Jun 2013 22:07:32 -0000	1.26
+++ openbsd-compat/bsd-cygwin_util.c	15 May 2014 11:26:22 -0000
@@ -57,6 +57,22 @@ check_ntsec(const char *filename)
 	return (pathconf(filename, _PC_POSIX_PERMISSIONS));
 }
 
+const char *
+cygwin_ssh_privsep_user()
+{
+  static char cyg_privsep_user[DNLEN + UNLEN + 2];
+
+  if (!cyg_privsep_user[0])
+    {
+#ifdef CW_CYGNAME_FROM_WINNAME
+      if (cygwin_internal (CW_CYGNAME_FROM_WINNAME, "sshd", cyg_privsep_user,
+			   sizeof cyg_privsep_user) != 0)
+#endif
+	strcpy (cyg_privsep_user, "sshd");
+    }
+  return cyg_privsep_user;
+}
+
 #define NL(x) x, (sizeof (x) - 1)
 #define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0]))
 
Index: openbsd-compat/bsd-cygwin_util.h
===================================================================
RCS file: /cvs/openssh/openbsd-compat/bsd-cygwin_util.h,v
retrieving revision 1.17
diff -u -p -r1.17 bsd-cygwin_util.h
--- openbsd-compat/bsd-cygwin_util.h	18 Jan 2014 10:04:00 -0000	1.17
+++ openbsd-compat/bsd-cygwin_util.h	15 May 2014 11:26:22 -0000
@@ -39,6 +39,8 @@
 /* Avoid including windows headers. */
 typedef void *HANDLE;
 #define INVALID_HANDLE_VALUE ((HANDLE) -1)
+#define DNLEN 16
+#define UNLEN 256
 
 /* Cygwin functions for which declarations are only available when including
    windows headers, so we have to define them here explicitely. */
@@ -48,6 +50,8 @@ extern void cygwin_set_impersonation_tok
 #include <sys/cygwin.h>
 #include <io.h>
 
+#define CYGWIN_SSH_PRIVSEP_USER (cygwin_ssh_privsep_user())
+const char *cygwin_ssh_privsep_user();
 
 int binary_open(const char *, int , ...);
 int check_ntsec(const char *);


-- 
Corinna Vinschen
Cygwin Maintainer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140515/10c5d234/attachment-0001.bin>

More information about the openssh-unix-dev mailing list