[patch/cygwin] SSH_PRIVSEP_USER as function (was Re: SSH_PRIVSEP_USER configurable at runtime?)

Corinna Vinschen vinschen at redhat.com
Wed May 21 18:13:30 EST 2014 

Ping?  It would be nice if we could discuss this patch further,
if it's not ok for inclusion.


Thanks,
Corinna


On May 15 13:28, Corinna Vinschen wrote:
> On Apr  2 14:44, Corinna Vinschen wrote:
> > On Apr  2 13:37, Peter Stuge wrote:
> > > Corinna Vinschen wrote:
> > > > On non-domain machines the account
> > > > name will be "sshd", not "${machine}+sshd".  Except if the admin
> > > > specifies that the domain is always prepended, which makes it
> > > > "${machine}+sshd" again.  And if the admin specifies the separator char
> > > > to be not '+' but, for instance '#', the account name will be
> > > > "${machine}#sshd".
> > > > 
> > > > All that knowledge would have to go into sshd.c.
> > > 
> > > FWIW I think this is the right solution.
> > 
> > Hmm.  Come to think of it, SSH_PRIVSEP_USER could be defined as a macro
> > calling a function which returns the username.  And configure.ac could
> > define SSH_PRIVSEP_USER as, say, cygwin_privsep_user() by default, when
> > built for Cygwin so the ugly details could be hidden in bsd-cygwin_util.c.
> > 
> > The Cygwin changes are still in an early stage of testing, but I'll
> > come back to this.
> 
> Ok, after some mulling about, I prepared the below patch.  What it does
> is this:
> 
> - The default replacement string for SSH_PRIVSEP_USER in configure.ac
>   is now CYGWIN_SSH_PRIVSEP_USER, if the target is Cygwin.  This can
>   still be overridden with --with-privsep-user=FOO.
> 
> - openbsd-compat/bsd-cygwin_util.h defines CYGWIN_SSH_PRIVSEP_USER
>   as a function call cygwin_ssh_privsep_user().
> 
> - openbsd-compat/bsd-cygwin_util.c implements cygwin_ssh_privsep_user().
>   The function fills a static buffer with a username fetched by calling
>   an internal Cygwin function.  The function fills the buffer with the
>   correct username, for instance "DOMAIN+sshd".  If the function fails
>   (non-0 return value), the function falls back to the username "sshd".
> 
>   I just applied the required functionality to Cygwin's repository:
>   https://cygwin.com/viewvc/src/winsup/cygwin/external.cc?r1=1.137&r2=1.138
> 
>   It will show up in the next official release 1.7.30.  The below
>   patch makes sure that the code also compiles and falls back to the
>   username "sshd", if its getting built under an older version of
>   Cygwin.  Additionally, even if built for 1.7.30 and later it will
>   still run under an older Cygwin version.
> 
> I hope that patch is ok to support the discussed account mapping
> functionality.  I tried to implement it as non-intrusive as possible.
> 
> 
> Thanks,
> Corinna
> 
> 
> Index: configure.ac
> ===================================================================
> RCS file: /cvs/openssh/configure.ac,v
> retrieving revision 1.573
> diff -u -p -r1.573 configure.ac
> --- configure.ac	15 May 2014 04:58:08 -0000	1.573
> +++ configure.ac	15 May 2014 11:26:21 -0000
> @@ -2872,7 +2872,14 @@ if test "x$PAM_MSG" = "xyes" ; then
>  	])
>  fi
>  
> -SSH_PRIVSEP_USER=sshd
> +case "$host" in
> +*-*-cygwin*)
> +	SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
> +	;;
> +*)
> +	SSH_PRIVSEP_USER=sshd
> +	;;
> +esac
>  AC_ARG_WITH([privsep-user],
>  	[  --with-privsep-user=user Specify non-privileged user for privilege separation],
>  	[
> @@ -2882,8 +2889,13 @@ AC_ARG_WITH([privsep-user],
>  		fi
>  	]
>  )
> -AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
> -	[non-privileged user for privilege separation])
> +if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
> +	AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
> +		[Cygwin function to fetch non-privileged user for privilege separation])
> +else
> +	AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
> +		[non-privileged user for privilege separation])
> +fi
>  AC_SUBST([SSH_PRIVSEP_USER])
>  
>  if test "x$have_linux_no_new_privs" = "x1" ; then
> Index: openbsd-compat/bsd-cygwin_util.c
> ===================================================================
> RCS file: /cvs/openssh/openbsd-compat/bsd-cygwin_util.c,v
> retrieving revision 1.26
> diff -u -p -r1.26 bsd-cygwin_util.c
> --- openbsd-compat/bsd-cygwin_util.c	1 Jun 2013 22:07:32 -0000	1.26
> +++ openbsd-compat/bsd-cygwin_util.c	15 May 2014 11:26:22 -0000
> @@ -57,6 +57,22 @@ check_ntsec(const char *filename)
>  	return (pathconf(filename, _PC_POSIX_PERMISSIONS));
>  }
>  
> +const char *
> +cygwin_ssh_privsep_user()
> +{
> +  static char cyg_privsep_user[DNLEN + UNLEN + 2];
> +
> +  if (!cyg_privsep_user[0])
> +    {
> +#ifdef CW_CYGNAME_FROM_WINNAME
> +      if (cygwin_internal (CW_CYGNAME_FROM_WINNAME, "sshd", cyg_privsep_user,
> +			   sizeof cyg_privsep_user) != 0)
> +#endif
> +	strcpy (cyg_privsep_user, "sshd");
> +    }
> +  return cyg_privsep_user;
> +}
> +
>  #define NL(x) x, (sizeof (x) - 1)
>  #define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0]))
>  
> Index: openbsd-compat/bsd-cygwin_util.h
> ===================================================================
> RCS file: /cvs/openssh/openbsd-compat/bsd-cygwin_util.h,v
> retrieving revision 1.17
> diff -u -p -r1.17 bsd-cygwin_util.h
> --- openbsd-compat/bsd-cygwin_util.h	18 Jan 2014 10:04:00 -0000	1.17
> +++ openbsd-compat/bsd-cygwin_util.h	15 May 2014 11:26:22 -0000
> @@ -39,6 +39,8 @@
>  /* Avoid including windows headers. */
>  typedef void *HANDLE;
>  #define INVALID_HANDLE_VALUE ((HANDLE) -1)
> +#define DNLEN 16
> +#define UNLEN 256
>  
>  /* Cygwin functions for which declarations are only available when including
>     windows headers, so we have to define them here explicitely. */
> @@ -48,6 +50,8 @@ extern void cygwin_set_impersonation_tok
>  #include <sys/cygwin.h>
>  #include <io.h>
>  
> +#define CYGWIN_SSH_PRIVSEP_USER (cygwin_ssh_privsep_user())
> +const char *cygwin_ssh_privsep_user();
>  
>  int binary_open(const char *, int , ...);
>  int check_ntsec(const char *);
> 
> 
> -- 
> Corinna Vinschen
> Cygwin Maintainer
> Red Hat



> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


-- 
Corinna Vinschen
Cygwin Maintainer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140521/f5398451/attachment.bin>

More information about the openssh-unix-dev mailing list