diff -u -r ./auth2.c /openssh-2.5.2p2/auth2.c --- ./auth2.c Sat May 5 13:52:11 2001 +++ /openssh-2.5.2p2/auth2.c Sat May 5 13:59:52 2001 @@ -186,6 +186,8 @@ Authorder *ao = NULL; char *user, *service, *method, *style = NULL; int authenticated = 0; + int r; + int tempuid; if (authctxt == NULL) fatal("input_userauth_request: no authctxt"); @@ -259,12 +261,37 @@ authenticated = 0; #endif /* USE_PAM */ + authctxt->partial = 0; +/* Karl-->Carson: We could change this to a while if we want to let matchuid + have subauth methods. */ if (authenticated && (ao->sub != NULL)) { authctxt->partial = 1; authenticated = 0; lastauth = ao; +#ifdef HAVE_CYGWIN + ao = ao->sub; + while (((r = strcmp("matchuid",ao->name)) != 0) && (ao->next != NULL)) + ao = ao->next; + if ((r == 0) && (getuid() == authctxt->pw->pw_uid)) { + authctxt->partial = 0; + authenticated = 1; + } +#endif } +#ifdef HAVE_CYGWIN +/* Karl-->Corinna: I have removed the check_nt_calls from everything but + userauth_passwd. I want to make sure that we have a + password if we need it. Is there a better way to do this? */ + if (authenticated) { + tempuid = getuid(); + setuid(authctxt->pw->pw_uid); + if (getuid() != authctxt->pw->pw_uid) + authenticated = 0; + setuid(tempuid); + } +#endif + /* Log before sending the reply */ auth_log(authctxt, authenticated, method, " ssh2"); @@ -381,10 +408,6 @@ if (authctxt->valid == 0) return(0); -#ifdef HAVE_CYGWIN - if (check_nt_auth(1, authctxt->pw->pw_uid) == 0) - return(0); -#endif #ifdef USE_PAM return auth_pam_password(authctxt->pw, ""); #elif defined(HAVE_OSF_SIA) @@ -445,10 +468,6 @@ #endif xfree(lang); xfree(devs); -#ifdef HAVE_CYGWIN - if (check_nt_auth(0, authctxt->pw->pw_uid) == 0) - return(0); -#endif return authenticated; } @@ -551,10 +570,6 @@ debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg); xfree(pkalg); xfree(pkblob); -#ifdef HAVE_CYGWIN - if (check_nt_auth(0, authctxt->pw->pw_uid) == 0) - return(0); -#endif return authenticated; } @@ -638,7 +653,8 @@ r = 1; } else { as = ao->sub; - while ((r = strncmp(as->name, cp, i)) != 0) { +/* Karl-->Carson: Needs to be case insensitive for the way servconf.c is now. */ + while ((r = strncasecmp(as->name, cp, i)) != 0) { if (as->next != NULL) { as = as->next; } else { @@ -664,7 +680,8 @@ break; case ',': ao = authorder; - while(((r = strncmp(ao->name, cp, i)) != 0) && (ao->next != NULL)) { +/* Karl-->Carson: Needs to be case insensitive for the way servconf.c is now. */ + while(((r = strncasecmp(ao->name, cp, i)) != 0) && (ao->next != NULL)) { ao = ao->next; } if (r != 0) { @@ -704,18 +721,39 @@ } as = ao; +#ifdef HAVE_CYGWIN + if (strcmp("matchuid",as->name) != 0) +#endif size = strlen(as->name) + 1; while (as->next != NULL) { as = as->next; +#ifdef HAVE_CYGWIN + if (strcmp("matchuid",as->name) != 0) +#endif size += strlen(as->name) + 1; } +#ifdef HAVE_CYGWIN + if (size == 0) + fatal("authmethods_get_new: no authmethods"); +#endif +/* Karl-->Carson: No need for "size++;" here, is there? */ size++; /* trailing '\0' */ list = xmalloc(size); +#ifdef HAVE_CYGWIN + if (strcmp("matchuid",ao->name) == 0) + ao = ao->next; +#endif strlcpy(list, ao->name, size); while(ao->next != NULL) { ao = ao->next; +#ifdef HAVE_CYGWIN + if (strcmp("matchuid",ao->name) != 0) { +#endif strlcat(list, DELIM, size); strlcat(list, ao->name, size); +#ifdef HAVE_CYGWIN + } +#endif } return list; } diff -u -r ./defines.h /openssh-2.5.2p2/defines.h --- ./defines.h Mon Mar 19 17:49:22 2001 +++ /openssh-2.5.2p2/defines.h Fri May 4 20:49:04 2001 @@ -436,7 +436,7 @@ * configure.in sets this for a few OS's which are known to have problems * but you may need to set it yourself */ -/* #define USE_PIPES 1 */ +#define USE_PIPES 1 /** ** login recorder definitions diff -u -r ./openbsd-compat/strmode.c /openssh-2.5.2p2/openbsd-compat/strmode.c --- ./openbsd-compat/strmode.c Wed Jan 31 12:52:04 2001 +++ /openssh-2.5.2p2/openbsd-compat/strmode.c Fri May 4 20:34:46 2001 @@ -42,6 +42,15 @@ #include #include +#ifdef HAVE_CYGWIN +#undef S_IXUSR +#undef S_IXGRP +#undef S_IXOTH +#define S_IXUSR 0100 +#define S_IXGRP 0010 +#define S_IXOTH 0001 +#endif + void strmode(mode, p) register mode_t mode; diff -u -r ./servconf.c /openssh-2.5.2p2/servconf.c --- ./servconf.c Sat May 5 13:52:11 2001 +++ /openssh-2.5.2p2/servconf.c Sat May 5 13:36:09 2001 @@ -759,11 +759,25 @@ case sAuthOrder: arg = strdelim(&cp); +/* Karl-->Carson: Should whitespace be removed before processing? */ +/* Karl-->Carson: Perhaps we should just remove whitespace and convert + everything to lowercase to simplify the remaining code + here and in auth2.c? */ +/* Karl-->Carson: These comparisons need to be case insensitive somehow. */ if ((strstr(arg,":none") != NULL) || (strstr(arg,"none:") != NULL)){ fprintf(stderr, "%s line %d: none may not be or have a subauth method\n", filename, linenum); exit(1); } +#ifdef HAVE_CYGWIN +/* Karl-->Carson: These comparisons need to be case insensitive somehow. */ + if ((strncasecmp(arg,"matchuid",8) == 0) || (strstr(arg,",matchuid") != NULL) || + (strstr(arg,"matchuid:") != NULL)){ + fprintf(stderr, "%s line %d: matchuid must be and not have a subauth method\n", + filename, linenum); + exit(1); + } +#endif { int i, match; char *mycp; @@ -778,6 +792,10 @@ match = 1; } else if (strncasecmp(mycp,"keyboard-interactive",i) == 0) { match = 1; +#ifdef HAVE_CYGWIN + } else if (strncasecmp(mycp,"matchuid",i) == 0) { + match = 1; +#endif } if (match == 0) { mycp[i]='\0';