search for: pw_uid

...reset by peer"). This could be used by a malicious remote client to enumerate the user names on the Cygwin server machine. The cause is that the Cygwin specific function check_nt_auth() is called in auth1.c and auth2.c with implicitly dereferencing the pointer to struct passwd to get the pw_uid member as parameter. This struct passwd pointer can be NULL if the user isn't found in /etc/passwd. Other similar funcs as auth_pam_password() are called getting the structy passwd pointer itself as parameter, testing it for NULL inside of the function. Changing the check_nt_auth() to behave...

...ssage ---------- Subject: privsep in ssh Date: Fri, 19 Sep 2003 12:22 From: Russell Coker <russell at coker.com.au> To: SE Linux <selinux at tycho.nsa.gov> Cc: Colin Watson <cjwatson at debian.org> #ifdef DISABLE_FD_PASSING if (1) { #else if (authctxt->pw->pw_uid == 0 || options.use_login) { #endif /* File descriptor passing is broken or root login */ monitor_apply_keystate(pmonitor); use_privsep = 0; return; } When browsing the ssh source I noticed the above in sshd.c. It appears fro...

Hi All, While testing another patch, I found that I could not longer log in as root, even if PermitRootLogin was yes. It seems to be the following code in auth_password: $ cvs diff -r1.48 -r1.49 auth-passwd.c [snip] #ifndef HAVE_CYGWIN - if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) + if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_NO_PASSWD) return 0; #endif [snip] Was this intentional? -Daz. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF...

...c --- uidswap.c 6 Sep 2003 06:44:39 -0000 1.39 +++ uidswap.c 16 Sep 2003 14:47:54 -0000 @@ -191,10 +191,12 @@ permanently_set_uid(struct passwd *pw) (u_int)pw->pw_gid); } +#ifdef HAVE_CYGWIN /* Try restoration of UID if changed (test clearing of saved uid) */ if (old_uid != pw->pw_uid && (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) fatal("%s: was able to restore old [e]uid", __func__); +#endif /* Verify UID drop was successful */ if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) { -- Corinna Vinschen Cygwin Developer Red Hat,...

A change was recently introduced into uidswap.c to cover the case where the user is root. The change is "&& pw->pw_uid != 0 &&". /* Try restoration of GID if changed (test clearing of saved gid) */ if (old_gid != pw->pw_gid && pw->pw_uid != 0 && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) fatal("%s: was able to restore old...

All, Could someone explain the purpose of the uidswap functions with respect to ssh ( the client ). From what I gathered , ssh installs as setuid root and swaps ids when reading potential key files that may be read only by root. Also , I think when binding to a privileged port ssh swaps id. Is that so? What are the consequnences if you do not install ssh setuid root? ( As far I as know no uid

...debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno)); #endif /* SAVED_IDS_WORK_WITH_SETEUID */ if (setegid(pw->pw_gid) < 0) fatal("setegid %u: %.100s", (u_int) pw->pw_gid, strerror(errno)); if (seteuid(pw->pw_uid) == -1) fatal("seteuid %u: %.100s", (u_int) pw->pw_uid, strerror(errno)); ----- It now looks like: ----- #ifdef SAVED_IDS_WORK_WITH_SETEUID if (setegid(pw->pw_gid) < 0) fatal("setegid %u: %.100s", (u_int) pw...

...ifdef HAVE_CYGWIN - if (is_winnt) { + { #else /* HAVE_CYGWIN */ if (getuid() == 0 || geteuid() == 0) { #endif /* HAVE_CYGWIN */ @@ -1257,6 +1257,9 @@ do_setusercontext(struct passwd *pw) permanently_set_uid(pw); #endif } +#ifdef HAVE_CYGWIN + if (is_winnt) +#endif if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); } -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:vinschen at redhat.com

...= -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, strerror(errno)); if (chdir("/") == -1) fatal("chdir(\"/\"): %s", strerror(errno)); /* Drop our privileges */ debug3("privsep user:group %u:%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); +#if 0 + /* XXX not ready, to heavy after chroot */ do_setusercontext(pw); +#else + { + gid_t gidset[2]; + + gidset[0] = pw->pw_gid; + if (setgid(pw->pw_gid) < 0) + fatal("setgid failed for %u", pw->pw_gid ); + if (setgroups(1, gidset) &lt...

....40 +++ auth1.c 2001/05/23 09:40:49 @@ -313,14 +313,7 @@ do_authloop(Authctxt *authctxt) fatal("INTERNAL ERROR: authenticated invalid user %s", authctxt->user); -#ifdef HAVE_CYGWIN - if (authenticated && - !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) { - packet_disconnect("Authentication rejected for uid %d.", - (int)pw->pw_uid); - authenticated = 0; - } -#else +#ifndef HAVE_CYGWIN /* Special handling for root */ if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed(get_aut...

...thor 314 : /u/sco/source/openssh-2.5.1p1 # diff session.c session.drk.c 1024a1025,1031 > /* DRK: moved this stuff up higher */ > #if defined(HAVE_GETLUID) && defined(HAVE_SETLUID) > /* Sets login uid for accounting */ > if (getluid() == -1 && setluid(pw->pw_uid) == -1) > error("setluid: %s", strerror(errno)); > #endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */ > 1128,1133d1134 < < #if defined(HAVE_GETLUID) && defined(HAVE_SETLUID) < /* Sets login uid for accounting */ < if...

...the effective user * id is not root, this does nothing. This call cannot be nested. @@ -44,42 +48,57 @@ void temporarily_use_uid(struct passwd *pw) { - /* Save the current euid, and egroups. */ - saved_euid = geteuid(); - debug("temporarily_use_uid: %d/%d (e=%d)", - pw->pw_uid, pw->pw_gid, saved_euid); - if (saved_euid != 0) { - privileged = 0; - return; - } - privileged = 1; - temporarily_use_uid_effective = 1; + /* Save the current euid, and egroups. */ +#ifdef SAVED_IDS_WORK_WITH_SETEUID + saved_euid = geteuid(); saved_egid = getegid(); - saved_egroupslen...

...k uid sharing is a standard unix feature. however, i think that we should drop this: authlog("%s %s for %s%.100s from %.200s port %d%s", authmsg, method, authctxt->valid ? "" : "illegal user ", authctxt->valid && authctxt->pw->pw_uid == 0 ? "ROOT" : authctxt->user, get_remote_ipaddr(), get_remote_port(), info); and not print ROOT in caps: authlog("%s %s for %s%.100s from %.200s port %d%s", authmsg, method, authctxt->valid ? "" : "illegal user ",...

...1053,7 +1053,7 @@ if (pid < 0) error("fork: %.100s", strerror(errno)); else - debug("Forked child %d.", pid); + debug("Forked child %ld.", (long)pid); close(startup_p[1]); Index: sshpty.c @@ -318,12 +318,12 @@ if (st.st_uid != pw->pw_uid || st.st_gid != gid) { if (chown(ttyname, pw->pw_uid, gid) < 0) { if (errno == EROFS && st.st_uid == pw->pw_uid) - error("chown(%.100s, %d, %d) failed: %.100s", - ttyname, pw->pw_uid, gid, + error("chown(%.100s, %ld, %ld) failed: %.100s"...

..._ip, hosts, strlen(hosts)); + } + login_close(lc); + if (denied) { + log("Denied connection for %.200s from %.200s [%.200s].", + pw->pw_name, from_host, from_ip); + packet_disconnect("Sorry, you are not allowed to connect."); + } +#endif /* LOGIN_CAP */ + + if (pw->pw_uid == 0) + log("ROOT LOGIN as '%.100s' from %.100s", + pw->pw_name, get_canonical_hostname()); + /* The user has been authenticated and accepted. */ packet_start(SSH_SMSG_SUCCESS); packet_send(); @@ -2086,6 +2125,11 @@ login_cap_t *lc; char *fname; #endif /* LOGIN...

...ECT + prid_t projid; +#endif /* WITH_IRIX_PROJECT */ +#ifdef WITH_IRIX_JOBS + jid_t jid = 0; +#else +# ifdef WITH_IRIX_ARRAY + int jid = 0; +# endif /* WITH_IRIX_ARRAY */ +#endif /* WITH_IRIX_JOBS */ + +#ifdef WITH_IRIX_JOBS + jid = jlimit_startjob(pw->pw_name, pw->pw_uid, "interactive"); + if (jid == -1) + fatal("Failed to create job container: %.100s", + strerror(errno)); +#endif /* WITH_IRIX_JOBS */ +#ifdef WITH_IRIX_ARRAY + /* initialize array session */ + if (jid == 0 && newarra...

...t;Closing connection to %.100s", get_remote_ipaddr()); authentication_type = SSH_AUTH_PASSWORD; authenticated = 1; break; @@ -2708,14 +2746,14 @@ } /* Check if the user is logging in as root and root logins are disallowed. */ - if (pw->pw_uid == UID_ROOT && options.permit_root_login == 1) + if (pw->pw_uid == UID_ROOT && options.permit_root_login == 1 && !lets_log) { if (authentication_type == SSH_AUTH_PASSWORD) packet_disconnect("ROOT LOGIN REFUSED FROM %.200s",...

...======= RCS file: sshpty.c,v retrieving revision 2.9.9.2 retrieving revision 2.9.9.2.0.1 diff -pu -r2.9.9.2 -r2.9.9.2.0.1 --- sshpty.c 2001/08/14 20:41:35 2.9.9.2 +++ sshpty.c 2001/09/28 18:37:50 2.9.9.2.0.1 @@ -381,12 +381,12 @@ pty_setowner(struct passwd *pw, const ch if (chown(ttyname, pw->pw_uid, gid) < 0) { if (errno == EROFS && (st.st_uid == pw->pw_uid || st.st_uid == 0)) - error("chown(%.100s, %d, %d) failed: %.100s", - ttyname, pw->pw_uid, gid, + error("chown(%.100s, %ld, %ld) failed: %.100s", + ttyname, (long)pw-...

...__int64_t jid_t; +extern jid_t jlimit_startjob(char *, uid_t, char *); +# pragma optional jlimit_startjob +# endif #endif #ifdef WITH_IRIX_AUDIT #include <sat.h> @@ -27,10 +33,15 @@ #endif /* WITH_IRIX_JOBS */ #ifdef WITH_IRIX_JOBS - jid = jlimit_startjob(pw->pw_name, pw->pw_uid, "interactive"); - if (jid == -1) - fatal("Failed to create job container: %.100s", - strerror(errno)); + if (_MIPS_SYMBOL_PRESENT(jlimit_startjob)) { + jid = jlimit_startjob(pw->pw_name, pw->pw_uid, "inte...

...300 +++ serverloop.c 2009-10-21 10:53:09.000000000 +0300 @@ -1119,9 +1119,9 @@ if (!options.allow_tcp_forwarding || no_port_forwarding_flag || (!want_reply && listen_port == 0) #ifndef NO_IPPORT_RESERVED_CONCEPT - || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0) + || (listen_port !=0 && listen_port < IPPORT_RESERVED && pw->pw_uid != 0) #endif ) { success = 0; packet_send_debug("Server has disabled port forwarding."); -- Ari Hyttinen