This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: openssh AuthorizedKeysFile

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: cygwin-apps at cygwin dot com
Date: Mon, 9 Apr 2018 12:59:24 +0200
Subject: Re: openssh AuthorizedKeysFile
References: <87h8oonkax.fsf@Rainer.invalid> <20180409075209.GN18998@calimero.vinschen.de>
Reply-to: cygwin-apps at cygwin dot com

On Apr  9 09:52, Corinna Vinschen wrote:
> On Apr  6 22:37, Achim Gratz wrote:
> > 
> > I've got a new server for Cygwin @work and wanted to get the sshd to run
> > with StrictMode on (it's been off on the old server).  Long story short,
> > some accounts used for administrative tasks are contrained so that I
> > need to store the authorized_keys file directly on the server, so I
> > added /etc/ssh/%u/authorized_keys in front of the default
> > .ssh/authorized_keys.  Unfortunately that only works if the same
> > administrative account has been used to install Cygwin itself, lest sshd
> > declares the directory /etc/ssh unsafe (or use StrictMode=no).
> 
> What exactly doesn't work?  If it's the ownership of the dirs and
> files, chown will do the trick, no?
> 
> >   In my reading of the refactored
> > code it seems that the same effect could be achieved by defining
> > PLATFORM_SYS_DIR_UID appropriately (although I would prefer if that was
> > configurable somewhere in a file).  But it seems that for Cygwin that
> > symbol doesn't get defined at all?
> 
> No, so far it's a special feature for AIX and HP/UX only.  On these
> platforms certain dirs and files are owned by the bin user with uid 2.
> 
> The problem on Cygwin is that we don't have a fixed uid owning the
> entire system paths.  It always depends on the account used to create
> the system dirs, which can vary from installation to installation.  What
> you could do is adding a passwd entry with uid 0 for the account
> installing Cygwin and make sure that the files are always owned by this
> account (chown).
> 
> The only other way to fix this would be to define PLATFORM_SYS_DIR_UID
> to be a function call on Cygwin, which checks the account for... what?
> To be an admin account?  That sounds quite relaxed, but I don't see
> any other way.
> 
> Something like this [...]

Please try if this patch to openssh will do the trick for you.  I only
tested that it builds, but not if it works as desired.

From 6b493f7e9f5ab7c64fa56c84ea727d3d06a12c0f Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <vinschen@redhat.com>
Date: Mon, 9 Apr 2018 12:56:31 +0200
Subject: [PATCH] cygwin: add function call to provide OS-specific
 PLATFORM_SYS_DIR_UID

---
 configure.ac                     |  1 +
 openbsd-compat/bsd-cygwin_util.c | 25 +++++++++++++++++++++++++
 openbsd-compat/bsd-cygwin_util.h |  1 +
 3 files changed, 27 insertions(+)

diff --git a/configure.ac b/configure.ac
index 663062bef142..a5f68c367c92 100644
--- a/configure.ac
+++ b/configure.ac
@@ -626,6 +626,7 @@ case "$host" in
 		file descriptor passing])
 	AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
 	AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
+	AC_DEFINE([PLATFORM_SYS_DIR_UID], cygwin_valid_sys_dir_owner(uid), [System dirs owned by admin account])
 	# Cygwin defines optargs, optargs as declspec(dllimport) for historical
 	# reasons which cause compile warnings, so we disable those warnings.
 	OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c
index 398a5f617af5..0f5bb1a4448a 100644
--- a/openbsd-compat/bsd-cygwin_util.c
+++ b/openbsd-compat/bsd-cygwin_util.c
@@ -33,6 +33,7 @@
 #ifdef HAVE_CYGWIN
 
 #include <sys/types.h>
+#include <grp.h>
 #include <fcntl.h>
 #include <string.h>
 #include <unistd.h>
@@ -116,4 +117,28 @@ free_windows_environment(char **p)
 	free(p);
 }
 
+/* Check if current account is administrative account (aka member of
+ * group 544 "Administrators")
+ */
+uid_t
+cygwin_valid_sys_dir_owner(uid_t uid)
+{
+	int ngrps = 0;
+	gid_t *grps = NULL;
+	struct passwd *pw;
+
+	pw = getpwuid(uid);
+	if (!pw)
+	  return 0;
+
+	if (getgrouplist(pw->pw_name, pw->pw_gid, grps, &ngrps) < 0) {
+		grps = (gid_t *) alloca(sizeof (gid_t) * ngrps);
+		if (getgrouplist(pw->pw_name, pw->pw_gid, grps, &ngrps) < 0)
+			return 0;
+		while (--ngrps >= 0)
+			if (grps[ngrps] == 544)
+			  return uid;
+	}
+	return 0;
+}
 #endif /* HAVE_CYGWIN */
diff --git a/openbsd-compat/bsd-cygwin_util.h b/openbsd-compat/bsd-cygwin_util.h
index 9cef694b9a7c..e2d53f47defe 100644
--- a/openbsd-compat/bsd-cygwin_util.h
+++ b/openbsd-compat/bsd-cygwin_util.h
@@ -44,6 +44,7 @@ typedef void *HANDLE;
    windows headers, so we have to define them here explicitely. */
 extern HANDLE cygwin_logon_user (const struct passwd *, const char *);
 extern void cygwin_set_impersonation_token (const HANDLE);
+extern uid_t cygwin_valid_sys_dir_owner(uid_t uid);
 
 #include <sys/cygwin.h>
 #include <io.h>
-- 
2.14.3


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: signature.asc
Description: PGP signature

Follow-Ups:
- Re: openssh AuthorizedKeysFile
  - From: Corinna Vinschen

References:
- openssh AuthorizedKeysFile
  - From: Achim Gratz
- Re: openssh AuthorizedKeysFile
  - From: Corinna Vinschen

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]