openssh AuthorizedKeysFile

Corinna Vinschen corinna-cygwin@cygwin.com
Mon Apr 9 14:09:00 GMT 2018 

On Apr  9 12:59, Corinna Vinschen wrote:
> On Apr  9 09:52, Corinna Vinschen wrote:
> > The problem on Cygwin is that we don't have a fixed uid owning the
> > entire system paths.  It always depends on the account used to create
> > the system dirs, which can vary from installation to installation.  What
> > you could do is adding a passwd entry with uid 0 for the account
> > installing Cygwin and make sure that the files are always owned by this
> > account (chown).
> > 
> > The only other way to fix this would be to define PLATFORM_SYS_DIR_UID
> > to be a function call on Cygwin, which checks the account for... what?
> > To be an admin account?  That sounds quite relaxed, but I don't see
> > any other way.
> > 
> > Something like this [...]
> 
> Please try if this patch to openssh will do the trick for you.  I only
> tested that it builds, but not if it works as desired.

On second thought...

This is dangerous.  Every path owned by any member of the admins group
is treated as safe path.  I.e., even the home dir of any admin user
is safe.

That doesn't sound desirable...


Corinna

> 
> From 6b493f7e9f5ab7c64fa56c84ea727d3d06a12c0f Mon Sep 17 00:00:00 2001
> From: Corinna Vinschen <vinschen@redhat.com>
> Date: Mon, 9 Apr 2018 12:56:31 +0200
> Subject: [PATCH] cygwin: add function call to provide OS-specific
>  PLATFORM_SYS_DIR_UID
> 
> ---
>  configure.ac                     |  1 +
>  openbsd-compat/bsd-cygwin_util.c | 25 +++++++++++++++++++++++++
>  openbsd-compat/bsd-cygwin_util.h |  1 +
>  3 files changed, 27 insertions(+)
> 
> diff --git a/configure.ac b/configure.ac
> index 663062bef142..a5f68c367c92 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -626,6 +626,7 @@ case "$host" in
>  		file descriptor passing])
>  	AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
>  	AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
> +	AC_DEFINE([PLATFORM_SYS_DIR_UID], cygwin_valid_sys_dir_owner(uid), [System dirs owned by admin account])
>  	# Cygwin defines optargs, optargs as declspec(dllimport) for historical
>  	# reasons which cause compile warnings, so we disable those warnings.
>  	OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
> diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c
> index 398a5f617af5..0f5bb1a4448a 100644
> --- a/openbsd-compat/bsd-cygwin_util.c
> +++ b/openbsd-compat/bsd-cygwin_util.c
> @@ -33,6 +33,7 @@
>  #ifdef HAVE_CYGWIN
>  
>  #include <sys/types.h>
> +#include <grp.h>
>  #include <fcntl.h>
>  #include <string.h>
>  #include <unistd.h>
> @@ -116,4 +117,28 @@ free_windows_environment(char **p)
>  	free(p);
>  }
>  
> +/* Check if current account is administrative account (aka member of
> + * group 544 "Administrators")
> + */
> +uid_t
> +cygwin_valid_sys_dir_owner(uid_t uid)
> +{
> +	int ngrps = 0;
> +	gid_t *grps = NULL;
> +	struct passwd *pw;
> +
> +	pw = getpwuid(uid);
> +	if (!pw)
> +	  return 0;
> +
> +	if (getgrouplist(pw->pw_name, pw->pw_gid, grps, &ngrps) < 0) {
> +		grps = (gid_t *) alloca(sizeof (gid_t) * ngrps);
> +		if (getgrouplist(pw->pw_name, pw->pw_gid, grps, &ngrps) < 0)
> +			return 0;
> +		while (--ngrps >= 0)
> +			if (grps[ngrps] == 544)
> +			  return uid;
> +	}
> +	return 0;
> +}
>  #endif /* HAVE_CYGWIN */
> diff --git a/openbsd-compat/bsd-cygwin_util.h b/openbsd-compat/bsd-cygwin_util.h
> index 9cef694b9a7c..e2d53f47defe 100644
> --- a/openbsd-compat/bsd-cygwin_util.h
> +++ b/openbsd-compat/bsd-cygwin_util.h
> @@ -44,6 +44,7 @@ typedef void *HANDLE;
>     windows headers, so we have to define them here explicitely. */
>  extern HANDLE cygwin_logon_user (const struct passwd *, const char *);
>  extern void cygwin_set_impersonation_token (const HANDLE);
> +extern uid_t cygwin_valid_sys_dir_owner(uid_t uid);
>  
>  #include <sys/cygwin.h>
>  #include <io.h>
> -- 
> 2.14.3
> 
> 
> Corinna
> 
> -- 
> Corinna Vinschen                  Please, send mails regarding Cygwin to
> Cygwin Maintainer                 cygwin AT cygwin DOT com
> Red Hat



-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-apps/attachments/20180409/df08d689/attachment.sig>

More information about the Cygwin-apps mailing list