summaryrefslogtreecommitdiff
path: root/auth1.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2000-09-05 16:13:06 +1100
committerDamien Miller <djm@mindrot.org>2000-09-05 16:13:06 +1100
commitbac2d8aa5e642a70045e713853b13d020b9c5d57 (patch)
tree98ddc81efce2273b3dfaff03b51242c988d30abf /auth1.c
parent676092fad0b6edca8f1fe731d7c3a000465a9bef (diff)
- (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>
Diffstat (limited to 'auth1.c')
-rw-r--r--auth1.c25
1 files changed, 25 insertions, 0 deletions
diff --git a/auth1.c b/auth1.c
index b043e8a9..3720a7d2 100644
--- a/auth1.c
+++ b/auth1.c
@@ -23,6 +23,11 @@ RCSID("$OpenBSD: auth1.c,v 1.3 2000/08/20 18:42:40 millert Exp $");
# include <siad.h>
#endif
+#ifdef HAVE_CYGWIN
+#include <windows.h>
+#define is_winnt (GetVersion() < 0x80000000)
+#endif
+
/* import */
extern ServerOptions options;
extern char *forced_command;
@@ -371,6 +376,23 @@ do_authloop(struct passwd * pw)
break;
}
+#ifdef HAVE_CYGWIN
+ /*
+ * The only authentication which is able to change the user
+ * context on NT systems is the password authentication. So
+ * we deny all requsts for changing the user context if another
+ * authentication method is used.
+ * This may change in future when a special openssh
+ * subauthentication package is available.
+ */
+ if (is_winnt && type != SSH_CMSG_AUTH_PASSWORD &&
+ authenticated && geteuid() != pw->pw_uid) {
+ packet_disconnect("Authentication rejected for uid %d.",
+ (int) pw->pw_uid);
+ authenticated = 0;
+ }
+#endif
+
/*
* Check if the user is logging in as root and root logins
* are disallowed.
@@ -491,12 +513,15 @@ do_authentication()
start_pam(pw);
#endif
+#ifndef HAVE_CYGWIN
/*
* If we are not running as root, the user must have the same uid as
* the server.
+ * Rule not valid on Windows systems.
*/
if (getuid() != 0 && pw->pw_uid != getuid())
packet_disconnect("Cannot change user when server not running as root.");
+#endif
debug("Attempting authentication for %.100s.", pw->pw_name);