- (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.c

auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h} openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old version of Cygwin. Patch from vinschen at redhat com.
2009-03-08 11:40:27 +11:00 · 2009-03-08 11:40:27 +11:00 · 9d86e5d570
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+20090308
+ - (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.c
+   auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h}
+   openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old
+   version of Cygwin.  Patch from vinschen at redhat com.
+
 20090307
 - (dtucker) [contrib/aix/buildbff.sh] Only try to rename ssh_prng_cmds if it
   exists (it's not created if OpenSSL's PRNG is self-seeded, eg if the OS
--- a/auth-passwd.c
+++ b/auth-passwd.c
@ -102,7 +102,7 @@ auth_password(Authctxt *authctxt, const char *password)
 	}
 #endif
 #ifdef HAVE_CYGWIN
-	if (is_winnt) {
+	{
 		HANDLE hToken = cygwin_logon_user(pw, password);

 		if (hToken == INVALID_HANDLE_VALUE)
--- a/auth1.c
+++ b/auth1.c
@ -318,15 +318,7 @@ do_authloop(Authctxt *authctxt)
 		}
 #endif /* _UNICOS */

-#ifdef HAVE_CYGWIN
-		if (authenticated &&
-		    !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,
-		    authctxt->pw)) {
-			packet_disconnect("Authentication rejected for uid %d.",
-			    authctxt->pw == NULL ? -1 : authctxt->pw->pw_uid);
-			authenticated = 0;
-		}
-#else
+#ifndef HAVE_CYGWIN
 		/* Special handling for root */
 		if (authenticated && authctxt->pw->pw_uid == 0 &&
 		    !auth_root_allowed(meth->name)) {
--- a/auth2-kbdint.c
+++ b/auth2-kbdint.c
@ -58,10 +58,6 @@ userauth_kbdint(Authctxt *authctxt)

 	xfree(devs);
 	xfree(lang);
-#ifdef HAVE_CYGWIN
-	if (check_nt_auth(0, authctxt->pw) == 0)
-		authenticated = 0;
-#endif
 	return authenticated;
 }

--- a/auth2-none.c
+++ b/auth2-none.c
@ -61,10 +61,6 @@ userauth_none(Authctxt *authctxt)
 {
 	none_enabled = 0;
 	packet_check_eom();
-#ifdef HAVE_CYGWIN
-	if (check_nt_auth(1, authctxt->pw) == 0)
-		return (0);
-#endif
 	if (options.password_authentication)
 		return (PRIVSEP(auth_password(authctxt, "")));
 	return (0);
--- a/auth2-passwd.c
+++ b/auth2-passwd.c
@ -68,10 +68,6 @@ userauth_passwd(Authctxt *authctxt)
 		logit("password change not supported");
 	else if (PRIVSEP(auth_password(authctxt, password)) == 1)
 		authenticated = 1;
-#ifdef HAVE_CYGWIN
-	if (check_nt_auth(1, authctxt->pw) == 0)
-		authenticated = 0;
-#endif
 	memset(password, 0, len);
 	xfree(password);
 	return authenticated;
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@ -170,10 +170,6 @@ done:
 		key_free(key);
 	xfree(pkalg);
 	xfree(pkblob);
-#ifdef HAVE_CYGWIN
-	if (check_nt_auth(0, authctxt->pw) == 0)
-		authenticated = 0;
-#endif
 	return authenticated;
 }

--- a/openbsd-compat/bsd-cygwin_util.c
+++ b/openbsd-compat/bsd-cygwin_util.c
@ -39,9 +39,6 @@
 #endif

 #include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/utsname.h>
-#include <sys/vfs.h>

 #include <fcntl.h>
 #include <stdlib.h>
@ -49,11 +46,6 @@
 #include <windows.h>

 #include "xmalloc.h"
-#define is_winnt       (GetVersion() < 0x80000000)
-
-#define ntsec_on(c)	((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
-#define ntsec_off(c)	((c) && strstr((c),"nontsec"))
-#define ntea_on(c)	((c) && strstr((c),"ntea") && !strstr((c),"nontea"))

 int 
 binary_open(const char *filename, int flags, ...)
@ -79,128 +71,12 @@ binary_pipe(int fd[2])
 	return (ret);
 }

-#define HAS_CREATE_TOKEN 1
-#define HAS_NTSEC_BY_DEFAULT 2
-#define HAS_CREATE_TOKEN_WO_NTSEC 3
-
-static int 
-has_capability(int what)
-{
-	static int inited;
-	static int has_create_token;
-	static int has_ntsec_by_default;
-	static int has_create_token_wo_ntsec;
-
-	/* 
-	 * has_capability() basically calls uname() and checks if
-	 * specific capabilities of Cygwin can be evaluated from that.
-	 * This simplifies the calling functions which only have to ask
-	 * for a capability using has_capability() instead of having
-	 * to figure that out by themselves.
-	 */
-	if (!inited) {
-		struct utsname uts;
-		
-		if (!uname(&uts)) {
-			int major_high = 0, major_low = 0, minor = 0;
-			int api_major_version = 0, api_minor_version = 0;
-			char *c;
-
-			sscanf(uts.release, "%d.%d.%d", &major_high,
-			    &major_low, &minor);
-			if ((c = strchr(uts.release, '(')) != NULL) {
-				sscanf(c + 1, "%d.%d", &api_major_version,
-				    &api_minor_version);
-			}
-			if (major_high > 1 ||
-			    (major_high == 1 && (major_low > 3 ||
-			    (major_low == 3 && minor >= 2))))
-				has_create_token = 1;
-			if (api_major_version > 0 || api_minor_version >= 56)
-				has_ntsec_by_default = 1;
-			if (major_high > 1 ||
-			    (major_high == 1 && major_low >= 5))
-				has_create_token_wo_ntsec = 1;
-			inited = 1;
-		}
-	}
-	switch (what) {
-	case HAS_CREATE_TOKEN:
-		return (has_create_token);
-	case HAS_NTSEC_BY_DEFAULT:
-		return (has_ntsec_by_default);
-	case HAS_CREATE_TOKEN_WO_NTSEC:
-		return (has_create_token_wo_ntsec);
-	}
-	return (0);
-}
-
-int
-check_nt_auth(int pwd_authenticated, struct passwd *pw)
-{
-	/*
-	* The only authentication which is able to change the user
-	* context on NT systems is the password authentication. So
-	* we deny all requsts for changing the user context if another
-	* authentication method is used.
-	*
-	* This doesn't apply to Cygwin versions >= 1.3.2 anymore which
-	* uses the undocumented NtCreateToken() call to create a user
-	* token if the process has the appropriate privileges and if
-	* CYGWIN ntsec setting is on.
-	*/
-	static int has_create_token = -1;
-
-	if (pw == NULL)
-		return 0;
-	if (is_winnt) {
-		if (has_create_token < 0) {
-			char *cygwin = getenv("CYGWIN");
-
-			has_create_token = 0;
-			if (has_capability(HAS_CREATE_TOKEN) &&
-			    (ntsec_on(cygwin) ||
-			    (has_capability(HAS_NTSEC_BY_DEFAULT) &&
-			     !ntsec_off(cygwin)) ||
-			     has_capability(HAS_CREATE_TOKEN_WO_NTSEC)))
-				has_create_token = 1;
-		}
-		if (has_create_token < 1 &&
-		    !pwd_authenticated && geteuid() != pw->pw_uid)
-			return (0);
-	}
-	return (1);
-}
-
 int
 check_ntsec(const char *filename)
 {
 	return (pathconf(filename, _PC_POSIX_PERMISSIONS));
 }

-void
-register_9x_service(void)
-{
-        HINSTANCE kerneldll;
-        DWORD (*RegisterServiceProcess)(DWORD, DWORD);
-
-	/* The service register mechanism in 9x/Me is pretty different from
-	 * NT/2K/XP.  In NT/2K/XP we're using a special service starter
-	 * application to register and control sshd as service.  This method
-	 * doesn't play nicely with 9x/Me.  For that reason we register here
-	 * as service when running under 9x/Me.  This function is only called
-	 * by the child sshd when it's going to daemonize.
-	 */
-	if (is_winnt)
-		return;
-	if (!(kerneldll = LoadLibrary("KERNEL32.DLL")))
-		return;
-	if (!(RegisterServiceProcess = (DWORD (*)(DWORD, DWORD))
-		GetProcAddress(kerneldll, "RegisterServiceProcess")))
-		return;
-	RegisterServiceProcess(0, 1);
-}
-
 #define NL(x) x, (sizeof (x) - 1)
 #define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0]))

--- a/openbsd-compat/bsd-cygwin_util.h
+++ b/openbsd-compat/bsd-cygwin_util.h
@ -1,4 +1,4 @@
-/* $Id: bsd-cygwin_util.h,v 1.11 2004/08/30 10:42:08 dtucker Exp $ */
+/* $Id: bsd-cygwin_util.h,v 1.12 2009/03/08 00:40:28 dtucker Exp $ */

 /*
 * Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com>
@ -35,7 +35,6 @@
 #ifdef HAVE_CYGWIN

 #undef ERROR
-#define is_winnt       (GetVersion() < 0x80000000)

 #include <windows.h>
 #include <sys/cygwin.h>
@ -43,9 +42,7 @@

 int binary_open(const char *, int , ...);
 int binary_pipe(int fd[2]);
-int check_nt_auth(int, struct passwd *);
 int check_ntsec(const char *);
-void register_9x_service(void);
 char **fetch_windows_environment(void);
 void free_windows_environment(char **);

--- a/openbsd-compat/daemon.c
+++ b/openbsd-compat/daemon.c
@ -57,18 +57,8 @@ daemon(int nochdir, int noclose)
 	case -1:
 		return (-1);
 	case 0:
-#ifdef HAVE_CYGWIN
-		register_9x_service();
-#endif
 		break;
 	default:
-#ifdef HAVE_CYGWIN
-		/*
-		 * This sleep avoids a race condition which kills the
-		 * child process if parent is started by a NT/W2K service.
-		 */
-		sleep(1);
-#endif
 		_exit(0);
 	}

--- a/session.c
+++ b/session.c
@ -571,8 +571,7 @@ do_exec_no_pty(Session *s, const char *command)
 	signal(WJSIGNAL, cray_job_termination_handler);
 #endif /* _UNICOS */
 #ifdef HAVE_CYGWIN
-	if (is_winnt)
-		cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
+	cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
 #endif

 	s->pid = pid;
@ -726,8 +725,7 @@ do_exec_pty(Session *s, const char *command)
 	signal(WJSIGNAL, cray_job_termination_handler);
 #endif /* _UNICOS */
 #ifdef HAVE_CYGWIN
-	if (is_winnt)
-		cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
+	cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
 #endif

 	s->pid = pid;
@ -1116,7 +1114,7 @@ do_setup_env(Session *s, const char *shell)
 	u_int i, envsize;
 	char **env, *laddr;
 	struct passwd *pw = s->pw;
-#ifndef HAVE_LOGIN_CAP
+#if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN)
 	char *path = NULL;
 #endif

@ -1551,9 +1549,6 @@ do_setusercontext(struct passwd *pw)
 #endif
 	}

-#ifdef HAVE_CYGWIN
-	if (is_winnt)
-#endif
 	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
 		fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);