[PATCH]: Cygwin port of 2.2.0p1

Corinna Vinschen vinschen at cygnus.com
Wed Sep 6 21:48:07 EST 2000


Andrew Zabolotny wrote:
> On Tue, 05 Sep 2000 18:35:19 +0200, Corinna Vinschen wrote:
> >That's impossible. Windows doesn't check that you are some sort
> >of special user which has the right to use ports < 1024. Everyone
> >may use that ports. As mentioned above the membership in a user
> >group doesn't mean much. To get things worse, think of W95/W98
> >which doesn't know of the concept of different users either.
> 
> This can be solved by defining a macro like this:
> 
> #ifndef USER_IS_ROOT
> #define USER_IS_ROOT(name,uid) (uid == 0)
> #endif
> 
> and in respective system-dependent header files to define something like this:
> 
> #define USER_IS_ROOT(name,uid) w32_user_is_root(name)
> extern int w32_user_is_root(char *name);
> 
> This approach also have the plus that it does not need to be implemented
> immediately for win32, it is just a outlet to which you can later connect any
> code (for any other platform).

This would have the disadvantage that each request for uid 0 (25 source
lines or so) has to be changed but it would be ok with me. The first
implementation of w32_user_is_root() would always return TRUE (at least
for 9X/ME).

> >Yes. Without special authentication packages you have no chance
> >to change the user context without knowing the NT password of that
> >user.
> Well, if you have administrator rights this should be possible, but maybe is
> not straightforward. Something like "change user's password to empty, login
> with empty password, change password back" should be definitely possible. But
> this is kinda clumsy and results in a race condition. There could be other ways
> to do that.

There have to be other ways to do that since the above isn't possible.

- Administrators (it's a group of users, not a user) is a local group.
  It has _no_ permissions to change the security database of the domain
  controller if they are not (by chance) member of the domain admins.

- Nobody has access to users passwords, neither cleartext nor hashed, as
  long as it isn't a process running as LSA authentication package
  which is running in a very special environment in kernel context
  and which has to be a special shared library.

- The password you used for login is saved in your login credentials and
  they are used for your access to SMB shares. If you haven't used the
  correct users password, you have no access to that shares. 

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                        mailto:cygwin at sources.redhat.com
Red Hat, Inc.
mailto:vinschen at cygnus.com




More information about the openssh-unix-dev mailing list