[PATCH] bsd-cygwin_util.c: Relax pubkey authentication prerequisites

Corinna Vinschen vinschen at redhat.com
Sun Apr 18 20:15:14 EST 2004 

Hi,

is it possible to apply the below patch before 3.8.1p1 comes out?

Due to a posting on the Cygwin mailing list it turned out, that the
prerequisites to allow public key authentication where to tight.
Since Cygwin version 1.5.x the so called `ntsec' setting isn't require
anymore to allow switching user context without password. 

The below patch to bsd-cygwin_util.c fixes the test for that.


Thanks in advance,
Corinna


Index: openbsd-compat/bsd-cygwin_util.c
===================================================================
RCS file: /cvs/openssh_cvs/openbsd-compat/bsd-cygwin_util.c,v
retrieving revision 1.11
diff -p -u -r1.11 bsd-cygwin_util.c
--- openbsd-compat/bsd-cygwin_util.c	7 Aug 2003 06:23:43 -0000	1.11
+++ openbsd-compat/bsd-cygwin_util.c	18 Apr 2004 10:13:03 -0000
@@ -77,6 +77,7 @@ binary_pipe(int fd[2])
 
 #define HAS_CREATE_TOKEN 1
 #define HAS_NTSEC_BY_DEFAULT 2
+#define HAS_CREATE_TOKEN_WO_NTSEC 3
 
 static int 
 has_capability(int what)
@@ -84,6 +85,7 @@ has_capability(int what)
 	static int inited;
 	static int has_create_token;
 	static int has_ntsec_by_default;
+	static int has_create_token_wo_ntsec;
 
 	/* 
 	 * has_capability() basically calls uname() and checks if
@@ -113,6 +115,9 @@ has_capability(int what)
 				has_create_token = 1;
 			if (api_major_version > 0 || api_minor_version >= 56)
 				has_ntsec_by_default = 1;
+			if (major_high > 1 ||
+			    (major_high == 1 && major_low >= 5))
+				has_create_token_wo_ntsec = 1;
 			inited = 1;
 		}
 	}
@@ -121,6 +126,8 @@ has_capability(int what)
 		return (has_create_token);
 	case HAS_NTSEC_BY_DEFAULT:
 		return (has_ntsec_by_default);
+	case HAS_CREATE_TOKEN_WO_NTSEC:
+		return (has_create_token_wo_ntsec);
 	}
 	return (0);
 }
@@ -151,7 +158,8 @@ check_nt_auth(int pwd_authenticated, str
 			if (has_capability(HAS_CREATE_TOKEN) &&
 			    (ntsec_on(cygwin) ||
 			    (has_capability(HAS_NTSEC_BY_DEFAULT) &&
-			    !ntsec_off(cygwin))))
+			     !ntsec_off(cygwin)) ||
+			     has_capability(HAS_CREATE_TOKEN_WO_NTSEC)))
 				has_create_token = 1;
 		}
 		if (has_create_token < 1 &&

-- 
Corinna Vinschen
Cygwin Co-Project Leader
Red Hat, Inc.

More information about the openssh-unix-dev mailing list