OpenSSH 5.1: call for testing

Tue Jul 15 07:20:58 EST 2008

On Jul 14 14:10, Corinna Vinschen wrote:
> On Jul 14 21:38, Damien Miller wrote:
> > > Below you'll find a patch which fixes that problem in fake-rfc2553.c.
> > > Tested on Cygwin 1.5.25.
> > 
> > Applied - thanks.

Below is another patch which simplifies the test for POSIX file security
in Cygwin.  The functionality implemented in check_ntsec() is already
present in the Cygwin DLL for about seven years and accessible through
pathconf(3).  In fact, in Cygwin 1.7, this will be the *only* valid
interface to check for POSIX file security, since the global
"CYGWIN=ntsec" environment option will be dropped in favor of a
per-mount option.

Another question is this:  The has_capability function requests Cygwin
version information to figure out if specific features are available.
The newest of the requested capabilities exists since Cygwin 1.5.0,
which has been release in 2003, five years ago.  Older versions of
Cygwin are long out of support.  That's why I would like to ask, if it
isn't time to drop the whole has_capability() function as well as the
check_nt_auth() function and to remove calling this Cygwin-specific
function throughout OpenSSH.  Right now it's called in auth1.c,
auth2-pubkey.c, auth2-passwd.c, auth2-none.c and auth2-kbdint.c.
That's a lot of #ifdef HAVE_CYGWIN which could go away :)


Corinna


Index: openbsd-compat/bsd-cygwin_util.c
===================================================================
RCS file: /cvs/openssh/openbsd-compat/bsd-cygwin_util.c,v
retrieving revision 1.19
diff -u -p -r1.19 bsd-cygwin_util.c

--- openbsd-compat/bsd-cygwin_util.c	1 Sep 2006 09:29:01 -0000	1.19
+++ openbsd-compat/bsd-cygwin_util.c	14 Jul 2008 21:01:36 -0000
@@ -175,45 +175,7 @@ check_nt_auth(int pwd_authenticated, str
 int
 check_ntsec(const char *filename)
 {
-	char *cygwin;
-	int allow_ntea = 0, allow_ntsec = 0;
-	struct statfs fsstat;
-
-	/* Windows 95/98/ME don't support file system security at all. */
-	if (!is_winnt)
-		return (0);
-
-	/* Evaluate current CYGWIN settings. */
-	cygwin = getenv("CYGWIN");
-	allow_ntea = ntea_on(cygwin);
-	allow_ntsec = ntsec_on(cygwin) ||
-	    (has_capability(HAS_NTSEC_BY_DEFAULT) && !ntsec_off(cygwin));
-
-	/*
-	 * `ntea' is an emulation of POSIX attributes. It doesn't support
-	 * real file level security as ntsec on NTFS file systems does
-	 * but it supports FAT filesystems. `ntea' is minimum requirement
-	 * for security checks.
-	 */
-	if (allow_ntea)
-		return (1);
-
-	/*
-	 * Retrieve file system flags. In Cygwin, file system flags are
-	 * copied to f_type which has no meaning in Win32 itself.
-	 */
-	if (statfs(filename, &fsstat))
-		return (1);
-
-	/*
-	 * Only file systems supporting ACLs are able to set permissions.
-	 * `ntsec' is the setting in Cygwin which switches using of NTFS
-	 * ACLs to support POSIX permissions on files.
-	 */
-	if (fsstat.f_type & FS_PERSISTENT_ACLS)
-		return (allow_ntsec);
-
-	return (0);
+	return (pathconf(filename, _PC_POSIX_PERMISSIONS));
 }
 
 void

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
