OpenSSH 5.1: call for testing

Corinna Vinschen vinschen at redhat.com
Wed Jul 16 23:32:16 EST 2008 

Ping?

On Jul 14 23:20, Corinna Vinschen wrote:
> On Jul 14 14:10, Corinna Vinschen wrote:
> > On Jul 14 21:38, Damien Miller wrote:
> > > > Below you'll find a patch which fixes that problem in fake-rfc2553.c.
> > > > Tested on Cygwin 1.5.25.
> > > 
> > > Applied - thanks.
> 
> Below is another patch which simplifies the test for POSIX file security
> in Cygwin.  The functionality implemented in check_ntsec() is already
> present in the Cygwin DLL for about seven years and accessible through
> pathconf(3).  In fact, in Cygwin 1.7, this will be the *only* valid
> interface to check for POSIX file security, since the global
> "CYGWIN=ntsec" environment option will be dropped in favor of a
> per-mount option.
> 
> Another question is this:  The has_capability function requests Cygwin
> version information to figure out if specific features are available.
> The newest of the requested capabilities exists since Cygwin 1.5.0,
> which has been release in 2003, five years ago.  Older versions of
> Cygwin are long out of support.  That's why I would like to ask, if it
> isn't time to drop the whole has_capability() function as well as the
> check_nt_auth() function and to remove calling this Cygwin-specific
> function throughout OpenSSH.  Right now it's called in auth1.c,
> auth2-pubkey.c, auth2-passwd.c, auth2-none.c and auth2-kbdint.c.
> That's a lot of #ifdef HAVE_CYGWIN which could go away :)
> 
> 
> Corinna
> 
> 
> Index: openbsd-compat/bsd-cygwin_util.c
> ===================================================================
> RCS file: /cvs/openssh/openbsd-compat/bsd-cygwin_util.c,v
> retrieving revision 1.19
> diff -u -p -r1.19 bsd-cygwin_util.c
> --- openbsd-compat/bsd-cygwin_util.c	1 Sep 2006 09:29:01 -0000	1.19
> +++ openbsd-compat/bsd-cygwin_util.c	14 Jul 2008 21:01:36 -0000
> @@ -175,45 +175,7 @@ check_nt_auth(int pwd_authenticated, str
>  int
>  check_ntsec(const char *filename)
>  {
> -	char *cygwin;
> -	int allow_ntea = 0, allow_ntsec = 0;
> -	struct statfs fsstat;
> -
> -	/* Windows 95/98/ME don't support file system security at all. */
> -	if (!is_winnt)
> -		return (0);
> -
> -	/* Evaluate current CYGWIN settings. */
> -	cygwin = getenv("CYGWIN");
> -	allow_ntea = ntea_on(cygwin);
> -	allow_ntsec = ntsec_on(cygwin) ||
> -	    (has_capability(HAS_NTSEC_BY_DEFAULT) && !ntsec_off(cygwin));
> -
> -	/*
> -	 * `ntea' is an emulation of POSIX attributes. It doesn't support
> -	 * real file level security as ntsec on NTFS file systems does
> -	 * but it supports FAT filesystems. `ntea' is minimum requirement
> -	 * for security checks.
> -	 */
> -	if (allow_ntea)
> -		return (1);
> -
> -	/*
> -	 * Retrieve file system flags. In Cygwin, file system flags are
> -	 * copied to f_type which has no meaning in Win32 itself.
> -	 */
> -	if (statfs(filename, &fsstat))
> -		return (1);
> -
> -	/*
> -	 * Only file systems supporting ACLs are able to set permissions.
> -	 * `ntsec' is the setting in Cygwin which switches using of NTFS
> -	 * ACLs to support POSIX permissions on files.
> -	 */
> -	if (fsstat.f_type & FS_PERSISTENT_ACLS)
> -		return (allow_ntsec);
> -
> -	return (0);
> +	return (pathconf(filename, _PC_POSIX_PERMISSIONS));
>  }
>  
>  void
> 
> -- 
> Corinna Vinschen
> Cygwin Project Co-Leader
> Red Hat
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat

More information about the openssh-unix-dev mailing list