OpenSSH 5.1: call for testing
Damien Miller
djm at mindrot.org
Thu Jul 17 07:39:46 EST 2008
On Wed, 16 Jul 2008, Corinna Vinschen wrote:
> Ping?
This will be post-5.1. Could you file is as a bug so it doesn't get lost?
-d
> On Jul 14 23:20, Corinna Vinschen wrote:
> > On Jul 14 14:10, Corinna Vinschen wrote:
> > > On Jul 14 21:38, Damien Miller wrote:
> > > > > Below you'll find a patch which fixes that problem in fake-rfc2553.c.
> > > > > Tested on Cygwin 1.5.25.
> > > >
> > > > Applied - thanks.
> >
> > Below is another patch which simplifies the test for POSIX file security
> > in Cygwin. The functionality implemented in check_ntsec() is already
> > present in the Cygwin DLL for about seven years and accessible through
> > pathconf(3). In fact, in Cygwin 1.7, this will be the *only* valid
> > interface to check for POSIX file security, since the global
> > "CYGWIN=ntsec" environment option will be dropped in favor of a
> > per-mount option.
> >
> > Another question is this: The has_capability function requests Cygwin
> > version information to figure out if specific features are available.
> > The newest of the requested capabilities exists since Cygwin 1.5.0,
> > which has been release in 2003, five years ago. Older versions of
> > Cygwin are long out of support. That's why I would like to ask, if it
> > isn't time to drop the whole has_capability() function as well as the
> > check_nt_auth() function and to remove calling this Cygwin-specific
> > function throughout OpenSSH. Right now it's called in auth1.c,
> > auth2-pubkey.c, auth2-passwd.c, auth2-none.c and auth2-kbdint.c.
> > That's a lot of #ifdef HAVE_CYGWIN which could go away :)
> >
> >
> > Corinna
> >
> >
> > Index: openbsd-compat/bsd-cygwin_util.c
> > ===================================================================
> > RCS file: /cvs/openssh/openbsd-compat/bsd-cygwin_util.c,v
> > retrieving revision 1.19
> > diff -u -p -r1.19 bsd-cygwin_util.c
> > --- openbsd-compat/bsd-cygwin_util.c 1 Sep 2006 09:29:01 -0000 1.19
> > +++ openbsd-compat/bsd-cygwin_util.c 14 Jul 2008 21:01:36 -0000
> > @@ -175,45 +175,7 @@ check_nt_auth(int pwd_authenticated, str
> > int
> > check_ntsec(const char *filename)
> > {
> > - char *cygwin;
> > - int allow_ntea = 0, allow_ntsec = 0;
> > - struct statfs fsstat;
> > -
> > - /* Windows 95/98/ME don't support file system security at all. */
> > - if (!is_winnt)
> > - return (0);
> > -
> > - /* Evaluate current CYGWIN settings. */
> > - cygwin = getenv("CYGWIN");
> > - allow_ntea = ntea_on(cygwin);
> > - allow_ntsec = ntsec_on(cygwin) ||
> > - (has_capability(HAS_NTSEC_BY_DEFAULT) && !ntsec_off(cygwin));
> > -
> > - /*
> > - * `ntea' is an emulation of POSIX attributes. It doesn't support
> > - * real file level security as ntsec on NTFS file systems does
> > - * but it supports FAT filesystems. `ntea' is minimum requirement
> > - * for security checks.
> > - */
> > - if (allow_ntea)
> > - return (1);
> > -
> > - /*
> > - * Retrieve file system flags. In Cygwin, file system flags are
> > - * copied to f_type which has no meaning in Win32 itself.
> > - */
> > - if (statfs(filename, &fsstat))
> > - return (1);
> > -
> > - /*
> > - * Only file systems supporting ACLs are able to set permissions.
> > - * `ntsec' is the setting in Cygwin which switches using of NTFS
> > - * ACLs to support POSIX permissions on files.
> > - */
> > - if (fsstat.f_type & FS_PERSISTENT_ACLS)
> > - return (allow_ntsec);
> > -
> > - return (0);
> > + return (pathconf(filename, _PC_POSIX_PERMISSIONS));
> > }
> >
> > void
> >
> > --
> > Corinna Vinschen
> > Cygwin Project Co-Leader
> > Red Hat
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
> --
> Corinna Vinschen
> Cygwin Project Co-Leader
> Red Hat
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list