[Bug 1113] Add Interix authentication support

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Nov 6 02:42:58 EST 2005


http://bugzilla.mindrot.org/show_bug.cgi?id=1113





------- Comment #3 from tv at pobox.com  2005-11-06 02:42 -------
> >+#ifdef HAVE_INTERIX
> >+        result = (!setuser(pw->pw_name, password, SU_CHECK);
> >+#else
> > 	result = sys_auth_passwd(authctxt, password);
> >+#endif
> 
> This is exactly the kind of thing the sys_auth_passwd abstraction is designed
> to avoid.  The correct way to do this is to implement your own
> sys_auth_passwd() and define CUSTOM_SYS_AUTH_PASSWD.

Will do, and will resubmit patch at that time.

> >+#ifndef HAVE_INTERIX
> > 			case ' ':
> >+#endif
> 
> Why this change?

Interix users and groups are allowed to have spaces in them.  (This is 
because Interix is a Unix layer on top of Windows, similar to Cygwin but 
working at a much lower NT level.)

> >+# if !defined(HAVE_INTERIX)
> > 		/* Initialize the group list. */
> > 		if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
> > 			perror("initgroups");
> > 			exit(1);
> > 		}
> >+# endif /* !HAVE_INTERIX */
> 
> Does Interix have initgroups()?  If not, just implement initgroups() as a null
> function that just returns zero.  Ditto setgroups.

OK, will do.  There used to be a no-op setgroups() that was used for Cygwin 
too, but it disappeared early in 2005.  I'll have to track back to find 
which portable release had it last, and merge it back in.

> >+#ifdef HAVE_INTERIX
> >+		use_privsep = 0;
> >+#else
> > 		use_privsep = 1;
> >+#endif
> 
> Why doesn't privsep work?  Does defining DISABLE_FD_PASSING make preauth
> privsep work?  (That's what Cygwin and a number of other platforms do.)

I can't remember why this was here, but last time I looked, 
DISABLE_FD_PASSING wasn't enough.  I'll check again and resubmit.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list