Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Date: Tue, 29 May 2001 16:13:57 +0200
From: Corinna Vinschen <cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: [IMPORTANT]: New code in Cygwin 1.3.2 allowing to change user context without password
Message-ID: <20010529161357.E19418@cygbert.vinschen.de>
Mail-Followup-To: cygwin AT cygwin DOT com
References: <F44elKWQTHL2bti2SbP000084dc AT hotmail DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <F44elKWQTHL2bti2SbP000084dc@hotmail.com>; from karlm30@hotmail.com on Tue, May 29, 2001 at 06:47:44AM -0700

On Tue, May 29, 2001 at 06:47:44AM -0700, Karl M wrote:
> Hi Corinna...
> 
> I guess I just wanted to make sure that tokens constructed with a password 
> would be available in the future as well.

An error in the 1.3.2 code prevents that it always works. Actually
the explicitely given token should be used when it's available and
the token's user SID is equal to the SID in the /etc/passwd entry
of the uid, given as parameter to seteuid().

Hmm, sounds somewhat complicated.

In other words:

- sshd creates a user token from username/password.
- The uid of that user is 1234 in /etc/passwd.
- sshd calls seteuid(1234).

What happens in seteuid()?

- seteuid() looks into /etc/passwd for uid 1234.
- It extracts the SID from that entry.
- is a token already available?
  - No -> create a new one.
  - Yes -> is that SID == the token's SID?
    - No -> create a new one.
    - Yes -> use the already available token.

That _should_ happen but it only happens in the current developers
version of Cygwin, not in 1.3.2.

However, in 1.3.2 it probably works if the primary group of the
user in /etc/passwd is the same as the primary group in Windows
(always "None" on standalone systems) and the /etc/group entry of
that group contains the correct SID. Check it out.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple