Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Sat, 27 Jul 2002 11:16:09 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Future ntsec-detection problem in sshd (Re: winsup/cygwin ChangeLog security.cc)
Message-ID: <20020727111609.O3921@cygbert.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <20020725170413 DOT 3469 DOT qmail AT sources DOT redhat DOT com> <005d01c23417$27a656e0$0100a8c0 AT wdg DOT uk DOT ibm DOT com> <20020726102233 DOT V3921 AT cygbert DOT vinschen DOT de> <021301c234eb$a8d6bf00$0100a8c0 AT wdg DOT uk DOT ibm DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <021301c234eb$a8d6bf00$0100a8c0@wdg.uk.ibm.com>
User-Agent: Mutt/1.3.22.1i

On Fri, Jul 26, 2002 at 10:23:45PM +0100, Max Bowsher wrote:
> Corinna Vinschen wrote:
> > On Thu, Jul 25, 2002 at 09:09:16PM +0100, Max Bowsher wrote:
> >>> CVS Log message:
> >>> * security.cc (allow_ntsec): Default to on.
> >>
> >> A good idea, but I just want to mention a problem that will
> >> eventually arise with sshd.
> >>
> >> It currently checks whether ntsec is enabled by examining the CYGWIN
> >> environment variable. This means that if ntsec is defaulted to on,
> >> without ntsec appearing in the CYGWIN env var, that code now
> >> requires reworking. The location of this now-problematic code in ssh
> >> is check_nt_auth in file openbsd-compat/bsd-cygwin_util.c.
> >
> > Thanks for the heads up.  I have to add a version check then.
> 
> Perhaps is would be better to add a 'bool is_ntsec_enabled();' function to
> cygwin1.dll?

Perhaps.  OTOH I'd have to load that function dynamically inside of
sshd so that it still runs on older versions of the Cygwin dll.  And
if the function doesn't exist, I'd have to check ntsec still using
the old method.  Hmm.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/