Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Wed, 4 May 2005 11:02:41 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: SSHD key based authentication hangs cscript
Message-ID: <20050504090241.GE31567@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <200505040116 DOT j441GuC02021 AT webmail DOT pulsemining DOT com DOT au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200505040116.j441GuC02021@webmail.pulsemining.com.au>
User-Agent: Mutt/1.4.2i

On May  4 11:15, Stuart Westbury wrote:
> "There are actually two problems here: 1) a problem with CygWin/OpenSSH
> (after  public  key  authentication  GetUserName()  returns  incorrect
> value)..........."
> 
> Is this my problem?

No, that's our problem.  There's nothing we can do about it, I'm sorry.

What happens is this:  When sshd calls seteuid(), the Cygwin DLL creates
a new user token based on the information in the SAM and Cygwin's /etc/passwd
and /etc/group files.  Nothing wrong with that, but since this happens
in user land and not within a registered Windows authentication package,
there's a problem here.  The new sub process still runs in the authenticated
session for the SYSTEM resp. the sshd_server user.  Even though the new
user token contains all the correct information otherwise, it doesn't
contain a new session identifier since as a non-authentication package,
it can't create its own session identifier.  This has the unfortunate
result, that Windows functions still return the name resp. SID of the user
who started the original process (SYSTEM/sshd_server).  From my point of
view this is a bug in Windows, but who am I to be asked?

This doesn't happen when using password authentication because in this
case the authentication is done by the standard authentication package
and a new, shiny session identifier is added to the new user token.


And the second question is what?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/