This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: [IMPORTANT]: New code in Cygwin 1.3.2 allowing to change user context without password


On Tue, May 29, 2001 at 06:47:44AM -0700, Karl M wrote:
> Hi Corinna...
> 
> I guess I just wanted to make sure that tokens constructed with a password 
> would be available in the future as well.

An error in the 1.3.2 code prevents that it always works. Actually
the explicitely given token should be used when it's available and
the token's user SID is equal to the SID in the /etc/passwd entry
of the uid, given as parameter to seteuid().

Hmm, sounds somewhat complicated.

In other words:

- sshd creates a user token from username/password.
- The uid of that user is 1234 in /etc/passwd.
- sshd calls seteuid(1234).

What happens in seteuid()?

- seteuid() looks into /etc/passwd for uid 1234.
- It extracts the SID from that entry.
- is a token already available?
  - No -> create a new one.
  - Yes -> is that SID == the token's SID?
    - No -> create a new one.
    - Yes -> use the already available token.

That _should_ happen but it only happens in the current developers
version of Cygwin, not in 1.3.2.

However, in 1.3.2 it probably works if the primary group of the
user in /etc/passwd is the same as the primary group in Windows
(always "None" on standalone systems) and the /etc/group entry of
that group contains the correct SID. Check it out.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]